Jump to content

failed to update microsoft security essentials


Recommended Posts

Welcome to the forum.

Please run a Quick Scan with Malwarebytes like this:
Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.
Make sure that everything is checked, and click Remove Selected.

If you're using Malwarebytes 2.0, please run a Threat Scan

Then....please start HERE <--------

Post back the 2 logs here.....DDS.txt and Attach.txt
(please don't put logs in code or quotes and use the default font)

Don't forget to RogueKiller below

General P2P/Piracy Warning:
 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.


<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes and use the default font)

MrC


Note:
Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly


Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive


<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.


<+>The removal of malware isn't instantaneous, please be patient.


<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs


<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.


------->Your topic will be closed if you haven't replied within 3 days!<--------
(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.04.04.02

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16521

Adam :: ADAM-PC [administrator]

 

04/04/2014 08:11:11

mbam-log-2014-04-04 (08-11-11).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 245593

Time elapsed: 11 minute(s), 32 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume2

Install Date: 18/04/2011 15:50:06

System Uptime: 02/04/2014 13:42:46 (43 hours ago)

.

Motherboard: Acer             |  | Aspire 5741Z    

Processor: Intel® Pentium® CPU        P6000  @ 1.87GHz | CPU | 933/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 284 GiB total, 159.505 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP707: 23/03/2014 09:58:53 - Windows Update

RP708: 26/03/2014 10:10:30 - Windows Update

RP709: 28/03/2014 06:02:47 - Windows Update

RP710: 29/03/2014 05:21:45 - Windows Update

RP711: 29/03/2014 06:01:28 - Installed Microsoft Fix it 50123

RP712: 29/03/2014 06:04:29 - Windows Update

RP713: 01/04/2014 10:25:10 - Windows Update

RP714: 04/04/2014 07:23:52 - Windows Update

.

==== Installed Programs ======================

.

 Update for Microsoft Office 2007 (KB2508958)

1912 Titanic Mystery

3MobileWiFi

Acer Backup Manager

Acer Crystal Eye webcam Ver:1.1.167.331

Acer ePower Management

Acer eRecovery Management

Acer GameZone Console

Acer Registration

Acer ScreenSaver

Acer Updater

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 12 Plugin

Adobe Shockwave Player 11.6

Amazonia

ArcSoft Print Creations

ArcSoft Print Creations - Album Page

ArcSoft Print Creations - Photo Book

ArcSoft TotalMedia HDCam

Avidemux 2.6 (32-bit)

Backup Manager Basic

Big Fish Games: Game Manager

Bing Bar

BlackBerry Desktop Software 6.1

Broadcom Gigabit NetLink Controller

Cake Mania

CCleaner

Chicken Invaders 2

CloudReading

Compatibility Pack for the 2007 Office system

Cookienator

CyberLink PowerDVD 9

D3DX10

Dairy Dash

DHTML Editing Component

Dropbox

eBay Worldwide

ESET Online Scanner v3

eSobi v2

Farm Frenzy 2

Foxit Reader

Freemake Video Converter version 3.2.1

Galapago

Google Chrome

Google Drive

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

GoToAssist Corporate

Granny In Paradise

Heroes of Hellas

Identity Card

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

Java 7 Update 51

Java Auto Updater

Junk Mail filter update

Launch Manager

Lightworks

Maintenance Samsung CLP-320 Series

Malwarebytes Anti-Malware version 1.75.0.1300

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Works

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyTomTom 3.1.0.530

MyWinLocker

MyWinLocker Suite

Norton Online Backup

NTI Backup Now 5

NTI Backup Now Standard

NTI Media Maker 8

OpenOffice.org 3.3

Paint.NET v3.5.10

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Samsung Universal Print Driver 2

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition 

Shredder

Skype™ 6.11

Spin & Win

swMSM

Synaptics Pointing Device Driver

Turbo Lister 2

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Visual Studio C++ 10.0 Runtime

Welcome Center

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Yahoo! Detect

ZTE USB Driver

.

==== Event Viewer Messages From Past Week ========

.

30/03/2014 17:17:20, Error: Service Control Manager [7022]  - The Intel® Management & Security Application User Notification Service service hung on starting.

30/03/2014 17:12:17, Error: Microsoft-Windows-WHEA-Logger [18]  - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache Hierarchy Error Processor ID: 0 The details view of this entry contains further information.

30/03/2014 17:12:00, Error: Service Control Manager [7000]  - The SSPORT service failed to start due to the following error:  The system cannot find the file specified.

30/03/2014 17:12:00, Error: hasplms [3]  - ERROR: Sentinel LDK License Manager failed to start in a promptly manner!

30/03/2014 17:11:47, Error: Service Control Manager [7000]  - The DgiVecp service failed to start due to the following error:  The system cannot find the file specified.

30/03/2014 17:11:42, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa800499c038, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\033014-25256-01.dmp. Report Id: 033014-25256-01.

30/03/2014 17:11:40, Error: Service Control Manager [7023]  - The Microsoft Antimalware Service service terminated with the following error:  %%-2147024894

29/03/2014 05:34:28, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Freemake Improver service to connect.

29/03/2014 05:34:28, Error: Service Control Manager [7000]  - The Freemake Improver service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

04/04/2014 08:30:23, Error: cdrom [11]  - The driver detected a controller error on \Device\CdRom0.

04/04/2014 07:27:48, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.5.216.0 (KB2949787).

03/04/2014 08:03:39, Error: NetBT [4321]  - The name "ADAM-PC        :20" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer.

03/04/2014 08:03:39, Error: NetBT [4321]  - The name "ADAM-PC        :0" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer.

03/04/2014 08:03:38, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{3DD1DAFB-D437-4CDB-B57A-58D7C526D5DA} because another computer on the network has the same name.  The server could not start.

.

==== End Of File ===========================
Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2

Run by Adam at 8:27:14 on 2014-04-04

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.2807.1090 [GMT 1:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\Windows\system32\hasplms.exe

C:\ProgramData\DatacardService\HWDeviceService64.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\WerFault.exe

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\PLFSetI.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Adam\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Windows\Samsung\PanelMgr\SSMMgr.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Windows\Samsung\PanelMgr\caller64.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\splwow64.exe

C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe

C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\notepad.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.


BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [Mobile Partner] C:\Program Files (x86)\3MobileWiFi\3MobileWiFi

uRun: [Cookienator] "C:\Program Files (x86)\Cookienator\cookienator.exe" /auto

uRun: [Google Update] "C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\Adam\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Adam\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Adam\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{3DD1DAFB-D437-4CDB-B57A-58D7C526D5DA} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{3DD1DAFB-D437-4CDB-B57A-58D7C526D5DA}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23

TCP: Interfaces\{3DD1DAFB-D437-4CDB-B57A-58D7C526D5DA}\2445F40756E6A7F6E656 : DHCPNameServer = 192.168.22.22 192.168.22.23

TCP: Interfaces\{3DD1DAFB-D437-4CDB-B57A-58D7C526D5DA}\2456C6B696E6F5E4F5144435C4F5736334030373 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{3DD1DAFB-D437-4CDB-B57A-58D7C526D5DA}\33D4F62696C65675966496D214430363 : DHCPNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{74F3FCC5-9C88-4348-9A8E-9F5784486DE3} : DHCPNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{CF0B85B7-01E7-4459-A45A-EA8E46F8B35C} : DHCPNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{CF1C6892-61D2-470E-BAFD-587A3F1E0AB0} : DHCPNameServer = 192.168.1.254

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe

x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [seagull Drivers] ssdal_nc.exe startup

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\599\G2AWinLogon_x64.dll

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]

R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-1-6 78208]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-4-21 312400]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-7-5 866336]

R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-1-13 100864]

R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]

R2 hasplms;Sentinel Local License Manager;C:\Windows\System32\hasplms.exe  -run --> C:\Windows\System32\hasplms.exe  -run [?]

R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-3-14 346976]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-4-21 13336]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-12 247968]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-4-21 56344]

R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2013-5-29 90112]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-4-21 158720]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-4-21 271872]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-3-21 321064]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-12 193696]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2013-5-29 117248]

S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2013-5-29 14336]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-25 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2013-5-29 104960]

S3 huawei_cdcecm;huawei_cdcecm;C:\Windows\System32\drivers\ew_jucdcecm.sys [2013-5-29 76800]

S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System32\drivers\ew_juextctrl.sys [2013-5-29 30720]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-13 111616]

S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2011-6-13 11776]

S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-4-17 305520]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-21 239136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-21 59392]

S3 ZTEusbnet;ZTE USB-NDIS miniport;C:\Windows\System32\drivers\ZTEusbnet.sys [2011-6-13 135168]

.

=============== Created Last 30 ================

.

2014-04-04 06:35:02 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{94E20C07-1B6E-467E-ADE1-B631A931EFC6}\mpengine.dll

2014-04-04 06:25:09 -------- d-----w- C:\ee02bc381fee627990e7247765b17f

2014-04-03 21:48:40 -------- d-----w- C:\Users\Adam\AppData\Local\{028343D6-85B4-4FAA-9879-C6555C19D89C}

2014-04-03 09:46:50 -------- d-----w- C:\Users\Adam\AppData\Local\{A5D13CE0-8239-4FEC-ABF0-0DCDDBA5FB40}

2014-04-02 19:19:11 -------- d-----w- C:\Users\Adam\AppData\Local\{F76335AD-9C4E-4A5C-BBAF-F51686525EF1}

2014-04-02 07:18:58 -------- d-----w- C:\Users\Adam\AppData\Local\{3C136F17-7097-47C0-A5AC-33B31754D5DC}

2014-04-01 19:18:45 -------- d-----w- C:\Users\Adam\AppData\Local\{83519622-FBD5-4A94-86C5-295E718E5CBE}

2014-04-01 09:26:14 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2014-03-31 19:06:24 -------- d-----w- C:\Users\Adam\AppData\Local\{BABBCC2F-473A-4663-AC31-647327A4BDE9}

2014-03-31 07:06:11 -------- d-----w- C:\Users\Adam\AppData\Local\{D8833EE2-EE75-483F-B539-BC506008AD31}

2014-03-30 17:36:33 -------- d-----w- C:\Users\Adam\AppData\Local\{A5A9BE8D-49CD-40DB-B5DB-98140D703F91}

2014-03-30 05:15:34 -------- d-----w- C:\Users\Adam\AppData\Local\{AA63A39A-044F-4761-B7A9-758903434CAF}

2014-03-29 17:00:44 -------- d-----w- C:\Users\Adam\AppData\Local\{687008CC-EE43-4D84-9B21-EF70B69AF5CA}

2014-03-28 18:50:38 -------- d-----w- C:\Users\Adam\AppData\Local\{7C1886E0-7D2C-4287-9D8E-7B08602B8103}

2014-03-28 06:28:45 -------- d-----w- C:\Users\Adam\AppData\Local\{3314F94B-900D-41BB-8605-611CA27727E9}

2014-03-28 06:04:49 -------- d-----w- C:\Windows\Temp6C4F1ED9-F7AC-6904-A079-795ECCB44824-Signatures

2014-03-27 18:28:21 -------- d-----w- C:\Users\Adam\AppData\Local\{CA110284-A9EC-48E3-8F24-6BDEABEE3996}

2014-03-27 06:28:08 -------- d-----w- C:\Users\Adam\AppData\Local\{A0EC3CB1-92E4-4404-A84D-EF11CEB92B15}

2014-03-27 05:27:36 10521840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F36F74DF-C354-420A-8AA8-31E3C5AC54D2}\mpengine.dll

2014-03-26 18:01:18 -------- d-----w- C:\Users\Adam\AppData\Local\{6148E818-AFC7-44C1-9C6E-2B5194B3C48D}

2014-03-26 10:12:30 10521840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-03-26 05:58:39 -------- d-----w- C:\Users\Adam\AppData\Local\{227A5C99-4AD1-4420-BCE7-EEA0A87543F5}

2014-03-25 12:29:01 -------- d-----w- C:\Users\Adam\AppData\Local\{C8B663A5-A6C7-473E-9B07-672D563FB44D}

2014-03-25 09:18:32 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{32ED745E-C478-496D-B905-47E92C389217}\gapaengine.dll

2014-03-24 21:47:42 -------- d-----w- C:\Users\Adam\AppData\Local\{4FEE1CCE-23B7-483E-9C87-34EE08D60946}

2014-03-24 10:21:52 -------- d-----w- C:\Users\Adam\AppData\Local\{04DAC2C2-FCB1-44FA-B05B-806635B10269}

2014-03-23 21:48:06 -------- d-----w- C:\Users\Adam\AppData\Local\{020EA083-AA8C-4136-8C55-98A4B203A46E}

2014-03-23 09:47:49 -------- d-----w- C:\Users\Adam\AppData\Local\{8BB9C313-945F-41A3-942A-F165764E5A27}

2014-03-22 20:13:17 -------- d-----w- C:\Users\Adam\AppData\Local\{FF1AB0B0-23F8-4861-B4FD-A47DF4918BBE}

2014-03-22 08:12:53 -------- d-----w- C:\Users\Adam\AppData\Local\{769B5502-F5FA-44E6-9308-569ABCFF6F31}

2014-03-21 20:12:23 -------- d-----w- C:\Users\Adam\AppData\Local\{5F7EB489-70F2-431B-86EC-ADA0B0787F08}

2014-03-21 07:16:08 -------- d-----w- C:\Users\Adam\AppData\Local\{499462BF-4E29-4A80-9BCF-99A6DC8327D7}

2014-03-20 14:38:11 -------- d-----w- C:\Users\Adam\AppData\Local\{51641B17-3F28-4CAF-A4C2-ED3CE1BA09E8}

2014-03-19 23:42:06 -------- d-----w- C:\Users\Adam\AppData\Local\{9C4926CD-AA68-415B-9DAB-E0FCBBFA55E7}

2014-03-19 11:41:50 -------- d-----w- C:\Users\Adam\AppData\Local\{F68CE423-0868-4877-A185-34C26B992734}

2014-03-18 23:41:37 -------- d-----w- C:\Users\Adam\AppData\Local\{5BD95F33-A926-4F76-BE5C-5F0506A149CD}

2014-03-18 11:32:28 -------- d-----w- C:\Users\Adam\AppData\Local\{16F8E324-BC66-4A25-8C37-DC9E161B4987}

2014-03-17 23:32:04 -------- d-----w- C:\Users\Adam\AppData\Local\{2AB2579A-F85A-4CF9-AFE0-5E372FFEC502}

2014-03-17 11:31:49 -------- d-----w- C:\Users\Adam\AppData\Local\{2EE820F6-C6C3-4653-82A5-CC7ACD64DB53}

2014-03-16 23:03:12 -------- d-----w- C:\Users\Adam\AppData\Local\{C552C9CC-D7A3-472A-AE1A-D10AE81D2C88}

2014-03-16 11:02:43 -------- d-----w- C:\Users\Adam\AppData\Local\{7A859F32-1706-4236-A197-963CD381001C}

2014-03-15 21:48:17 -------- d-----w- C:\Users\Adam\AppData\Local\{2F2A5F00-D6C4-46AB-8D89-79D5DA24C086}

2014-03-15 07:11:51 -------- d-----w- C:\Users\Adam\AppData\Local\{3E2E5445-F0CA-4288-81BA-95AF96B954F4}

2014-03-14 17:51:56 -------- d-----w- C:\Users\Adam\AppData\Local\{1595BB50-06B1-4524-B4F7-6B76006CA688}

2014-03-14 05:51:18 -------- d-----w- C:\Users\Adam\AppData\Local\{79B9E50D-A347-4F33-895B-775801828B38}

2014-03-13 12:35:37 -------- d-----w- C:\Users\Adam\AppData\Local\{79C0CC25-AD58-4C58-A293-73A04F69D9F6}

2014-03-13 08:08:10 624128 ----a-w- C:\Windows\System32\qedit.dll

2014-03-13 08:08:10 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

2014-03-13 08:08:10 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2014-03-13 08:08:10 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2014-03-12 23:26:32 -------- d-----w- C:\Users\Adam\AppData\Local\{E0D68A73-8CAD-4DBB-B854-362A6F463173}

2014-03-12 11:27:19 -------- d-----w- C:\Users\Adam\AppData\Local\{31D55E0A-622A-472A-976A-FCBB365DF65D}

2014-03-11 20:14:09 -------- d-----w- C:\Users\Adam\AppData\Local\{E785D8CE-9E9C-4AE3-9CCD-E0C7CC4B77AE}

2014-03-11 08:13:55 -------- d-----w- C:\Users\Adam\AppData\Local\{3E612855-F020-460F-AA1A-6EC5E062AC0D}

2014-03-10 20:13:30 -------- d-----w- C:\Users\Adam\AppData\Local\{B64B95ED-4240-4839-B7ED-E302515AC811}

2014-03-10 08:12:53 -------- d-----w- C:\Users\Adam\AppData\Local\{6D015249-73C2-4230-AF10-4F7160FB7B32}

2014-03-07 08:13:49 -------- d-----w- C:\Users\Adam\AppData\Local\{A9C02815-5E4F-45C9-9EBA-0211D7615A26}

2014-03-05 11:36:57 -------- d-----w- C:\Users\Adam\AppData\Local\{91BEE2D5-BA5A-4B90-97A1-7192AAECEA93}

.

==================== Find3M  ====================

.

2014-03-11 18:41:11 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2014-03-11 18:41:10 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll

2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll

2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll

2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll

2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll

2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl

2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll

2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll

2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll

2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys

2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll

2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll

2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll

.

============= FINISH:  8:30:18.85 ===============
Link to post
Share on other sites

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software





 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Adam [Admin rights]

Mode : Scan -- Date : 04/05/2014 07:24:50

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 6 ¤¤¤

[RUN][sUSP PATH] HKLM\[...]\Run : Seagull Drivers (ssdal_nc.exe startup [-]) -> FOUND

[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 1 ¤¤¤

[V2][sUSP PATH] PeriodicScanRetry : %windir%\ehome\MCUpdate.exe - -pscn 0 [7][-] -> FOUND

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Browser Addons : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS545032B9A300 +++++

--- User ---

[MBR] 147014bd3e47d158a58bc96a08ecb2d8

[bSP] 51a753e33ed597db43c31621367c9b57 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 MB

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29362176 | Size: 100 MB

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29566976 | Size: 290807 MB

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_04052014_072450.txt >>
Link to post
Share on other sites

Lets run some scans;

Make sure you have created that system restore point before you continue!

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Then...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

omboFix 14-04-06.01 - Adam 07/04/2014   8:07.3.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.2807.1543 [GMT 1:00]

Running from: c:\users\Adam\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Adam\AppData\Local\Temp\_MEI34522\_ctypes.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\_elementtree.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\_hashlib.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\_multiprocessing.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\_socket.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\_ssl.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\pyexpat.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\pysqlite2._sqlite.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\python27.dll

c:\users\Adam\AppData\Local\Temp\_MEI34522\pythoncom27.dll

c:\users\Adam\AppData\Local\Temp\_MEI34522\PyWinTypes27.dll

c:\users\Adam\AppData\Local\Temp\_MEI34522\select.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\unicodedata.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\win32api.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\win32com.shell.shell.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\win32crypt.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\win32event.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\win32file.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\win32inet.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\win32pdh.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\win32pipe.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\win32process.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\win32profile.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\win32security.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\win32ts.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\windows._lib_cacheinvalidation.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\wx._controls_.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\wx._core_.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\wx._gdi_.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\wx._html2.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\wx._misc_.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\wx._windows_.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\wx._wizard.pyd

c:\users\Adam\AppData\Local\Temp\_MEI34522\wxbase294u_net_vc90.dll

c:\users\Adam\AppData\Local\Temp\_MEI34522\wxbase294u_vc90.dll

c:\users\Adam\AppData\Local\Temp\_MEI34522\wxmsw294u_adv_vc90.dll

c:\users\Adam\AppData\Local\Temp\_MEI34522\wxmsw294u_core_vc90.dll

c:\users\Adam\AppData\Local\Temp\_MEI34522\wxmsw294u_html_vc90.dll

c:\users\Adam\AppData\Local\Temp\_MEI34522\wxmsw294u_webview_vc90.dll

.

.

(((((((((((((((((((((((((   Files Created from 2014-03-07 to 2014-04-07  )))))))))))))))))))))))))))))))

.

.

2014-04-07 07:29 . 2014-04-07 07:29 -------- d-----w- c:\users\Public\AppData\Local\temp

2014-04-07 07:29 . 2014-04-07 07:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-04-04 06:35 . 2014-03-17 10:16 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{94E20C07-1B6E-467E-ADE1-B631A931EFC6}\mpengine.dll

2014-03-28 06:04 . 2014-03-28 06:04 -------- d-----w- c:\windows\Temp6C4F1ED9-F7AC-6904-A079-795ECCB44824-Signatures

2014-03-27 05:27 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F36F74DF-C354-420A-8AA8-31E3C5AC54D2}\mpengine.dll

2014-03-26 10:12 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-03-25 09:18 . 2014-02-20 07:52 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{32ED745E-C478-496D-B905-47E92C389217}\gapaengine.dll

2014-03-13 08:08 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll

2014-03-13 08:08 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll

2014-03-13 08:08 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

2014-03-13 08:08 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-03-20 06:15 . 2011-04-30 14:39 90015360 ----a-w- c:\windows\system32\MRT.exe

2014-03-11 18:41 . 2013-02-28 15:39 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-03-11 18:41 . 2013-02-28 15:39 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-02-20 07:52 . 2011-05-20 18:07 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2014-01-18 17:09 . 2014-01-18 17:09 194048 ----a-w- c:\windows\SysWow64\elshyph.dll

2014-01-18 17:09 . 2014-01-18 17:09 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2014-01-18 17:09 . 2014-01-18 17:09 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll

2014-01-18 17:09 . 2014-01-18 17:09 235008 ----a-w- c:\windows\system32\elshyph.dll

2014-01-18 17:09 . 2014-01-18 17:09 182272 ----a-w- c:\windows\SysWow64\msls31.dll

2014-01-18 17:09 . 2014-01-18 17:09 62464 ----a-w- c:\windows\SysWow64\tdc.ocx

2014-01-18 17:09 . 2014-01-18 17:09 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll

2014-01-18 17:09 . 2014-01-18 17:09 337408 ----a-w- c:\windows\SysWow64\html.iec

2014-01-18 17:09 . 2014-01-18 17:09 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll

2014-01-18 17:09 . 2014-01-18 17:09 151552 ----a-w- c:\windows\SysWow64\iexpress.exe

2014-01-18 17:09 . 2014-01-18 17:09 139264 ----a-w- c:\windows\SysWow64\wextract.exe

2014-01-18 17:09 . 2014-01-18 17:09 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2014-01-18 17:09 . 2014-01-18 17:09 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll

2014-01-18 17:09 . 2014-01-18 17:09 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2014-01-18 17:09 . 2014-01-18 17:09 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll

2014-01-18 17:09 . 2014-01-18 17:09 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2014-01-18 17:09 . 2014-01-18 17:09 36352 ----a-w- c:\windows\SysWow64\imgutil.dll

2014-01-18 17:09 . 2014-01-18 17:09 13312 ----a-w- c:\windows\SysWow64\mshta.exe

2014-01-18 17:09 . 2014-01-18 17:09 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2014-01-18 17:09 . 2014-01-18 17:09 942592 ----a-w- c:\windows\system32\jsIntl.dll

2014-01-18 17:09 . 2014-01-18 17:09 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2014-01-18 17:09 . 2014-01-18 17:09 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2014-01-18 17:09 . 2014-01-18 17:09 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2014-01-18 17:09 . 2014-01-18 17:09 48640 ----a-w- c:\windows\system32\mshtmler.dll

2014-01-18 17:09 . 2014-01-18 17:09 247808 ----a-w- c:\windows\system32\msls31.dll

2014-01-18 17:09 . 2014-01-18 17:09 13312 ----a-w- c:\windows\system32\msfeedssync.exe

2014-01-18 17:09 . 2014-01-18 17:09 131072 ----a-w- c:\windows\system32\IEAdvpack.dll

2014-01-18 17:09 . 2014-01-18 17:09 105984 ----a-w- c:\windows\system32\iesysprep.dll

2014-01-18 17:09 . 2014-01-18 17:09 81408 ----a-w- c:\windows\system32\icardie.dll

2014-01-18 17:09 . 2014-01-18 17:09 77312 ----a-w- c:\windows\system32\tdc.ocx

2014-01-18 17:09 . 2014-01-18 17:09 616104 ----a-w- c:\windows\system32\ieapfltr.dat

2014-01-18 17:09 . 2014-01-18 17:09 453120 ----a-w- c:\windows\system32\dxtmsft.dll

2014-01-18 17:09 . 2014-01-18 17:09 413696 ----a-w- c:\windows\system32\html.iec

2014-01-18 17:09 . 2014-01-18 17:09 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll

2014-01-18 17:09 . 2014-01-18 17:09 30208 ----a-w- c:\windows\system32\licmgr10.dll

2014-01-18 17:09 . 2014-01-18 17:09 296960 ----a-w- c:\windows\system32\dxtrans.dll

2014-01-18 17:09 . 2014-01-18 17:09 263376 ----a-w- c:\windows\system32\iedkcs32.dll

2014-01-18 17:09 . 2014-01-18 17:09 243200 ----a-w- c:\windows\system32\webcheck.dll

2014-01-18 17:09 . 2014-01-18 17:09 235520 ----a-w- c:\windows\system32\url.dll

2014-01-18 17:09 . 2014-01-18 17:09 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll

2014-01-18 17:09 . 2014-01-18 17:09 101376 ----a-w- c:\windows\system32\inseng.dll

2014-01-18 17:09 . 2014-01-18 17:09 84992 ----a-w- c:\windows\system32\mshtmled.dll

2014-01-18 17:09 . 2014-01-18 17:09 83968 ----a-w- c:\windows\system32\MshtmlDac.dll

2014-01-18 17:09 . 2014-01-18 17:09 774144 ----a-w- c:\windows\system32\jscript.dll

2014-01-18 17:09 . 2014-01-18 17:09 62464 ----a-w- c:\windows\system32\pngfilt.dll

2014-01-18 17:09 . 2014-01-18 17:09 48128 ----a-w- c:\windows\system32\imgutil.dll

2014-01-18 17:09 . 2014-01-18 17:09 167424 ----a-w- c:\windows\system32\iexpress.exe

2014-01-18 17:09 . 2014-01-18 17:09 147968 ----a-w- c:\windows\system32\occache.dll

2014-01-18 17:09 . 2014-01-18 17:09 143872 ----a-w- c:\windows\system32\wextract.exe

2014-01-18 17:09 . 2014-01-18 17:09 13824 ----a-w- c:\windows\system32\mshta.exe

2014-01-18 17:09 . 2014-01-18 17:09 135680 ----a-w- c:\windows\system32\iepeers.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-04-17 05:55 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Mobile Partner"="c:\program files (x86)\3MobileWiFi\3MobileWiFi" [X]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-21 39408]

"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-01-30 21822128]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]

"Cookienator"="c:\program files (x86)\Cookienator\cookienator.exe" [2009-10-19 1333472]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-04-17 337264]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-07 618496]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

c:\users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Adam\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]

R3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcecm.sys [x]

R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]

R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbnet.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]

S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]

S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]

S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]

S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2014-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-28 18:41]

.

2014-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-18 15:15]

.

2014-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-18 15:15]

.

2014-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517162095-573492459-740728455-1001Core.job

- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18 15:15]

.

2014-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517162095-573492459-740728455-1001UA.job

- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18 15:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 164016 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 164016 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 164016 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 164016 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-04-17 05:58 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2014-01-30 15:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2014-01-30 15:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2014-01-30 15:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2014-01-30 15:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2014-01-30 15:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2014-01-30 15:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Seagull Drivers"="ssdal_nc.exe startup" [X]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-29 9913376]

"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-04-17 349552]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-04 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-04 391192]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-04 410648]

"PLFSetI"="c:\windows\PLFSetI.exe" [2010-07-05 206208]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-03-17 860704]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]

.

------- Supplementary Scan -------

.


uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

SafeBoot-87099613.sys

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\windows\system32\hasplms.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2014-04-07  08:45:58 - machine was rebooted

ComboFix-quarantined-files.txt  2014-04-07 07:45

.

Pre-Run: 174,227,701,760 bytes free

Post-Run: 175,328,190,464 bytes free

.

- - End Of File - - 6BEE3198B4FABA9DBA7DC71A41BB90B8
Link to post
Share on other sites

Start with this: (make sure you have created a new system restore point)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Next..................

Please run a Quick Scan with Malwarebytes like this:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Last.........

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

AdwCleaner v3.023 - Report created 07/04/2014 at 14:22:54

# Updated 01/04/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Adam - ADAM-PC

# Running from : C:\Users\Adam\Downloads\AdwCleaner (3).exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16521

 

 

-\\ Google Chrome v

 

[ File : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [2666 octets] - [22/01/2014 23:42:57]

AdwCleaner[R1].txt - [672 octets] - [07/04/2014 14:22:54]

AdwCleaner[s0].txt - [2690 octets] - [22/01/2014 23:46:35]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [791 octets] ##########
Link to post
Share on other sites

# AdwCleaner v3.023 - Report created 07/04/2014 at 14:35:14

# Updated 01/04/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Adam - ADAM-PC

# Running from : C:\Users\Adam\Downloads\AdwCleaner (3).exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16521

 

 

-\\ Google Chrome v

 

[ File : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [2666 octets] - [22/01/2014 23:42:57]

AdwCleaner[R1].txt - [870 octets] - [07/04/2014 14:22:54]

AdwCleaner[s0].txt - [2690 octets] - [22/01/2014 23:46:35]

AdwCleaner[s1].txt - [792 octets] - [07/04/2014 14:35:14]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [851 octets] ##########
Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.04.07.06

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16521

Adam :: ADAM-PC [administrator]

 

07/04/2014 14:49:25

mbam-log-2014-04-07 (14-49-25).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 239558

Time elapsed: 2 hour(s), 6 minute(s), 5 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014

Ran by Adam (administrator) on ADAM-PC on 07-04-2014 17:01:44

Running from C:\Users\Adam\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

(SafeNet Inc.) C:\Windows\system32\hasplms.exe

() C:\ProgramData\DatacardService\HWDeviceService64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

() C:\Windows\PLFSetI.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Dropbox, Inc.) C:\Users\Adam\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Windows\system32\igfxext.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe

() C:\Windows\Samsung\PanelMgr\SSMMgr.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

() C:\Windows\Samsung\PanelMgr\caller64.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Google Inc.) C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe

(Google Inc.) C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)

HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-04-17] (Egis Technology Inc.)

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)

HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-07-05] ()

HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated)

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)

HKLM\...\Run: [seagull Drivers] - ssdal_nc.exe startup

HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)

HKLM-x32\...\Run: [suiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-04-17] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)

HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)

HKLM-x32\...\Run: [backupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)

HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)

HKLM-x32\...\Run: [samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-06-07] ()

HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-09-01] (Research In Motion Limited)

HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\599\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2517162095-573492459-740728455-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-21] (Google Inc.)

HKU\S-1-5-21-2517162095-573492459-740728455-1001\...\Run: [MyTomTomSA.exe] - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [435672 2011-11-14] (TomTom)

HKU\S-1-5-21-2517162095-573492459-740728455-1001\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)

HKU\S-1-5-21-2517162095-573492459-740728455-1001\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)

HKU\S-1-5-21-2517162095-573492459-740728455-1001\...\Run: [Mobile Partner] - C:\Program Files (x86)\3MobileWiFi\3MobileWiFi

HKU\S-1-5-21-2517162095-573492459-740728455-1001\...\Run: [Cookienator] - C:\Program Files (x86)\Cookienator\cookienator.exe [1333472 2009-10-19] (CodeFromThe70s.org)

Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Adam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

 

==================== Internet (Whitelisted) ====================

 


HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enGB428

SearchScopes: HKCU - {BF707BAC-59CC-4AC6-84E0-BB5FEA9E3F71} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=en_UK&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^GB&apn_uid=9F189D84-95FA-4D34-B993-96F5C3ECA23E&apn_sauid=5B6D90A1-4617-44A2-9773-B3BC389564CE

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

Chrome: 

=======


CHR DefaultSearchKeyword: google.co.uk

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Adam\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Adam\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Users\Adam\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File

CHR Plugin: (Java Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File

CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )

CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

CHR Extension: (Google Drive) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-09]

CHR Extension: (YouTube) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]

CHR Extension: (Google Search) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]

CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-01-23]

CHR Extension: (Freemake Video Converter) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2013-01-13]

CHR Extension: (Google Wallet) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]

CHR Extension: (Gmail) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]

CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Adam\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-07]

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-05-07]

CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-01-13]

CHR StartMenuInternet: Google Chrome - C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) =================

 

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864 2013-01-11] (Freemake)

R2 hasplms; C:\Windows\system32\hasplms.exe [4941768 2012-06-28] (SafeNet Inc.)

R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()

S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)

S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-04-17] (Egis Technology Inc.)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)

R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)

S2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-09-10] (Samsung Electronics)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-04-07 17:01 - 2014-04-07 17:02 - 00017856 _____ () C:\Users\Adam\Downloads\FRST.txt

2014-04-07 16:57 - 2014-04-07 17:01 - 00000000 ____D () C:\FRST

2014-04-07 16:57 - 2014-04-07 16:57 - 02157056 _____ (Farbar) C:\Users\Adam\Downloads\FRST64.exe

2014-04-07 14:21 - 2014-04-07 14:21 - 01426178 _____ () C:\Users\Adam\Downloads\AdwCleaner (3).exe

2014-04-07 14:19 - 2014-04-07 14:19 - 01426178 _____ () C:\Users\Adam\Downloads\AdwCleaner (2).exe

2014-04-07 13:19 - 2014-04-07 13:20 - 99173681 _____ () C:\Users\Adam\Downloads\Roomsets.zip

2014-04-07 09:57 - 2014-04-07 09:59 - 00000000 ____D () C:\Users\Adam\Desktop\amanda ward thomas

2014-04-07 09:45 - 2014-04-07 09:45 - 00000000 ____D () C:\Users\Adam\AppData\Local\{9A6EE725-126F-4974-BD36-FDBE9B6FF8E8}

2014-04-07 08:46 - 2014-04-07 08:46 - 00030031 _____ () C:\ComboFix.txt

2014-04-07 08:04 - 2014-04-07 08:46 - 00000000 ____D () C:\Qoobox

2014-04-07 08:04 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-04-07 08:04 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-04-07 08:04 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-04-07 08:04 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-04-07 08:04 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-04-07 08:04 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2014-04-07 08:04 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2014-04-07 08:04 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2014-04-07 08:01 - 2014-04-07 08:02 - 05195663 ____R (Swearware) C:\Users\Adam\Downloads\ComboFix.exe

2014-04-07 07:46 - 2014-04-07 07:46 - 04139872 _____ (Kaspersky Lab ZAO) C:\Users\Adam\Downloads\tdsskiller.exe

2014-04-05 16:07 - 2014-04-05 16:07 - 00262144 ____N () C:\Windows\Minidump\040514-25100-01.dmp

2014-04-05 07:24 - 2014-04-05 07:24 - 00002068 _____ () C:\Users\Adam\Desktop\RKreport[0]_S_04052014_072450.txt

2014-04-05 07:17 - 2014-04-05 07:17 - 00012232 _____ () C:\Users\Adam\Desktop\steven complain letter.odt

2014-04-05 07:11 - 2014-04-05 07:24 - 00000000 ____D () C:\Users\Adam\Desktop\RK_Quarantine

2014-04-05 07:11 - 2014-04-05 07:11 - 04527616 _____ () C:\Users\Adam\Downloads\RogueKillerX64 (2).exe

2014-04-04 19:03 - 2014-04-04 19:03 - 00262144 ____N () C:\Windows\Minidump\040414-26301-01.dmp

2014-04-04 08:30 - 2014-04-04 08:30 - 00025055 _____ () C:\Users\Adam\Desktop\dds.txt

2014-04-04 08:30 - 2014-04-04 08:30 - 00011058 _____ () C:\Users\Adam\Desktop\attach.txt

2014-04-04 08:28 - 2014-04-04 08:28 - 00688992 _____ (Swearware) C:\Users\Adam\Downloads\dds.com

2014-04-04 08:26 - 2014-04-04 08:27 - 00688992 ____R (Swearware) C:\Users\Adam\Downloads\dds.scr

2014-04-03 22:48 - 2014-04-03 22:49 - 00000000 ____D () C:\Users\Adam\AppData\Local\{028343D6-85B4-4FAA-9879-C6555C19D89C}

2014-04-03 10:46 - 2014-04-03 10:47 - 00000000 ____D () C:\Users\Adam\AppData\Local\{A5D13CE0-8239-4FEC-ABF0-0DCDDBA5FB40}

2014-04-02 21:58 - 2014-04-02 21:58 - 00000000 ____D () C:\Users\Adam\Desktop\New folder (2)

2014-04-02 20:56 - 2014-04-02 20:56 - 01445624 _____ () C:\Users\Adam\Downloads\LEVI Kit 12 (2).tif

2014-04-02 20:23 - 2014-04-02 20:23 - 01105152 _____ () C:\Users\Adam\Downloads\MODE Kit 6.tif

2014-04-02 20:22 - 2014-04-02 20:22 - 01445624 _____ () C:\Users\Adam\Downloads\LEVI Kit 12.TIF

2014-04-02 20:19 - 2014-04-02 20:19 - 00000000 ____D () C:\Users\Adam\AppData\Local\{F76335AD-9C4E-4A5C-BBAF-F51686525EF1}

2014-04-02 09:18 - 2014-04-02 22:20 - 00019252 _____ () C:\Users\Adam\Desktop\website core products.ods

2014-04-02 08:56 - 2014-04-02 08:56 - 01295592 _____ () C:\Users\Adam\Downloads\BWFLSBSM - FALL Free Standing BSM.tiff

2014-04-02 08:55 - 2014-04-02 20:24 - 00000000 ____D () C:\Users\Adam\Desktop\the missing photos

2014-04-02 08:18 - 2014-04-02 08:19 - 00000000 ____D () C:\Users\Adam\AppData\Local\{3C136F17-7097-47C0-A5AC-33B31754D5DC}

2014-04-02 08:15 - 2014-04-02 08:15 - 02146740 _____ () C:\Users\Adam\Downloads\BWFL3HBM FALL 3H BM.tif

2014-04-01 20:35 - 2014-04-01 20:35 - 00019262 _____ () C:\Users\Adam\Desktop\web site descriptions in the bathroom.ods

2014-04-01 20:18 - 2014-04-01 20:18 - 00000000 ____D () C:\Users\Adam\AppData\Local\{83519622-FBD5-4A94-86C5-295E718E5CBE}

2014-04-01 19:16 - 2014-04-01 19:18 - 233333200 _____ () C:\Users\Adam\Downloads\Inaqua Brassware.zip

2014-04-01 14:11 - 2014-04-01 14:14 - 510053886 _____ () C:\Users\Adam\Downloads\Inaqua Shower Kits.zip

2014-03-31 23:40 - 2014-03-31 23:40 - 00018748 _____ () C:\Users\Adam\Desktop\web site descriptions in teh bathroom.ods

2014-03-31 20:06 - 2014-03-31 20:06 - 00000000 ____D () C:\Users\Adam\AppData\Local\{BABBCC2F-473A-4663-AC31-647327A4BDE9}

2014-03-31 19:52 - 2014-03-31 19:52 - 00000000 ____D () C:\Users\Adam\Desktop\New folder

2014-03-31 08:29 - 2014-03-31 19:58 - 00000000 ____D () C:\Users\Adam\Desktop\photos for ebay

2014-03-31 08:06 - 2014-03-31 08:06 - 00000000 ____D () C:\Users\Adam\AppData\Local\{D8833EE2-EE75-483F-B539-BC506008AD31}

2014-03-30 18:36 - 2014-03-30 18:36 - 00000000 ____D () C:\Users\Adam\AppData\Local\{A5A9BE8D-49CD-40DB-B5DB-98140D703F91}

2014-03-30 17:11 - 2014-03-30 17:11 - 00262144 ____N () C:\Windows\Minidump\033014-25256-01.dmp

2014-03-30 06:15 - 2014-03-30 06:15 - 00000000 ____D () C:\Users\Adam\AppData\Local\{AA63A39A-044F-4761-B7A9-758903434CAF}

2014-03-29 18:00 - 2014-03-29 18:01 - 00000000 ____D () C:\Users\Adam\AppData\Local\{687008CC-EE43-4D84-9B21-EF70B69AF5CA}

2014-03-29 06:56 - 2014-03-29 06:56 - 00000359 _____ () C:\Users\Adam\Desktop\Recycle Bin - Shortcut.lnk

2014-03-29 06:44 - 2014-03-29 06:44 - 00985600 _____ () C:\Users\Adam\Downloads\MicrosoftFixit50123.msi

2014-03-28 19:50 - 2014-03-28 19:50 - 00000000 ____D () C:\Users\Adam\AppData\Local\{7C1886E0-7D2C-4287-9D8E-7B08602B8103}

2014-03-28 07:28 - 2014-03-28 07:29 - 00000000 ____D () C:\Users\Adam\AppData\Local\{3314F94B-900D-41BB-8605-611CA27727E9}

2014-03-28 07:04 - 2014-03-28 07:04 - 00000000 ____D () C:\Windows\Temp6C4F1ED9-F7AC-6904-A079-795ECCB44824-Signatures

2014-03-27 19:28 - 2014-03-27 19:28 - 00000000 ____D () C:\Users\Adam\AppData\Local\{CA110284-A9EC-48E3-8F24-6BDEABEE3996}

2014-03-27 14:06 - 2014-03-27 14:06 - 00010977 _____ () C:\Users\Adam\Desktop\website links.odt

2014-03-27 07:28 - 2014-03-27 07:28 - 00000000 ____D () C:\Users\Adam\AppData\Local\{A0EC3CB1-92E4-4404-A84D-EF11CEB92B15}

2014-03-26 19:01 - 2014-03-26 19:01 - 00000000 ____D () C:\Users\Adam\AppData\Local\{6148E818-AFC7-44C1-9C6E-2B5194B3C48D}

2014-03-26 09:12 - 2014-03-26 09:13 - 00114176 _____ () C:\Users\Adam\Desktop\no discount in the bathroom.xls

2014-03-26 06:58 - 2014-03-26 06:58 - 00000000 ____D () C:\Users\Adam\AppData\Local\{227A5C99-4AD1-4420-BCE7-EEA0A87543F5}

2014-03-25 13:29 - 2014-03-25 13:29 - 00000000 ____D () C:\Users\Adam\AppData\Local\{C8B663A5-A6C7-473E-9B07-672D563FB44D}

2014-03-24 22:47 - 2014-03-24 22:48 - 00000000 ____D () C:\Users\Adam\AppData\Local\{4FEE1CCE-23B7-483E-9C87-34EE08D60946}

2014-03-24 11:21 - 2014-03-24 11:21 - 00000000 ____D () C:\Users\Adam\AppData\Local\{04DAC2C2-FCB1-44FA-B05B-806635B10269}

2014-03-23 22:48 - 2014-03-23 22:48 - 00000000 ____D () C:\Users\Adam\AppData\Local\{020EA083-AA8C-4136-8C55-98A4B203A46E}

2014-03-23 10:47 - 2014-03-23 10:48 - 00000000 ____D () C:\Users\Adam\AppData\Local\{8BB9C313-945F-41A3-942A-F165764E5A27}

2014-03-22 21:13 - 2014-03-22 21:13 - 00000000 ____D () C:\Users\Adam\AppData\Local\{FF1AB0B0-23F8-4861-B4FD-A47DF4918BBE}

2014-03-22 09:12 - 2014-03-22 09:13 - 00000000 ____D () C:\Users\Adam\AppData\Local\{769B5502-F5FA-44E6-9308-569ABCFF6F31}

2014-03-21 21:12 - 2014-03-21 21:12 - 00000000 ____D () C:\Users\Adam\AppData\Local\{5F7EB489-70F2-431B-86EC-ADA0B0787F08}

2014-03-21 16:18 - 2014-03-21 16:18 - 00262144 ____N () C:\Windows\Minidump\032114-23056-01.dmp

2014-03-21 08:16 - 2014-03-21 08:16 - 00000000 ____D () C:\Users\Adam\AppData\Local\{499462BF-4E29-4A80-9BCF-99A6DC8327D7}

2014-03-20 15:38 - 2014-03-20 15:38 - 00000000 ____D () C:\Users\Adam\AppData\Local\{51641B17-3F28-4CAF-A4C2-ED3CE1BA09E8}

2014-03-20 00:42 - 2014-03-20 00:42 - 00000000 ____D () C:\Users\Adam\AppData\Local\{9C4926CD-AA68-415B-9DAB-E0FCBBFA55E7}

2014-03-20 00:11 - 2014-03-20 00:11 - 00090129 _____ () C:\Users\Adam\Desktop\2nd.csv

2014-03-20 00:08 - 2014-03-20 00:09 - 00128141 _____ () C:\Users\Adam\Desktop\first atte.csv

2014-03-19 12:41 - 2014-03-19 12:42 - 00000000 ____D () C:\Users\Adam\AppData\Local\{F68CE423-0868-4877-A185-34C26B992734}

2014-03-19 00:41 - 2014-03-19 00:41 - 00000000 ____D () C:\Users\Adam\AppData\Local\{5BD95F33-A926-4F76-BE5C-5F0506A149CD}

2014-03-18 12:32 - 2014-03-18 12:32 - 00000000 ____D () C:\Users\Adam\AppData\Local\{16F8E324-BC66-4A25-8C37-DC9E161B4987}

2014-03-18 00:32 - 2014-03-18 00:32 - 00000000 ____D () C:\Users\Adam\AppData\Local\{2AB2579A-F85A-4CF9-AFE0-5E372FFEC502}

2014-03-17 12:31 - 2014-03-17 12:32 - 00000000 ____D () C:\Users\Adam\AppData\Local\{2EE820F6-C6C3-4653-82A5-CC7ACD64DB53}

2014-03-17 00:03 - 2014-03-17 00:03 - 00000000 ____D () C:\Users\Adam\AppData\Local\{C552C9CC-D7A3-472A-AE1A-D10AE81D2C88}

2014-03-16 16:57 - 2014-03-16 16:57 - 00262144 ____N () C:\Windows\Minidump\031614-44460-01.dmp

2014-03-16 12:02 - 2014-03-16 12:02 - 00000000 ____D () C:\Users\Adam\AppData\Local\{7A859F32-1706-4236-A197-963CD381001C}

2014-03-15 22:48 - 2014-03-15 22:48 - 00000000 ____D () C:\Users\Adam\AppData\Local\{2F2A5F00-D6C4-46AB-8D89-79D5DA24C086}

2014-03-15 21:03 - 2014-03-15 21:03 - 00012993 _____ () C:\Users\Adam\Desktop\Untitled 3.odt

2014-03-15 18:40 - 2014-03-15 18:40 - 00262144 ____N () C:\Windows\Minidump\031514-37487-01.dmp

2014-03-15 08:11 - 2014-03-15 08:12 - 00000000 ____D () C:\Users\Adam\AppData\Local\{3E2E5445-F0CA-4288-81BA-95AF96B954F4}

2014-03-14 21:13 - 2014-03-29 06:57 - 00000000 ____D () C:\Users\Adam\Desktop\siamp

2014-03-14 18:51 - 2014-03-14 18:52 - 00000000 ____D () C:\Users\Adam\AppData\Local\{1595BB50-06B1-4524-B4F7-6B76006CA688}

2014-03-14 06:51 - 2014-03-14 06:51 - 00000000 ____D () C:\Users\Adam\AppData\Local\{79B9E50D-A347-4F33-895B-775801828B38}

2014-03-13 18:50 - 2014-03-13 18:50 - 00262144 ____N () C:\Windows\Minidump\031314-36005-01.dmp

2014-03-13 18:47 - 2014-03-13 18:47 - 00262144 ____N () C:\Windows\Minidump\031314-36722-01.dmp

2014-03-13 13:35 - 2014-03-13 13:36 - 00000000 ____D () C:\Users\Adam\AppData\Local\{79C0CC25-AD58-4C58-A293-73A04F69D9F6}

2014-03-13 09:09 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-13 09:09 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-13 09:09 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-03-13 09:09 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-03-13 09:09 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-03-13 09:09 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-03-13 09:09 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-03-13 09:09 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-03-13 09:09 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-03-13 09:09 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-03-13 09:09 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-03-13 09:09 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-03-13 09:09 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-03-13 09:09 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-03-13 09:09 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-03-13 09:09 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-03-13 09:09 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-03-13 09:09 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-03-13 09:09 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-03-13 09:09 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-03-13 09:09 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-03-13 09:09 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-03-13 09:09 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-03-13 09:09 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-03-13 09:09 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-03-13 09:09 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-03-13 09:09 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-03-13 09:09 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-03-13 09:09 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-03-13 09:09 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-03-13 09:09 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-03-13 09:09 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-03-13 09:09 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-03-13 09:09 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-03-13 09:09 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-03-13 09:09 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-03-13 09:09 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-03-13 09:09 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-03-13 09:09 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-03-13 09:09 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-03-13 09:09 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-03-13 09:09 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2014-03-13 09:09 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll

2014-03-13 09:09 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

2014-03-13 09:08 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-03-13 09:08 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-03-13 09:08 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-03-13 09:08 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2014-03-13 00:26 - 2014-03-13 00:26 - 00000000 ____D () C:\Users\Adam\AppData\Local\{E0D68A73-8CAD-4DBB-B854-362A6F463173}

2014-03-12 12:27 - 2014-03-12 12:27 - 00000000 ____D () C:\Users\Adam\AppData\Local\{31D55E0A-622A-472A-976A-FCBB365DF65D}

2014-03-11 22:22 - 2014-03-11 22:22 - 00017366 _____ () C:\Users\Adam\Desktop\mx customers.odt

2014-03-11 21:14 - 2014-03-11 21:14 - 00000000 ____D () C:\Users\Adam\AppData\Local\{E785D8CE-9E9C-4AE3-9CCD-E0C7CC4B77AE}

2014-03-11 09:13 - 2014-03-11 09:14 - 00000000 ____D () C:\Users\Adam\AppData\Local\{3E612855-F020-460F-AA1A-6EC5E062AC0D}

2014-03-10 21:13 - 2014-03-10 21:13 - 00000000 ____D () C:\Users\Adam\AppData\Local\{B64B95ED-4240-4839-B7ED-E302515AC811}

2014-03-10 09:12 - 2014-03-10 09:13 - 00000000 ____D () C:\Users\Adam\AppData\Local\{6D015249-73C2-4230-AF10-4F7160FB7B32}

2014-03-09 16:57 - 2014-03-09 16:57 - 00262144 ____N () C:\Windows\Minidump\030914-21980-01.dmp

2014-03-08 13:54 - 2014-03-08 13:54 - 10318304 _____ () C:\Users\Adam\Downloads\uMark.zip

 

==================== One Month Modified Files and Folders =======

 

2014-04-07 17:02 - 2014-04-07 17:01 - 00017856 _____ () C:\Users\Adam\Downloads\FRST.txt

2014-04-07 17:01 - 2014-04-07 16:57 - 00000000 ____D () C:\FRST

2014-04-07 16:57 - 2014-04-07 16:57 - 02157056 _____ (Farbar) C:\Users\Adam\Downloads\FRST64.exe

2014-04-07 16:54 - 2013-02-28 16:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-07 16:54 - 2011-04-18 16:24 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517162095-573492459-740728455-1001UA.job

2014-04-07 16:54 - 2011-04-18 16:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-07 16:54 - 2010-07-05 21:26 - 01240159 _____ () C:\Windows\WindowsUpdate.log

2014-04-07 14:48 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-07 14:48 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-07 14:42 - 2012-08-22 09:50 - 00000000 ___RD () C:\Users\Adam\Dropbox

2014-04-07 14:42 - 2012-08-22 09:46 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\Dropbox

2014-04-07 14:40 - 2012-11-17 12:55 - 00000000 ___RD () C:\Users\Adam\Google Drive

2014-04-07 14:39 - 2014-02-18 08:02 - 00001972 _____ () C:\Windows\setupact.log

2014-04-07 14:39 - 2011-04-18 16:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-07 14:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-07 14:37 - 2014-01-22 23:40 - 00000000 ____D () C:\AdwCleaner

2014-04-07 14:21 - 2014-04-07 14:21 - 01426178 _____ () C:\Users\Adam\Downloads\AdwCleaner (3).exe

2014-04-07 14:19 - 2014-04-07 14:19 - 01426178 _____ () C:\Users\Adam\Downloads\AdwCleaner (2).exe

2014-04-07 13:20 - 2014-04-07 13:19 - 99173681 _____ () C:\Users\Adam\Downloads\Roomsets.zip

2014-04-07 11:39 - 2014-01-24 19:04 - 00000000 ____D () C:\Users\Adam\AppData\Local\CrashDumps

2014-04-07 10:36 - 2011-06-04 17:27 - 00000099 _____ () C:\Users\Public\LMDebug.log

2014-04-07 09:59 - 2014-04-07 09:57 - 00000000 ____D () C:\Users\Adam\Desktop\amanda ward thomas

2014-04-07 09:45 - 2014-04-07 09:45 - 00000000 ____D () C:\Users\Adam\AppData\Local\{9A6EE725-126F-4974-BD36-FDBE9B6FF8E8}

2014-04-07 09:33 - 2014-01-29 12:50 - 00020992 _____ () C:\Users\Adam\Desktop\elements trade.xls

2014-04-07 08:46 - 2014-04-07 08:46 - 00030031 _____ () C:\ComboFix.txt

2014-04-07 08:46 - 2014-04-07 08:04 - 00000000 ____D () C:\Qoobox

2014-04-07 08:32 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2014-04-07 08:31 - 2014-02-27 09:07 - 00133236 _____ () C:\Windows\PFRO.log

2014-04-07 08:30 - 2012-12-30 22:31 - 00000000 ____D () C:\Windows\erdnt

2014-04-07 08:02 - 2014-04-07 08:01 - 05195663 ____R (Swearware) C:\Users\Adam\Downloads\ComboFix.exe

2014-04-07 07:58 - 2009-07-14 06:13 - 00006222 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-07 07:46 - 2014-04-07 07:46 - 04139872 _____ (Kaspersky Lab ZAO) C:\Users\Adam\Downloads\tdsskiller.exe

2014-04-07 07:39 - 2011-04-18 15:57 - 00002148 _____ () C:\Windows\epplauncher.mif

2014-04-06 23:27 - 2013-02-03 21:10 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\Skype

2014-04-06 21:49 - 2011-04-18 16:24 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517162095-573492459-740728455-1001Core.job

2014-04-05 16:07 - 2014-04-05 16:07 - 00262144 ____N () C:\Windows\Minidump\040514-25100-01.dmp

2014-04-05 16:07 - 2011-08-01 20:03 - 00000000 ____D () C:\Windows\Minidump

2014-04-05 08:00 - 2012-12-15 00:23 - 00000000 ____D () C:\Users\Adam\Documents\HDCam Data

2014-04-05 07:24 - 2014-04-05 07:24 - 00002068 _____ () C:\Users\Adam\Desktop\RKreport[0]_S_04052014_072450.txt

2014-04-05 07:24 - 2014-04-05 07:11 - 00000000 ____D () C:\Users\Adam\Desktop\RK_Quarantine

2014-04-05 07:19 - 2011-05-03 18:52 - 00000000 ____D () C:\Users\Adam\AppData\Local\Paint.NET

2014-04-05 07:17 - 2014-04-05 07:17 - 00012232 _____ () C:\Users\Adam\Desktop\steven complain letter.odt

2014-04-05 07:17 - 2012-11-07 20:28 - 00000000 ____D () C:\Users\Adam\Desktop\taptaptap website

2014-04-05 07:16 - 2014-02-24 11:54 - 00015333 _____ () C:\Users\Adam\Desktop\spencer brassware.ods

2014-04-05 07:16 - 2014-02-22 10:46 - 00016967 _____ () C:\Users\Adam\Desktop\spencer the spinney 2.ods

2014-04-05 07:11 - 2014-04-05 07:11 - 04527616 _____ () C:\Users\Adam\Downloads\RogueKillerX64 (2).exe

2014-04-04 19:08 - 2013-01-06 13:25 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\avidemux

2014-04-04 19:05 - 2013-07-03 00:33 - 00000000 ____D () C:\Users\Adam\Desktop\other

2014-04-04 19:05 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2014-04-04 19:03 - 2014-04-04 19:03 - 00262144 ____N () C:\Windows\Minidump\040414-26301-01.dmp

2014-04-04 09:39 - 2011-08-11 14:14 - 00000000 ____D () C:\Users\Adam\Desktop\sinks

2014-04-04 08:46 - 2012-09-17 07:10 - 00000000 ____D () C:\Users\Adam\Desktop\customers

2014-04-04 08:30 - 2014-04-04 08:30 - 00025055 _____ () C:\Users\Adam\Desktop\dds.txt

2014-04-04 08:30 - 2014-04-04 08:30 - 00011058 _____ () C:\Users\Adam\Desktop\attach.txt

2014-04-04 08:28 - 2014-04-04 08:28 - 00688992 _____ (Swearware) C:\Users\Adam\Downloads\dds.com

2014-04-04 08:27 - 2014-04-04 08:26 - 00688992 ____R (Swearware) C:\Users\Adam\Downloads\dds.scr

2014-04-03 22:49 - 2014-04-03 22:48 - 00000000 ____D () C:\Users\Adam\AppData\Local\{028343D6-85B4-4FAA-9879-C6555C19D89C}

2014-04-03 10:47 - 2014-04-03 10:46 - 00000000 ____D () C:\Users\Adam\AppData\Local\{A5D13CE0-8239-4FEC-ABF0-0DCDDBA5FB40}

2014-04-02 22:58 - 2011-04-21 07:00 - 00000000 ____D () C:\Users\Adam\AppData\Local\Windows Live

2014-04-02 22:25 - 2011-04-29 12:05 - 00000000 ____D () C:\Users\Adam\Documents\durab T&H

2014-04-02 22:20 - 2014-04-02 09:18 - 00019252 _____ () C:\Users\Adam\Desktop\website core products.ods

2014-04-02 21:58 - 2014-04-02 21:58 - 00000000 ____D () C:\Users\Adam\Desktop\New folder (2)

2014-04-02 20:56 - 2014-04-02 20:56 - 01445624 _____ () C:\Users\Adam\Downloads\LEVI Kit 12 (2).tif

2014-04-02 20:24 - 2014-04-02 08:55 - 00000000 ____D () C:\Users\Adam\Desktop\the missing photos

2014-04-02 20:23 - 2014-04-02 20:23 - 01105152 _____ () C:\Users\Adam\Downloads\MODE Kit 6.tif

2014-04-02 20:22 - 2014-04-02 20:22 - 01445624 _____ () C:\Users\Adam\Downloads\LEVI Kit 12.TIF

2014-04-02 20:19 - 2014-04-02 20:19 - 00000000 ____D () C:\Users\Adam\AppData\Local\{F76335AD-9C4E-4A5C-BBAF-F51686525EF1}

2014-04-02 08:56 - 2014-04-02 08:56 - 01295592 _____ () C:\Users\Adam\Downloads\BWFLSBSM - FALL Free Standing BSM.tiff

2014-04-02 08:19 - 2014-04-02 08:18 - 00000000 ____D () C:\Users\Adam\AppData\Local\{3C136F17-7097-47C0-A5AC-33B31754D5DC}

2014-04-02 08:15 - 2014-04-02 08:15 - 02146740 _____ () C:\Users\Adam\Downloads\BWFL3HBM FALL 3H BM.tif

2014-04-01 20:35 - 2014-04-01 20:35 - 00019262 _____ () C:\Users\Adam\Desktop\web site descriptions in the bathroom.ods

2014-04-01 20:18 - 2014-04-01 20:18 - 00000000 ____D () C:\Users\Adam\AppData\Local\{83519622-FBD5-4A94-86C5-295E718E5CBE}

2014-04-01 19:18 - 2014-04-01 19:16 - 233333200 _____ () C:\Users\Adam\Downloads\Inaqua Brassware.zip

2014-04-01 14:14 - 2014-04-01 14:11 - 510053886 _____ () C:\Users\Adam\Downloads\Inaqua Shower Kits.zip

2014-04-01 09:33 - 2011-04-18 15:54 - 00000000 ____D () C:\Users\Adam\AppData\Local\Google

2014-03-31 23:40 - 2014-03-31 23:40 - 00018748 _____ () C:\Users\Adam\Desktop\web site descriptions in teh bathroom.ods

2014-03-31 20:06 - 2014-03-31 20:06 - 00000000 ____D () C:\Users\Adam\AppData\Local\{BABBCC2F-473A-4663-AC31-647327A4BDE9}

2014-03-31 19:58 - 2014-03-31 08:29 - 00000000 ____D () C:\Users\Adam\Desktop\photos for ebay

2014-03-31 19:52 - 2014-03-31 19:52 - 00000000 ____D () C:\Users\Adam\Desktop\New folder

2014-03-31 19:51 - 2013-01-15 20:07 - 00000000 ____D () C:\Users\Adam\Desktop\2013 taps

2014-03-31 08:06 - 2014-03-31 08:06 - 00000000 ____D () C:\Users\Adam\AppData\Local\{D8833EE2-EE75-483F-B539-BC506008AD31}

2014-03-30 18:36 - 2014-03-30 18:36 - 00000000 ____D () C:\Users\Adam\AppData\Local\{A5A9BE8D-49CD-40DB-B5DB-98140D703F91}

2014-03-30 17:11 - 2014-03-30 17:11 - 00262144 ____N () C:\Windows\Minidump\033014-25256-01.dmp

2014-03-30 06:15 - 2014-03-30 06:15 - 00000000 ____D () C:\Users\Adam\AppData\Local\{AA63A39A-044F-4761-B7A9-758903434CAF}

2014-03-29 18:01 - 2014-03-29 18:00 - 00000000 ____D () C:\Users\Adam\AppData\Local\{687008CC-EE43-4D84-9B21-EF70B69AF5CA}

2014-03-29 06:57 - 2014-03-14 21:13 - 00000000 ____D () C:\Users\Adam\Desktop\siamp

2014-03-29 06:56 - 2014-03-29 06:56 - 00000359 _____ () C:\Users\Adam\Desktop\Recycle Bin - Shortcut.lnk

2014-03-29 06:44 - 2014-03-29 06:44 - 00985600 _____ () C:\Users\Adam\Downloads\MicrosoftFixit50123.msi

2014-03-28 19:50 - 2014-03-28 19:50 - 00000000 ____D () C:\Users\Adam\AppData\Local\{7C1886E0-7D2C-4287-9D8E-7B08602B8103}

2014-03-28 07:29 - 2014-03-28 07:28 - 00000000 ____D () C:\Users\Adam\AppData\Local\{3314F94B-900D-41BB-8605-611CA27727E9}

2014-03-28 07:06 - 2012-05-02 07:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client

2014-03-28 07:06 - 2011-04-18 15:57 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2014-03-28 07:04 - 2014-03-28 07:04 - 00000000 ____D () C:\Windows\Temp6C4F1ED9-F7AC-6904-A079-795ECCB44824-Signatures

2014-03-27 19:28 - 2014-03-27 19:28 - 00000000 ____D () C:\Users\Adam\AppData\Local\{CA110284-A9EC-48E3-8F24-6BDEABEE3996}

2014-03-27 14:06 - 2014-03-27 14:06 - 00010977 _____ () C:\Users\Adam\Desktop\website links.odt

2014-03-27 07:28 - 2014-03-27 07:28 - 00000000 ____D () C:\Users\Adam\AppData\Local\{A0EC3CB1-92E4-4404-A84D-EF11CEB92B15}

2014-03-26 22:44 - 2011-04-18 16:24 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2517162095-573492459-740728455-1001UA

2014-03-26 22:44 - 2011-04-18 16:24 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2517162095-573492459-740728455-1001Core

2014-03-26 19:01 - 2014-03-26 19:01 - 00000000 ____D () C:\Users\Adam\AppData\Local\{6148E818-AFC7-44C1-9C6E-2B5194B3C48D}

2014-03-26 09:13 - 2014-03-26 09:12 - 00114176 _____ () C:\Users\Adam\Desktop\no discount in the bathroom.xls

2014-03-26 06:58 - 2014-03-26 06:58 - 00000000 ____D () C:\Users\Adam\AppData\Local\{227A5C99-4AD1-4420-BCE7-EEA0A87543F5}

2014-03-25 13:29 - 2014-03-25 13:29 - 00000000 ____D () C:\Users\Adam\AppData\Local\{C8B663A5-A6C7-473E-9B07-672D563FB44D}

2014-03-24 22:48 - 2014-03-24 22:47 - 00000000 ____D () C:\Users\Adam\AppData\Local\{4FEE1CCE-23B7-483E-9C87-34EE08D60946}

2014-03-24 11:21 - 2014-03-24 11:21 - 00000000 ____D () C:\Users\Adam\AppData\Local\{04DAC2C2-FCB1-44FA-B05B-806635B10269}

2014-03-23 22:48 - 2014-03-23 22:48 - 00000000 ____D () C:\Users\Adam\AppData\Local\{020EA083-AA8C-4136-8C55-98A4B203A46E}

2014-03-23 17:14 - 2013-03-21 11:33 - 00000000 ____D () C:\Users\Adam\Desktop\storage horders

2014-03-23 17:14 - 2011-10-31 22:50 - 00000000 ____D () C:\Users\Adam\Desktop\store items

2014-03-23 10:48 - 2014-03-23 10:47 - 00000000 ____D () C:\Users\Adam\AppData\Local\{8BB9C313-945F-41A3-942A-F165764E5A27}

2014-03-22 21:13 - 2014-03-22 21:13 - 00000000 ____D () C:\Users\Adam\AppData\Local\{FF1AB0B0-23F8-4861-B4FD-A47DF4918BBE}

2014-03-22 09:13 - 2014-03-22 09:12 - 00000000 ____D () C:\Users\Adam\AppData\Local\{769B5502-F5FA-44E6-9308-569ABCFF6F31}

2014-03-21 21:12 - 2014-03-21 21:12 - 00000000 ____D () C:\Users\Adam\AppData\Local\{5F7EB489-70F2-431B-86EC-ADA0B0787F08}

2014-03-21 16:18 - 2014-03-21 16:18 - 00262144 ____N () C:\Windows\Minidump\032114-23056-01.dmp

2014-03-21 10:55 - 2011-04-18 17:40 - 00000000 ____D () C:\Users\Adam\Documents\Turbo Lister Backup

2014-03-21 08:16 - 2014-03-21 08:16 - 00000000 ____D () C:\Users\Adam\AppData\Local\{499462BF-4E29-4A80-9BCF-99A6DC8327D7}

2014-03-20 15:38 - 2014-03-20 15:38 - 00000000 ____D () C:\Users\Adam\AppData\Local\{51641B17-3F28-4CAF-A4C2-ED3CE1BA09E8}

2014-03-20 07:21 - 2013-08-02 11:47 - 00000000 ____D () C:\Windows\system32\MRT

2014-03-20 07:17 - 2011-04-18 16:15 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-03-20 07:17 - 2011-04-18 16:15 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-03-20 07:15 - 2011-04-30 15:39 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-03-20 00:42 - 2014-03-20 00:42 - 00000000 ____D () C:\Users\Adam\AppData\Local\{9C4926CD-AA68-415B-9DAB-E0FCBBFA55E7}

2014-03-20 00:11 - 2014-03-20 00:11 - 00090129 _____ () C:\Users\Adam\Desktop\2nd.csv

2014-03-20 00:09 - 2014-03-20 00:08 - 00128141 _____ () C:\Users\Adam\Desktop\first atte.csv

2014-03-19 12:42 - 2014-03-19 12:41 - 00000000 ____D () C:\Users\Adam\AppData\Local\{F68CE423-0868-4877-A185-34C26B992734}

2014-03-19 00:41 - 2014-03-19 00:41 - 00000000 ____D () C:\Users\Adam\AppData\Local\{5BD95F33-A926-4F76-BE5C-5F0506A149CD}

2014-03-18 12:32 - 2014-03-18 12:32 - 00000000 ____D () C:\Users\Adam\AppData\Local\{16F8E324-BC66-4A25-8C37-DC9E161B4987}

2014-03-18 00:32 - 2014-03-18 00:32 - 00000000 ____D () C:\Users\Adam\AppData\Local\{2AB2579A-F85A-4CF9-AFE0-5E372FFEC502}

2014-03-17 12:32 - 2014-03-17 12:31 - 00000000 ____D () C:\Users\Adam\AppData\Local\{2EE820F6-C6C3-4653-82A5-CC7ACD64DB53}

2014-03-17 00:03 - 2014-03-17 00:03 - 00000000 ____D () C:\Users\Adam\AppData\Local\{C552C9CC-D7A3-472A-AE1A-D10AE81D2C88}

2014-03-16 16:57 - 2014-03-16 16:57 - 00262144 ____N () C:\Windows\Minidump\031614-44460-01.dmp

2014-03-16 12:02 - 2014-03-16 12:02 - 00000000 ____D () C:\Users\Adam\AppData\Local\{7A859F32-1706-4236-A197-963CD381001C}

2014-03-15 22:48 - 2014-03-15 22:48 - 00000000 ____D () C:\Users\Adam\AppData\Local\{2F2A5F00-D6C4-46AB-8D89-79D5DA24C086}

2014-03-15 21:03 - 2014-03-15 21:03 - 00012993 _____ () C:\Users\Adam\Desktop\Untitled 3.odt

2014-03-15 18:40 - 2014-03-15 18:40 - 00262144 ____N () C:\Windows\Minidump\031514-37487-01.dmp

2014-03-15 13:21 - 2011-04-18 16:24 - 00002362 _____ () C:\Users\Adam\Desktop\Google Chrome.lnk

2014-03-15 08:12 - 2014-03-15 08:11 - 00000000 ____D () C:\Users\Adam\AppData\Local\{3E2E5445-F0CA-4288-81BA-95AF96B954F4}

2014-03-14 18:52 - 2014-03-14 18:51 - 00000000 ____D () C:\Users\Adam\AppData\Local\{1595BB50-06B1-4524-B4F7-6B76006CA688}

2014-03-14 07:18 - 2009-07-14 05:45 - 00370408 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-14 07:16 - 2012-05-16 07:44 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-14 07:16 - 2012-05-16 07:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-03-14 06:51 - 2014-03-14 06:51 - 00000000 ____D () C:\Users\Adam\AppData\Local\{79B9E50D-A347-4F33-895B-775801828B38}

2014-03-13 18:50 - 2014-03-13 18:50 - 00262144 ____N () C:\Windows\Minidump\031314-36005-01.dmp

2014-03-13 18:47 - 2014-03-13 18:47 - 00262144 ____N () C:\Windows\Minidump\031314-36722-01.dmp

2014-03-13 13:36 - 2014-03-13 13:35 - 00000000 ____D () C:\Users\Adam\AppData\Local\{79C0CC25-AD58-4C58-A293-73A04F69D9F6}

2014-03-13 00:26 - 2014-03-13 00:26 - 00000000 ____D () C:\Users\Adam\AppData\Local\{E0D68A73-8CAD-4DBB-B854-362A6F463173}

2014-03-12 12:27 - 2014-03-12 12:27 - 00000000 ____D () C:\Users\Adam\AppData\Local\{31D55E0A-622A-472A-976A-FCBB365DF65D}

2014-03-11 22:22 - 2014-03-11 22:22 - 00017366 _____ () C:\Users\Adam\Desktop\mx customers.odt

2014-03-11 21:14 - 2014-03-11 21:14 - 00000000 ____D () C:\Users\Adam\AppData\Local\{E785D8CE-9E9C-4AE3-9CCD-E0C7CC4B77AE}

2014-03-11 19:41 - 2013-02-28 16:39 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-03-11 19:41 - 2013-02-28 16:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-03-11 19:41 - 2013-02-28 16:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-03-11 09:14 - 2014-03-11 09:13 - 00000000 ____D () C:\Users\Adam\AppData\Local\{3E612855-F020-460F-AA1A-6EC5E062AC0D}

2014-03-10 21:13 - 2014-03-10 21:13 - 00000000 ____D () C:\Users\Adam\AppData\Local\{B64B95ED-4240-4839-B7ED-E302515AC811}

2014-03-10 09:13 - 2014-03-10 09:12 - 00000000 ____D () C:\Users\Adam\AppData\Local\{6D015249-73C2-4230-AF10-4F7160FB7B32}

2014-03-09 16:57 - 2014-03-09 16:57 - 00262144 ____N () C:\Windows\Minidump\030914-21980-01.dmp

2014-03-08 13:54 - 2014-03-08 13:54 - 10318304 _____ () C:\Users\Adam\Downloads\uMark.zip

 

Some content of TEMP:

====================

C:\Users\Adam\AppData\Local\Temp\Checkupdate.exe

C:\Users\Adam\AppData\Local\Temp\Foxit Reader Updater.exe

C:\Users\Adam\AppData\Local\Temp\gcapi_dll.dll

C:\Users\Adam\AppData\Local\Temp\gtapi_signed.dll

C:\Users\Adam\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-03-30 22:21

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014

Ran by Adam at 2014-04-07 17:03:12

Running from C:\Users\Adam\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)

1912 Titanic Mystery (HKLM-x32\...\1912 Titanic Mystery) (Version:  - Spintop Media, Inc)

3MobileWiFi (HKLM-x32\...\3MobileWiFi) (Version: 1.11.00.156 - Huawei Technologies Co.,Ltd)

Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.60 - NewTech Infosystems)

Acer Crystal Eye webcam Ver:1.1.167.331 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.167.331 - Chicony Electronics Co.,Ltd.)

Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3003 - Acer Incorporated)

Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated)

Acer GameZone Console (HKLM-x32\...\{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1) (Version: 6.1.0.2 - Oberon Media, Inc.)

Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3002 - Acer Incorporated)

Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0412.2010 - Acer Incorporated)

Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)

Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden

Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)

Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)

ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)

ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)

ArcSoft Print Creations (HKLM-x32\...\{85F1B81D-72C5-4357-81F9-B0A1D71DF59B}) (Version: 3.0.255.407 - ArcSoft)

ArcSoft TotalMedia HDCam (HKLM-x32\...\{7A1DE746-F5D0-4A21-943B-39A3F243C32A}) (Version: 2.0.2.62 - ArcSoft)

Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.1.8321 - )

Backup Manager Basic (x32 Version: 2.0.0.60 - NewTech Infosystems) Hidden

Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )

Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)

BlackBerry Desktop Software 6.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 6.1.0.36 - Research In Motion Ltd.)

BlackBerry Desktop Software 6.1 (x32 Version: 6.1.0.36 - Research In Motion Ltd.) Hidden

Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.04 - Broadcom Corporation)

Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)

CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)

Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)

CloudReading (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.1.47.1220 - Foxit Corporation)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Cookienator (HKLM-x32\...\{BF307EDA-A176-4D83-9775-D337810CF7A7}) (Version: 2.6.41 - CodeFromThe70s.org)

CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2719.50 - CyberLink Corp.)

CyberLink PowerDVD 9 (x32 Version: 9.0.2719.50 - CyberLink Corp.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)

DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)

Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)

eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)

eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden

Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)

Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)

Freemake Video Converter version 3.2.1 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 3.2.1 - Ellora Assets Corporation)

Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)

Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)

Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden

GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.0.0.599 - Citrix Online, a division of Citrix Systems, Inc.)

Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)

Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)

Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)

Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.8 - Acer Inc.)

Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 11.0.3.0 - Lightworks)

Maintenance Samsung CLP-320 Series (HKLM-x32\...\Samsung CLP-320 Series) (Version:  - Samsung Electronics Co., Ltd.)

Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)

Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MyTomTom 3.1.0.530 (HKLM-x32\...\MyTomTom) (Version: 3.1.0.530 - TomTom)

MyWinLocker (x32 Version: 3.1.210.0 - Egis Technology Inc.) Hidden

MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.210.0 - Egis Technology Inc.)

MyWinLocker Suite (x32 Version: 3.1.210.0 - Egis Technology Inc.) Hidden

Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)

NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.628 - NewTech Infosystems)

NTI Backup Now Standard (x32 Version: 5.1.2.628 - NewTech Infosystems) Hidden

NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6630 - NewTech Infosystems)

NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) Hidden

OpenOffice.org 3.3 (HKLM-x32\...\{82AF3E91-57E1-4754-84D0-40A46E2479AB}) (Version: 3.3.9567 - OpenOffice.org)

Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6015 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)

Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.02.00 - Samsung Electronics Co., Ltd.)

Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden

Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version:  - Oberon Media)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)

Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)

Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)

Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)

Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)

Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)

Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)

Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.01.3002 - Acer Incorporated)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

ZTE USB Driver (HKLM\...\ZTE USB Driver) (Version: 1.0.1.14 - ZTE Corporation)

 

==================== Restore Points  =========================

 

28-03-2014 06:02:47 Windows Update

29-03-2014 05:21:45 Windows Update

29-03-2014 06:01:28 Installed Microsoft Fix it 50123

29-03-2014 06:04:29 Windows Update

01-04-2014 09:25:10 Windows Update

04-04-2014 06:23:52 Windows Update

05-04-2014 06:10:42 Windows Update

07-04-2014 06:38:04 Windows Update

07-04-2014 06:44:54 restore april 2014

 

==================== Hosts content: ==========================

 

2009-07-14 03:34 - 2014-04-07 08:32 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {13C92F29-9E42-41FC-AF69-1664CBE6D6B0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2517162095-573492459-740728455-1001UA => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18] (Google Inc.)

Task: {186E6D7A-A81A-4DB5-B394-55278F31FEF1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)

Task: {21B3C017-0CFA-4978-899F-65AE3D37C08D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)

Task: {477E1FF5-7E79-47A5-9463-FF8EFC17DD59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-18] (Google Inc.)

Task: {5BB9703C-173E-4C73-B12C-0429663B1235} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-18] (Google Inc.)

Task: {AD0E9238-29D7-4F80-A911-E48DDF256BB0} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

Task: {EF2F294F-1740-490F-817A-EFE64FCCA558} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2517162095-573492459-740728455-1001Core => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18] (Google Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517162095-573492459-740728455-1001Core.job => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517162095-573492459-740728455-1001UA.job => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-04-18 12:13 - 2011-04-11 06:26 - 00034304 _____ () C:\Windows\System32\spe__l.dll

2008-06-04 06:53 - 2008-06-04 06:53 - 00027648 _____ () C:\Windows\System32\sst3cl6.dll

2010-03-10 06:15 - 2010-03-10 06:15 - 00757760 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\sst3cdu.dll

2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe

2010-07-05 21:34 - 2010-07-05 21:34 - 00206208 _____ () C:\Windows\PLFSetI.exe

2011-06-04 19:49 - 2010-06-07 11:15 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe

2011-06-04 19:49 - 2009-09-30 05:51 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe

2010-03-09 01:18 - 2010-03-09 01:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll

2010-03-09 01:13 - 2010-03-09 01:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll

2010-04-21 11:34 - 2009-12-24 01:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2011-11-14 12:02 - 2011-11-14 12:02 - 00063960 _____ () C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll

2011-11-14 12:01 - 2011-11-14 12:01 - 07964160 _____ () C:\Program Files (x86)\MyTomTom 3\QtGui4.dll

2011-11-14 12:01 - 2011-11-14 12:01 - 02302464 _____ () C:\Program Files (x86)\MyTomTom 3\QtCore4.dll

2011-11-14 12:02 - 2011-11-14 12:02 - 00202712 _____ () C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll

2011-11-14 12:01 - 2011-11-14 12:01 - 00980480 _____ () C:\Program Files (x86)\MyTomTom 3\QtNetwork4.dll

2011-11-14 12:01 - 2011-11-14 12:01 - 00357888 _____ () C:\Program Files (x86)\MyTomTom 3\QtXml4.dll

2011-11-14 12:01 - 2011-11-14 12:01 - 02648064 _____ () C:\Program Files (x86)\MyTomTom 3\QtXmlPatterns4.dll

2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Adam\AppData\Roaming\Dropbox\bin\libcef.dll

2011-01-17 16:19 - 2011-04-18 16:35 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

2010-11-19 18:45 - 2011-04-18 16:35 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll

2010-04-21 12:17 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll

2014-04-07 14:39 - 2014-04-07 14:39 - 00098816 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\win32api.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 00110080 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\pywintypes27.dll

2014-04-07 14:39 - 2014-04-07 14:39 - 00364544 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\pythoncom27.dll

2014-04-07 14:39 - 2014-04-07 14:39 - 00044032 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\_socket.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 01157120 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\_ssl.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 00320512 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\win32com.shell.shell.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 00712192 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\_hashlib.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 01175040 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\wx._core_.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 00805888 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\wx._gdi_.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 00811008 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\wx._windows_.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 01062400 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\wx._controls_.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 00735232 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\wx._misc_.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 00128512 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\_elementtree.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 00127488 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\pyexpat.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 00557056 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\pysqlite2._sqlite.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 00087040 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\_ctypes.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 00119808 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\win32file.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 00108544 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\win32security.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 00018432 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\win32event.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 00038912 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\win32inet.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 00122368 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\wx._wizard.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 00070656 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\wx._html2.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 00026624 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\_multiprocessing.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 00010240 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\select.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 00024064 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\win32pipe.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 00686080 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\unicodedata.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 00025600 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\win32pdh.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 00525640 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\windows._lib_cacheinvalidation.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 00011264 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\win32crypt.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 00035840 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\win32process.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 00017408 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\win32profile.pyd

2014-04-07 14:39 - 2014-04-07 14:39 - 00022528 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\win32ts.pyd

2014-03-15 13:21 - 2014-03-15 01:50 - 00051016 _____ () C:\Users\Adam\AppData\Local\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll

2014-03-15 13:21 - 2014-03-15 01:50 - 00716616 _____ () C:\Users\Adam\AppData\Local\Google\Chrome\Application\33.0.1750.154\libglesv2.dll

2014-03-15 13:21 - 2014-03-15 01:50 - 00100168 _____ () C:\Users\Adam\AppData\Local\Google\Chrome\Application\33.0.1750.154\libegl.dll

2014-03-15 13:21 - 2014-03-15 01:50 - 04061000 _____ () C:\Users\Adam\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll

2014-03-15 13:21 - 2014-03-15 01:50 - 00394568 _____ () C:\Users\Adam\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll

2014-03-15 13:21 - 2014-03-15 01:50 - 01647432 _____ () C:\Users\Adam\AppData\Local\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0

AlternateDataStreams: C:\ProgramData\Temp:4B7317F4

AlternateDataStreams: C:\ProgramData\Temp:4D066AD2

AlternateDataStreams: C:\ProgramData\Temp:5A99DEB7

AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F

AlternateDataStreams: C:\ProgramData\Temp:6C5EC3CD

AlternateDataStreams: C:\ProgramData\Temp:798A3728

AlternateDataStreams: C:\ProgramData\Temp:8075370B

AlternateDataStreams: C:\ProgramData\Temp:9195103F

AlternateDataStreams: C:\ProgramData\Temp:93DE1838

AlternateDataStreams: C:\ProgramData\Temp:93EB7685

AlternateDataStreams: C:\ProgramData\Temp:AB689DEA

AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE

AlternateDataStreams: C:\ProgramData\Temp:E36F5B57

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

 

==================== Disabled items from MSCONFIG ==============

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (04/07/2014 02:22:01 PM) (Source: Customer Experience Improvement Program) (User: )

Description: 80004005

 

Error: (04/07/2014 01:28:48 PM) (Source: Customer Experience Improvement Program) (User: )

Description: 80004005

 

Error: (04/07/2014 11:39:37 AM) (Source: Application Error) (User: )

Description: Faulting application name: Foxit Reader Updater.exe, version: 6.1.2.1226, time stamp: 0x52ca6719

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x00000060

Faulting process id: 0xe9c

Faulting application start time: 0xFoxit Reader Updater.exe0

Faulting application path: Foxit Reader Updater.exe1

Faulting module path: Foxit Reader Updater.exe2

Report Id: Foxit Reader Updater.exe3

 

Error: (04/07/2014 10:55:55 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error: (04/07/2014 10:55:43 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

 

Error: (04/07/2014 07:58:00 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

 

Error: (04/07/2014 07:58:00 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)

Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

 

Error: (04/07/2014 07:39:37 AM) (Source: Microsoft Security Client Setup) (User: NT AUTHORITY)

Description: HRESULT:0x80070643

Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.

 

Error: (04/07/2014 07:39:36 AM) (Source: MsiInstaller) (User: NT AUTHORITY)

Description: Product: Microsoft Security Client -- All customizable parameters must be specified on install: AMPRODUCT, PRODUCTICON, PRODUCTLOCALIZEDNAME, REMEDIATIONEXE, SIGNATURECATEGORYID and PRODUCT_SKU

 

Error: (04/06/2014 08:02:00 PM) (Source: Customer Experience Improvement Program) (User: )

Description: 80004005

 

 

System errors:

=============

Error: (04/07/2014 05:00:22 PM) (Source: cdrom) (User: )

Description: The driver detected a controller error on \Device\CdRom0.

 

Error: (04/07/2014 05:00:21 PM) (Source: cdrom) (User: )

Description: The driver detected a controller error on \Device\CdRom0.

 

Error: (04/07/2014 04:54:11 PM) (Source: NetBT) (User: )

Description: The name "ADAM-PC        :20" could not be registered on the interface with IP address 192.168.1.100.

The computer with the IP address 192.168.1.66 did not allow the name to be claimed by

this computer.

 

Error: (04/07/2014 04:54:11 PM) (Source: NetBT) (User: )

Description: The name "ADAM-PC        :0" could not be registered on the interface with IP address 192.168.1.100.

The computer with the IP address 192.168.1.66 did not allow the name to be claimed by

this computer.

 

Error: (04/07/2014 04:54:10 PM) (Source: Server) (User: )

Description: The server could not bind to the transport \Device\NetBT_Tcpip_{3DD1DAFB-D437-4CDB-B57A-58D7C526D5DA} because another computer on the network has the same name.  The server could not start.

 

Error: (04/07/2014 02:43:49 PM) (Source: cdrom) (User: )

Description: The driver detected a controller error on \Device\CdRom0.

 

Error: (04/07/2014 02:43:49 PM) (Source: cdrom) (User: )

Description: The driver detected a controller error on \Device\CdRom0.

 

Error: (04/07/2014 02:43:49 PM) (Source: cdrom) (User: )

Description: The driver detected a controller error on \Device\CdRom0.

 

Error: (04/07/2014 02:43:49 PM) (Source: cdrom) (User: )

Description: The driver detected a controller error on \Device\CdRom0.

 

Error: (04/07/2014 02:43:49 PM) (Source: cdrom) (User: )

Description: The driver detected a controller error on \Device\CdRom0.

 

 

Microsoft Office Sessions:

=========================

Error: (01/27/2014 10:45:45 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 250081 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error: (01/24/2014 01:17:04 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 127296 seconds with 60 seconds of active time.  This session ended with a crash.

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-04-07 08:24:17.809

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-04-07 08:24:17.569

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-01-22 21:56:58.878

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-01-22 21:56:58.628

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-01-22 21:56:58.363

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-01-22 21:56:58.114

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2012-12-30 22:08:06.482

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2012-12-30 22:08:06.357

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 61%

Total physical RAM: 2806.71 MB

Available physical RAM: 1087.68 MB

Total Pagefile: 5611.61 MB

Available Pagefile: 3572.19 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

 

==================== Drives ================================

 

Drive c: (Acer) (Fixed) (Total:283.99 GB) (Free:162.72 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 97FAD661)

Partition 1: (Not Active) - (Size=14 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=284 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

The run the MSE repair tool:

http://www.thewindowsclub.com/repair-microsoft-security-essentials-with-fix-mse-utility

Let me know......MrC

Link to post
Share on other sites

ix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014

Ran by Adam at 2014-04-07 19:08:19 Run:1

Running from C:\Users\Adam\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0

AlternateDataStreams: C:\ProgramData\Temp:4B7317F4

AlternateDataStreams: C:\ProgramData\Temp:4D066AD2

AlternateDataStreams: C:\ProgramData\Temp:5A99DEB7

AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F

AlternateDataStreams: C:\ProgramData\Temp:6C5EC3CD

AlternateDataStreams: C:\ProgramData\Temp:798A3728

AlternateDataStreams: C:\ProgramData\Temp:8075370B

AlternateDataStreams: C:\ProgramData\Temp:9195103F

AlternateDataStreams: C:\ProgramData\Temp:93DE1838

AlternateDataStreams: C:\ProgramData\Temp:93EB7685

AlternateDataStreams: C:\ProgramData\Temp:AB689DEA

AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE

AlternateDataStreams: C:\ProgramData\Temp:E36F5B57

*****************

 

C:\ProgramData\Temp => ":0B9176C0" ADS removed successfully.

C:\ProgramData\Temp => ":4B7317F4" ADS removed successfully.

C:\ProgramData\Temp => ":4D066AD2" ADS removed successfully.

C:\ProgramData\Temp => ":5A99DEB7" ADS removed successfully.

C:\ProgramData\Temp => ":5D7E5A8F" ADS removed successfully.

C:\ProgramData\Temp => ":6C5EC3CD" ADS removed successfully.

C:\ProgramData\Temp => ":798A3728" ADS removed successfully.

C:\ProgramData\Temp => ":8075370B" ADS removed successfully.

C:\ProgramData\Temp => ":9195103F" ADS removed successfully.

C:\ProgramData\Temp => ":93DE1838" ADS removed successfully.

C:\ProgramData\Temp => ":93EB7685" ADS removed successfully.

C:\ProgramData\Temp => ":AB689DEA" ADS removed successfully.

C:\ProgramData\Temp => ":ABE89FFE" ADS removed successfully.

C:\ProgramData\Temp => ":E36F5B57" ADS removed successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

Have you tried to re-install MSE?

If not.....Give it a try.

Here's a cleaner after you uninstall it run the cleaner, download and install a fresh version....see what happens.

http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/ <<<<Tool

http://windows.microsoft.com/en-us/windows/security-essentials-download <<<<<MSE

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.