Jump to content

Flyclick.biz infection


Recommended Posts

Hi,

I have a computer infected with flyclick.biz.  It keeps opening a Google chrome like window even though I don't have Chrome installed.  My processor spikes a lot because of it.  I've run malwarebytes but it returns nothing.  Below is my FRST.txt & I have attached the Addition.txt file.  I appreciate any assistance you can provide.

Thanks.

Linda

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by joeheff- (administrator) on JOEHEFF--PC on 24-08-2014 13:53:31
Running from C:\Users\joeheff-\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\Integration\Integrator.exe
( ) C:\Windows\System32\dlcccoms.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
() C:\Windows\System32\GManager.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Tanuki Software, Ltd.) C:\ManageEngine\ServiceDesk\bin\wrapper.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
(SonicWALL Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
(Acer) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Sun Microsystems, Inc.) C:\ManageEngine\ServiceDesk\jre\bin\java.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Acer Corp.) C:\Program Files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe
(Acer Corp.) C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SonicWALL Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\Common Files\DesktopUtil\MCTDUtil.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\Common Files\DesktopUtil\FDispPos.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\browser.exe
() C:\Program Files (x86)\Gateway\Gateway Touch Suite\SNSAgent.exe
(Google Inc.) C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\browser.exe
(Google Inc.) C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\browser.exe
(Google Inc.) C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\browser.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
() C:\Program Files (x86)\Gateway\Gateway Touch Suite\MusicAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TouchPortal] => C:\Program Files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe [4936192 2009-08-24] (Acer Corp.)
HKLM\...\Run: [TouchORB] => C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe [151368 2009-08-10] (Acer Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8081952 2009-08-24] (Realtek Semiconductor)
HKLM\...\Run: [ufSeAgnt.exe] => C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1023416 2010-01-26] (Trend Micro Inc.)
HKLM\...\Run: [sonicWALLNetExtender] => C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [1099648 2011-05-03] (SonicWALL Inc.)
HKLM\...\Run: [MCTDUtil] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [FDispPos] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [backupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe [244480 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [uCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [167008 2009-09-02] (CyberLink Corp.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [843776 2009-06-05] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Express Customer\209\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [PhotoGadgetFirstRun] => [X]
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [MusicGadget] => [X]
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [TouchMemo] => [X]
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [PhotoGadget] => [X]
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [PhotoGadgetFirstRun_Portal] => [X]
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [OE] => C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [842504 2010-03-28] (Trend Micro Inc.)
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [WorkForce 610(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [EPSON WorkForce 610 Series (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [ReceiverRadio] => C:\Windows\system32\rundll32.exe "C:\Users\joeheff-\AppData\Local\ReceiverRadio\ReceiverRadio.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\MountPoints2: {f9991fca-e68e-11de-88b6-806e6f6e6963} - D:\setup.exe
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx4800&r=273601101200p0337y1j5k4921522q
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx4800&r=273601101200p0337y1j5k4921522q
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx4800&r=273601101200p0337y1j5k4921522q
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx4800&r=273601101200p0337y1j5k4921522q
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx4800&r=273601101200p0337y1j5k4921522q
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS363US363
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS363US363
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {1FA44E01-A60B-4449-BF97-66CDAA200433} https://clientconnect.securianadvisor.com/java/downloads/SOConfig6.cab
DPF: HKLM-x32 {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://sslvpn.ssgi.com/NELX.cab
DPF: HKLM-x32 {D22621D3-E219-4B03-AF3E-5E8AEF7CC70B} https://clientconnect.securianadvisor.com/java/downloads/SmartOfficeLink6.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF ProfilePath: C:\Users\joeheff-\AppData\Roaming\Mozilla\Firefox\Profiles\vlybr8z7.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.yahoo.com/?ilc=8
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mkg030&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\joeheff-\AppData\Roaming\Mozilla\Firefox\Profiles\vlybr8z7.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: No Name - C:\Users\joeheff-\AppData\Roaming\Mozilla\Firefox\Profiles\vlybr8z7.default\Extensions\staged-xpis [2010-03-21]
FF Extension: No Name - C:\Users\joeheff-\AppData\Roaming\Mozilla\Firefox\Profiles\vlybr8z7.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-03-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-01-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-05-17]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-03]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-03-26]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-07-04]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension [2010-03-28]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 dlcc_device; C:\Windows\system32\dlcccoms.exe [566768 2007-02-14] ( )
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 GManager; C:\Windows\system32\GManager.exe [313432 2012-08-28] ()
S3 GoToAssist Express Customer; C:\Program Files (x86)\Citrix\GoToAssist Express Customer\209\g2ax_service.exe [161144 2010-01-28] (Citrix Online, a division of Citrix Systems, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MCTDesktopSvr; C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [199296 2011-05-03] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-06-29] () [File not signed]
R2 servicedesk; C:\ManageEngine\ServiceDesk\bin\wrapper.exe [511256 2014-08-07] (Tanuki Software, Ltd.)
R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [836504 2010-11-08] (Trend Micro Inc.)
R2 SONICWALL_NetExtender; C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe [505216 2011-05-03] (SonicWALL Inc.)
R3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2010-03-28] (Trend Micro Inc.)
R3 TmPfw; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [595960 2010-03-28] (Trend Micro Inc.)
R3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2010-03-28] (Trend Micro Inc.)
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 int15.sys; C:\Windows\System32\OEM\Factory\int15.sys [17952 2008-03-29] (Acer, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 mctkmd; C:\Windows\system32\drivers\mctkmd64.sys [152344 2013-05-20] (Magic Control Technology Corporation)
R0 mctkmdldr; C:\Windows\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [24264 2010-10-26] (SonicWALL Inc.)
R3 t1pusb64; C:\Windows\System32\drivers\t1pusb64.sys [179736 2013-05-08] (Magic Control Technology Corp.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [200720 2010-03-28] (Trend Micro Inc.)
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42768 2011-07-12] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2010-03-28] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [339984 2010-03-28] (Trend Micro Inc.)
R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [342288 2011-07-12] (Trend Micro Inc.)
R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2077456 2011-07-12] (Trend Micro Inc.)
S3 KAPFA; \??\C:\Windows\system32\drivers\KAPFA.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 13:53 - 2014-08-24 13:55 - 00027542 _____ () C:\Users\joeheff-\Desktop\FRST.txt
2014-08-24 13:53 - 2014-08-24 13:54 - 00000000 ____D () C:\FRST
2014-08-24 13:37 - 2014-08-24 13:37 - 02103296 _____ (Farbar) C:\Users\joeheff-\Desktop\FRST64.exe
2014-08-24 13:35 - 2014-08-24 13:35 - 01034928 _____ (Microsoft Corporation) C:\Users\joeheff-\Downloads\setupproplusretail.x86.en-us_TX_PR_act_1_.exe
2014-08-24 13:08 - 2014-08-24 13:08 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-08-24 13:05 - 2014-08-24 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-24 13:02 - 2014-08-24 13:02 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-24 12:31 - 2014-08-24 12:31 - 00000000 ____D () C:\Windows\pss
2014-08-22 22:27 - 2014-08-24 13:40 - 00000133 _____ () C:\Windows\TMFilter.log
2014-08-21 22:37 - 2014-08-24 13:49 - 00000504 _____ () C:\Windows\setupact.log
2014-08-21 22:37 - 2014-08-24 13:40 - 00084212 _____ () C:\Windows\PFRO.log
2014-08-21 22:37 - 2014-08-21 22:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-21 20:50 - 2014-08-24 13:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 20:50 - 2014-08-21 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-21 20:50 - 2014-08-21 20:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 20:50 - 2014-08-21 20:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-21 20:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-21 20:50 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-21 20:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-21 16:27 - 2014-08-21 16:27 - 00001617 _____ () C:\Users\joeheff-\Desktop\ManageEngine ServiceDesk.lnk
2014-08-21 16:27 - 2014-08-21 16:27 - 00000000 ____D () C:\Users\joeheff-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ManageEngine ServiceDesk Plus
2014-08-21 16:27 - 2014-08-21 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManageEngine ServiceDesk Plus
2014-08-21 16:27 - 2014-08-21 16:27 - 00000000 ____D () C:\ManageEngine
2014-08-21 16:13 - 2014-08-21 16:14 - 00000000 ___RD () C:\Users\joeheff-\My SpeedyBackup SyncFolder
2014-08-21 16:12 - 2014-08-21 16:18 - 00000000 ____D () C:\ProgramData\SpeedyPC Software
2014-08-21 15:40 - 2014-08-22 18:00 - 00000470 _____ () C:\Windows\Tasks\SparkTrust Registration3.job
2014-08-21 15:40 - 2014-08-21 16:08 - 00000651 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000.job
2014-08-21 15:40 - 2014-08-21 16:08 - 00000428 _____ () C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job
2014-08-21 15:40 - 2014-08-21 16:08 - 00000428 _____ () C:\Windows\Tasks\SparkTrust Update Version3.job
2014-08-21 15:40 - 2014-08-21 15:40 - 00004096 _____ () C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000
2014-08-21 15:40 - 2014-08-21 15:40 - 00003250 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3
2014-08-21 15:40 - 2014-08-21 15:40 - 00003140 _____ () C:\Windows\System32\Tasks\SparkTrust Registration3
2014-08-21 15:40 - 2014-08-21 15:40 - 00002912 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3_triggeronce
2014-08-21 15:40 - 2014-08-21 15:40 - 00001360 _____ () C:\Users\joeheff-\Desktop\SparkTrust PC Cleaner Plus.lnk
2014-08-21 15:40 - 2014-08-21 15:40 - 00000000 ____D () C:\Users\joeheff-\AppData\Roaming\SparkTrust
2014-08-21 15:40 - 2014-08-21 15:40 - 00000000 ____D () C:\Users\joeheff-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust
2014-08-21 15:40 - 2014-08-21 15:40 - 00000000 ____D () C:\Users\joeheff-\AppData\Roaming\DriverCure
2014-08-21 15:39 - 2014-08-21 15:40 - 00000000 ____D () C:\ProgramData\SparkTrust
2014-08-21 15:39 - 2014-08-21 15:39 - 00000000 ____D () C:\Program Files (x86)\SparkTrust
2014-08-21 11:21 - 2014-08-21 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-21 11:16 - 2014-08-21 11:16 - 00000000 ____D () C:\Users\joeheff-\AppData\Local\ReceiverRadio
2014-08-20 10:22 - 2014-08-21 11:21 - 00000000 ____D () C:\Program Files\iTunes
2014-08-20 10:22 - 2014-08-21 11:21 - 00000000 ____D () C:\Program Files\iPod
2014-08-20 10:22 - 2014-08-21 11:21 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-20 10:22 - 2014-08-21 11:18 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-19 11:35 - 2014-08-19 12:22 - 00000000 ____D () C:\Elkhorn Partners
2014-08-19 10:26 - 2014-08-19 10:26 - 00000000 ____D () C:\Users\joeheff-\AppData\Local\Adobe
2014-07-29 21:57 - 2014-07-29 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-29 21:57 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-29 21:57 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-29 21:57 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-29 21:57 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-29 21:32 - 2014-07-29 21:32 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 13:56 - 2010-03-28 10:41 - 00000824 _____ () C:\Windows\system32\Drivers\etc\tmvsthfud.bin
2014-08-24 13:56 - 2010-03-28 10:41 - 00000824 _____ () C:\Windows\system32\Drivers\etc\tmvsthfss.bin
2014-08-24 13:55 - 2014-08-24 13:53 - 00027542 _____ () C:\Users\joeheff-\Desktop\FRST.txt
2014-08-24 13:55 - 2012-04-30 18:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-24 13:55 - 2009-12-11 14:57 - 01682603 _____ () C:\Windows\WindowsUpdate.log
2014-08-24 13:54 - 2014-08-24 13:53 - 00000000 ____D () C:\FRST
2014-08-24 13:53 - 2014-08-21 20:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 13:49 - 2014-08-21 22:37 - 00000504 _____ () C:\Windows\setupact.log
2014-08-24 13:49 - 2013-10-21 21:18 - 00002804 _____ () C:\Windows\system32\GManager.ini
2014-08-24 13:49 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-24 13:40 - 2014-08-22 22:27 - 00000133 _____ () C:\Windows\TMFilter.log
2014-08-24 13:40 - 2014-08-21 22:37 - 00084212 _____ () C:\Windows\PFRO.log
2014-08-24 13:40 - 2009-07-13 23:45 - 00466384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-24 13:37 - 2014-08-24 13:37 - 02103296 _____ (Farbar) C:\Users\joeheff-\Desktop\FRST64.exe
2014-08-24 13:36 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-24 13:36 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-24 13:35 - 2014-08-24 13:35 - 01034928 _____ (Microsoft Corporation) C:\Users\joeheff-\Downloads\setupproplusretail.x86.en-us_TX_PR_act_1_.exe
2014-08-24 13:31 - 2010-01-19 13:36 - 00121088 _____ () C:\Users\joeheff-\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-24 13:11 - 2014-08-24 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-24 13:08 - 2014-08-24 13:08 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-08-24 13:08 - 2009-09-11 20:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-24 13:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-24 13:02 - 2014-08-24 13:02 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-24 12:31 - 2014-08-24 12:31 - 00000000 ____D () C:\Windows\pss
2014-08-24 12:23 - 2009-09-11 21:13 - 00000000 ____D () C:\ProgramData\Symantec
2014-08-22 18:00 - 2014-08-21 15:40 - 00000470 _____ () C:\Windows\Tasks\SparkTrust Registration3.job
2014-08-22 09:04 - 2010-01-28 08:14 - 00000000 ____D () C:\Users\joeheff-\AppData\Local\Deployment
2014-08-21 22:57 - 2012-01-14 17:11 - 00002731 _____ () C:\Windows\wininit.ini
2014-08-21 22:49 - 2012-04-07 12:53 - 00000000 ____D () C:\Users\joeheff-\AppData\Roaming\Dropbox
2014-08-21 22:40 - 2012-04-07 13:01 - 00000000 ___RD () C:\Users\joeheff-\Dropbox
2014-08-21 22:37 - 2014-08-21 22:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-21 20:50 - 2014-08-21 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-21 20:50 - 2014-08-21 20:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 20:50 - 2014-08-21 20:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-21 17:15 - 2009-09-11 21:02 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-21 17:05 - 2009-09-11 21:02 - 00000000 ____D () C:\Program Files\Google
2014-08-21 16:27 - 2014-08-21 16:27 - 00001617 _____ () C:\Users\joeheff-\Desktop\ManageEngine ServiceDesk.lnk
2014-08-21 16:27 - 2014-08-21 16:27 - 00000000 ____D () C:\Users\joeheff-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ManageEngine ServiceDesk Plus
2014-08-21 16:27 - 2014-08-21 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManageEngine ServiceDesk Plus
2014-08-21 16:27 - 2014-08-21 16:27 - 00000000 ____D () C:\ManageEngine
2014-08-21 16:27 - 2009-09-11 20:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-21 16:21 - 2010-01-19 13:38 - 00000000 ____D () C:\Users\joeheff-\AppData\Local\Google
2014-08-21 16:21 - 2009-09-11 21:02 - 00000000 ____D () C:\ProgramData\Google
2014-08-21 16:18 - 2014-08-21 16:12 - 00000000 ____D () C:\ProgramData\SpeedyPC Software
2014-08-21 16:14 - 2014-08-21 16:13 - 00000000 ___RD () C:\Users\joeheff-\My SpeedyBackup SyncFolder
2014-08-21 16:13 - 2010-01-19 13:36 - 00000000 ____D () C:\Users\joeheff-
2014-08-21 16:08 - 2014-08-21 15:40 - 00000651 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000.job
2014-08-21 16:08 - 2014-08-21 15:40 - 00000428 _____ () C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job
2014-08-21 16:08 - 2014-08-21 15:40 - 00000428 _____ () C:\Windows\Tasks\SparkTrust Update Version3.job
2014-08-21 16:07 - 2010-01-19 19:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-21 16:07 - 2009-12-11 15:29 - 00000000 ____D () C:\Users\Public\Documents\Screensaver
2014-08-21 16:07 - 2009-09-11 21:15 - 00000000 ___HD () C:\OEM
2014-08-21 16:07 - 2009-09-11 21:02 - 00000000 ____D () C:\ProgramData\Partner
2014-08-21 16:07 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-08-21 16:07 - 2007-07-11 20:49 - 00000000 ____D () C:\Windows\Panther
2014-08-21 16:05 - 2011-10-03 09:25 - 00000000 ____D () C:\temp
2014-08-21 15:40 - 2014-08-21 15:40 - 00004096 _____ () C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000
2014-08-21 15:40 - 2014-08-21 15:40 - 00003250 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3
2014-08-21 15:40 - 2014-08-21 15:40 - 00003140 _____ () C:\Windows\System32\Tasks\SparkTrust Registration3
2014-08-21 15:40 - 2014-08-21 15:40 - 00002912 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3_triggeronce
2014-08-21 15:40 - 2014-08-21 15:40 - 00001360 _____ () C:\Users\joeheff-\Desktop\SparkTrust PC Cleaner Plus.lnk
2014-08-21 15:40 - 2014-08-21 15:40 - 00000000 ____D () C:\Users\joeheff-\AppData\Roaming\SparkTrust
2014-08-21 15:40 - 2014-08-21 15:40 - 00000000 ____D () C:\Users\joeheff-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust
2014-08-21 15:40 - 2014-08-21 15:40 - 00000000 ____D () C:\Users\joeheff-\AppData\Roaming\DriverCure
2014-08-21 15:40 - 2014-08-21 15:39 - 00000000 ____D () C:\ProgramData\SparkTrust
2014-08-21 15:39 - 2014-08-21 15:39 - 00000000 ____D () C:\Program Files (x86)\SparkTrust
2014-08-21 11:21 - 2014-08-21 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-21 11:21 - 2014-08-20 10:22 - 00000000 ____D () C:\Program Files\iTunes
2014-08-21 11:21 - 2014-08-20 10:22 - 00000000 ____D () C:\Program Files\iPod
2014-08-21 11:21 - 2014-08-20 10:22 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-21 11:18 - 2014-08-20 10:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-21 11:16 - 2014-08-21 11:16 - 00000000 ____D () C:\Users\joeheff-\AppData\Local\ReceiverRadio
2014-08-21 10:36 - 2010-09-13 21:49 - 00000000 ____D () C:\Users\joeheff-\Documents\Kim
2014-08-19 12:22 - 2014-08-19 11:35 - 00000000 ____D () C:\Elkhorn Partners
2014-08-19 12:05 - 2009-07-14 00:13 - 00732638 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-19 10:26 - 2014-08-19 10:26 - 00000000 ____D () C:\Users\joeheff-\AppData\Local\Adobe
2014-08-18 10:21 - 2012-04-30 18:49 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-18 10:21 - 2012-04-30 18:49 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-18 10:21 - 2012-01-14 17:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-29 22:15 - 2010-01-19 20:08 - 00002090 ____H () C:\Users\joeheff-\Documents\Default.rdp
2014-07-29 21:58 - 2013-12-29 22:43 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-29 21:57 - 2014-07-29 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-29 21:57 - 2010-05-17 20:30 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-29 21:32 - 2014-07-29 21:32 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk

Files to move or delete:
====================
C:\Users\joeheff-\g2ax_customer_downloadhelper_win32_x86.exe

Some content of TEMP:
====================
C:\Users\joeheff-\AppData\Local\Temp\bpuninstall.exe
C:\Users\joeheff-\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmdjj5c.dll
C:\Users\joeheff-\AppData\Local\Temp\_is12A6.exe
C:\Users\joeheff-\AppData\Local\Temp\_isEF2F.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-04-06 20:03

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Minion%20Welcome.jpg

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed.

  • First of all select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

Link to post
Share on other sites

JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.



adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.

Please include the contents of that file in your reply.



FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

Link to post
Share on other sites

Please do not attach logfiles. My work is much easier when they are copied and pasted directly into your posts as a plaintext. I told you that in my wecome speech :)

If they won't fit in one post - use multiple ones, I don't mind it.

Thank you for your cooperation,

Naat :)

Link to post
Share on other sites

Naat,

Here are the log files.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by joeheff- on Sun 08/24/2014 at 21:39:24.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

    Value Name          Type                             Value Data                    
========================================================================================
    ReceiverRadio    REG_SZ    C:\Windows\system32\rundll32.exe "C:\Users\joeheff-\AppData\Local\ReceiverRadio\ReceiverRadio.dll",DllRegisterServer

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "C:\Users\joeheff-\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\joeheff-\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\joeheff-\AppData\Roaming\sparktrust"
Successfully deleted: [Folder] "C:\Program Files (x86)\sparktrust"
Successfully deleted: [Folder] "C:\Users\joeheff-\AppData\Roaming\microsoft\windows\start menu\programs\sparktrust"
Successfully deleted: [Empty Folder] C:\Users\joeheff-\appdata\local\{381FCAEE-4AF5-4590-AD14-48C115A26023}
Successfully deleted: [Empty Folder] C:\Users\joeheff-\appdata\local\{A1D834FE-E701-4221-A640-E125F9102035}
Successfully deleted: [Empty Folder] C:\Users\joeheff-\appdata\local\{F599A2CD-5A70-484D-9C30-4271F8268765}
Successfully deleted: [Empty Folder] C:\Users\joeheff-\appdata\local\{FE8AAE4A-7D8E-48E6-93BA-D799A773B44D}

 

~~~ FireFox

Successfully deleted: [File] C:\Users\joeheff-\AppData\Roaming\mozilla\firefox\profiles\vlybr8z7.default\user.js

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 08/24/2014 at 21:50:54.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v3.308 - Report created 24/08/2014 at 22:07:13
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : joeheff- - JOEHEFF--PC
# Running from : C:\Users\joeheff-\Desktop\MalwareCleanup\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Headlight
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16450

-\\ Mozilla Firefox v3.6.18 (en-US)

[ File : C:\Users\joeheff-\AppData\Roaming\Mozilla\Firefox\Profiles\vlybr8z7.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [1663 octets] - [24/08/2014 22:01:26]
AdwCleaner[s0].txt - [1553 octets] - [24/08/2014 22:07:13]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1613 octets] ##########

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by joeheff- (administrator) on JOEHEFF--PC on 24-08-2014 22:19:59
Running from C:\Users\joeheff-\Desktop\MalwareCleanup
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
( ) C:\Windows\System32\dlcccoms.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
() C:\Windows\System32\GManager.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Tanuki Software, Ltd.) C:\ManageEngine\ServiceDesk\bin\wrapper.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
(SonicWALL Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
(Sun Microsystems, Inc.) C:\ManageEngine\ServiceDesk\jre\bin\java.exe
(Acer) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Acer Corp.) C:\Program Files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe
(Acer Corp.) C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SonicWALL Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\Common Files\DesktopUtil\MCTDUtil.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\Common Files\DesktopUtil\FDispPos.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
() C:\Program Files (x86)\Gateway\Gateway Touch Suite\SNSAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
() C:\Program Files (x86)\Gateway\Gateway Touch Suite\MusicAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_176_ActiveX.exe
(Google Inc.) C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\browser.exe
(Google Inc.) C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\browser.exe
(Google Inc.) C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\browser.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TouchPortal] => C:\Program Files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe [4936192 2009-08-24] (Acer Corp.)
HKLM\...\Run: [TouchORB] => C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe [151368 2009-08-10] (Acer Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8081952 2009-08-24] (Realtek Semiconductor)
HKLM\...\Run: [ufSeAgnt.exe] => C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1023416 2010-01-26] (Trend Micro Inc.)
HKLM\...\Run: [sonicWALLNetExtender] => C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [1099648 2011-05-03] (SonicWALL Inc.)
HKLM\...\Run: [MCTDUtil] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [FDispPos] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [backupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe [244480 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [uCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [167008 2009-09-02] (CyberLink Corp.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [843776 2009-06-05] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Express Customer\209\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [PhotoGadgetFirstRun] => [X]
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [MusicGadget] => [X]
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [TouchMemo] => [X]
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [PhotoGadget] => [X]
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [PhotoGadgetFirstRun_Portal] => [X]
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [OE] => C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [842504 2010-03-28] (Trend Micro Inc.)
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [WorkForce 610(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [EPSON WorkForce 610 Series (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [ReceiverRadio] => C:\Windows\system32\rundll32.exe "C:\Users\joeheff-\AppData\Local\ReceiverRadio\ReceiverRadio.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\MountPoints2: {f9991fca-e68e-11de-88b6-806e6f6e6963} - D:\setup.exe
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx4800&r=273601101200p0337y1j5k4921522q
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx4800&r=273601101200p0337y1j5k4921522q
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx4800&r=273601101200p0337y1j5k4921522q
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx4800&r=273601101200p0337y1j5k4921522q
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx4800&r=273601101200p0337y1j5k4921522q
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS363US363
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {1FA44E01-A60B-4449-BF97-66CDAA200433} https://clientconnect.securianadvisor.com/java/downloads/SOConfig6.cab
DPF: HKLM-x32 {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://sslvpn.ssgi.com/NELX.cab
DPF: HKLM-x32 {D22621D3-E219-4B03-AF3E-5E8AEF7CC70B} https://clientconnect.securianadvisor.com/java/downloads/SmartOfficeLink6.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF ProfilePath: C:\Users\joeheff-\AppData\Roaming\Mozilla\Firefox\Profiles\vlybr8z7.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.yahoo.com/?ilc=8
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mkg030&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: No Name - C:\Users\joeheff-\AppData\Roaming\Mozilla\Firefox\Profiles\vlybr8z7.default\Extensions\staged-xpis [2010-03-21]
FF Extension: No Name - C:\Users\joeheff-\AppData\Roaming\Mozilla\Firefox\Profiles\vlybr8z7.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-03-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-01-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-05-17]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-03]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-03-26]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-07-04]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension [2010-03-28]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 dlcc_device; C:\Windows\system32\dlcccoms.exe [566768 2007-02-14] ( )
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 GManager; C:\Windows\system32\GManager.exe [313432 2012-08-28] ()
S3 GoToAssist Express Customer; C:\Program Files (x86)\Citrix\GoToAssist Express Customer\209\g2ax_service.exe [161144 2010-01-28] (Citrix Online, a division of Citrix Systems, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MCTDesktopSvr; C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [199296 2011-05-03] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-06-29] () [File not signed]
R2 servicedesk; C:\ManageEngine\ServiceDesk\bin\wrapper.exe [511256 2014-08-07] (Tanuki Software, Ltd.)
R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [836504 2010-11-08] (Trend Micro Inc.)
R2 SONICWALL_NetExtender; C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe [505216 2011-05-03] (SonicWALL Inc.)
R3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2010-03-28] (Trend Micro Inc.)
R3 TmPfw; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [595960 2010-03-28] (Trend Micro Inc.)
R3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2010-03-28] (Trend Micro Inc.)
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 int15.sys; C:\Windows\System32\OEM\Factory\int15.sys [17952 2008-03-29] (Acer, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 mctkmd; C:\Windows\system32\drivers\mctkmd64.sys [152344 2013-05-20] (Magic Control Technology Corporation)
R0 mctkmdldr; C:\Windows\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [24264 2010-10-26] (SonicWALL Inc.)
R3 t1pusb64; C:\Windows\System32\drivers\t1pusb64.sys [179736 2013-05-08] (Magic Control Technology Corp.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [200720 2010-03-28] (Trend Micro Inc.)
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42768 2011-07-12] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2010-03-28] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [339984 2010-03-28] (Trend Micro Inc.)
R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [342288 2011-07-12] (Trend Micro Inc.)
R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2077456 2011-07-12] (Trend Micro Inc.)
S3 KAPFA; \??\C:\Windows\system32\drivers\KAPFA.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 22:01 - 2014-08-24 22:07 - 00000000 ____D () C:\AdwCleaner
2014-08-24 21:50 - 2014-08-24 21:50 - 00003478 _____ () C:\Users\joeheff-\Desktop\JRT.txt
2014-08-24 21:39 - 2014-08-24 21:39 - 00000000 ____D () C:\Windows\ERUNT
2014-08-24 14:16 - 2014-08-24 22:19 - 00000000 ____D () C:\Users\joeheff-\Desktop\MalwareCleanup
2014-08-24 13:53 - 2014-08-24 22:20 - 00000000 ____D () C:\FRST
2014-08-24 13:35 - 2014-08-24 13:35 - 01034928 _____ (Microsoft Corporation) C:\Users\joeheff-\Downloads\setupproplusretail.x86.en-us_TX_PR_act_1_.exe
2014-08-24 13:08 - 2014-08-24 13:08 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-08-24 13:05 - 2014-08-24 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-24 13:02 - 2014-08-24 13:02 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-24 12:31 - 2014-08-24 12:31 - 00000000 ____D () C:\Windows\pss
2014-08-22 22:27 - 2014-08-24 13:40 - 00000133 _____ () C:\Windows\TMFilter.log
2014-08-21 22:37 - 2014-08-24 22:08 - 00084522 _____ () C:\Windows\PFRO.log
2014-08-21 22:37 - 2014-08-24 22:08 - 00000616 _____ () C:\Windows\setupact.log
2014-08-21 22:37 - 2014-08-21 22:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-21 20:50 - 2014-08-24 22:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 20:50 - 2014-08-21 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-21 20:50 - 2014-08-21 20:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 20:50 - 2014-08-21 20:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-21 20:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-21 20:50 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-21 20:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-21 16:27 - 2014-08-21 16:27 - 00001617 _____ () C:\Users\joeheff-\Desktop\ManageEngine ServiceDesk.lnk
2014-08-21 16:27 - 2014-08-21 16:27 - 00000000 ____D () C:\Users\joeheff-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ManageEngine ServiceDesk Plus
2014-08-21 16:27 - 2014-08-21 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManageEngine ServiceDesk Plus
2014-08-21 16:27 - 2014-08-21 16:27 - 00000000 ____D () C:\ManageEngine
2014-08-21 16:13 - 2014-08-21 16:14 - 00000000 ___RD () C:\Users\joeheff-\My SpeedyBackup SyncFolder
2014-08-21 15:40 - 2014-08-24 21:31 - 00000470 _____ () C:\Windows\Tasks\SparkTrust Registration3.job
2014-08-21 15:40 - 2014-08-21 16:08 - 00000651 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000.job
2014-08-21 15:40 - 2014-08-21 16:08 - 00000428 _____ () C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job
2014-08-21 15:40 - 2014-08-21 16:08 - 00000428 _____ () C:\Windows\Tasks\SparkTrust Update Version3.job
2014-08-21 15:40 - 2014-08-21 15:40 - 00004096 _____ () C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000
2014-08-21 15:40 - 2014-08-21 15:40 - 00003250 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3
2014-08-21 15:40 - 2014-08-21 15:40 - 00003140 _____ () C:\Windows\System32\Tasks\SparkTrust Registration3
2014-08-21 15:40 - 2014-08-21 15:40 - 00002912 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3_triggeronce
2014-08-21 11:21 - 2014-08-21 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-21 11:16 - 2014-08-21 11:16 - 00000000 ____D () C:\Users\joeheff-\AppData\Local\ReceiverRadio
2014-08-20 10:22 - 2014-08-21 11:21 - 00000000 ____D () C:\Program Files\iTunes
2014-08-20 10:22 - 2014-08-21 11:21 - 00000000 ____D () C:\Program Files\iPod
2014-08-20 10:22 - 2014-08-21 11:21 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-20 10:22 - 2014-08-21 11:18 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-19 11:35 - 2014-08-19 12:22 - 00000000 ____D () C:\Elkhorn Partners
2014-08-19 10:26 - 2014-08-19 10:26 - 00000000 ____D () C:\Users\joeheff-\AppData\Local\Adobe
2014-07-29 21:57 - 2014-07-29 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-29 21:57 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-29 21:57 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-29 21:57 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-29 21:57 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-29 21:32 - 2014-07-29 21:32 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 22:20 - 2014-08-24 13:53 - 00000000 ____D () C:\FRST
2014-08-24 22:19 - 2014-08-24 14:16 - 00000000 ____D () C:\Users\joeheff-\Desktop\MalwareCleanup
2014-08-24 22:19 - 2010-03-28 10:41 - 00000824 _____ () C:\Windows\system32\Drivers\etc\tmvsthfud.bin
2014-08-24 22:19 - 2010-03-28 10:41 - 00000824 _____ () C:\Windows\system32\Drivers\etc\tmvsthfss.bin
2014-08-24 22:17 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-24 22:17 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-24 22:14 - 2009-12-11 14:57 - 01691370 _____ () C:\Windows\WindowsUpdate.log
2014-08-24 22:11 - 2014-08-21 20:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 22:08 - 2014-08-21 22:37 - 00084522 _____ () C:\Windows\PFRO.log
2014-08-24 22:08 - 2014-08-21 22:37 - 00000616 _____ () C:\Windows\setupact.log
2014-08-24 22:08 - 2013-10-21 21:18 - 00002804 _____ () C:\Windows\system32\GManager.ini
2014-08-24 22:08 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-24 22:07 - 2014-08-24 22:01 - 00000000 ____D () C:\AdwCleaner
2014-08-24 22:07 - 2010-01-19 19:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-24 21:55 - 2012-04-30 18:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-24 21:50 - 2014-08-24 21:50 - 00003478 _____ () C:\Users\joeheff-\Desktop\JRT.txt
2014-08-24 21:39 - 2014-08-24 21:39 - 00000000 ____D () C:\Windows\ERUNT
2014-08-24 21:31 - 2014-08-21 15:40 - 00000470 _____ () C:\Windows\Tasks\SparkTrust Registration3.job
2014-08-24 13:40 - 2014-08-22 22:27 - 00000133 _____ () C:\Windows\TMFilter.log
2014-08-24 13:40 - 2009-07-13 23:45 - 00466384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-24 13:35 - 2014-08-24 13:35 - 01034928 _____ (Microsoft Corporation) C:\Users\joeheff-\Downloads\setupproplusretail.x86.en-us_TX_PR_act_1_.exe
2014-08-24 13:31 - 2010-01-19 13:36 - 00121088 _____ () C:\Users\joeheff-\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-24 13:11 - 2014-08-24 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-24 13:08 - 2014-08-24 13:08 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-08-24 13:08 - 2009-09-11 20:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-24 13:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-24 13:02 - 2014-08-24 13:02 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-24 12:31 - 2014-08-24 12:31 - 00000000 ____D () C:\Windows\pss
2014-08-24 12:23 - 2009-09-11 21:13 - 00000000 ____D () C:\ProgramData\Symantec
2014-08-22 09:04 - 2010-01-28 08:14 - 00000000 ____D () C:\Users\joeheff-\AppData\Local\Deployment
2014-08-21 22:57 - 2012-01-14 17:11 - 00002731 _____ () C:\Windows\wininit.ini
2014-08-21 22:49 - 2012-04-07 12:53 - 00000000 ____D () C:\Users\joeheff-\AppData\Roaming\Dropbox
2014-08-21 22:40 - 2012-04-07 13:01 - 00000000 ___RD () C:\Users\joeheff-\Dropbox
2014-08-21 22:37 - 2014-08-21 22:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-21 20:50 - 2014-08-21 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-21 20:50 - 2014-08-21 20:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 20:50 - 2014-08-21 20:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-21 17:15 - 2009-09-11 21:02 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-21 17:05 - 2009-09-11 21:02 - 00000000 ____D () C:\Program Files\Google
2014-08-21 16:27 - 2014-08-21 16:27 - 00001617 _____ () C:\Users\joeheff-\Desktop\ManageEngine ServiceDesk.lnk
2014-08-21 16:27 - 2014-08-21 16:27 - 00000000 ____D () C:\Users\joeheff-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ManageEngine ServiceDesk Plus
2014-08-21 16:27 - 2014-08-21 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManageEngine ServiceDesk Plus
2014-08-21 16:27 - 2014-08-21 16:27 - 00000000 ____D () C:\ManageEngine
2014-08-21 16:27 - 2009-09-11 20:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-21 16:21 - 2010-01-19 13:38 - 00000000 ____D () C:\Users\joeheff-\AppData\Local\Google
2014-08-21 16:21 - 2009-09-11 21:02 - 00000000 ____D () C:\ProgramData\Google
2014-08-21 16:14 - 2014-08-21 16:13 - 00000000 ___RD () C:\Users\joeheff-\My SpeedyBackup SyncFolder
2014-08-21 16:13 - 2010-01-19 13:36 - 00000000 ____D () C:\Users\joeheff-
2014-08-21 16:08 - 2014-08-21 15:40 - 00000651 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000.job
2014-08-21 16:08 - 2014-08-21 15:40 - 00000428 _____ () C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job
2014-08-21 16:08 - 2014-08-21 15:40 - 00000428 _____ () C:\Windows\Tasks\SparkTrust Update Version3.job
2014-08-21 16:07 - 2009-12-11 15:29 - 00000000 ____D () C:\Users\Public\Documents\Screensaver
2014-08-21 16:07 - 2009-09-11 21:15 - 00000000 ___HD () C:\OEM
2014-08-21 16:07 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-08-21 16:07 - 2007-07-11 20:49 - 00000000 ____D () C:\Windows\Panther
2014-08-21 16:05 - 2011-10-03 09:25 - 00000000 ____D () C:\temp
2014-08-21 15:40 - 2014-08-21 15:40 - 00004096 _____ () C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000
2014-08-21 15:40 - 2014-08-21 15:40 - 00003250 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3
2014-08-21 15:40 - 2014-08-21 15:40 - 00003140 _____ () C:\Windows\System32\Tasks\SparkTrust Registration3
2014-08-21 15:40 - 2014-08-21 15:40 - 00002912 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3_triggeronce
2014-08-21 11:21 - 2014-08-21 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-21 11:21 - 2014-08-20 10:22 - 00000000 ____D () C:\Program Files\iTunes
2014-08-21 11:21 - 2014-08-20 10:22 - 00000000 ____D () C:\Program Files\iPod
2014-08-21 11:21 - 2014-08-20 10:22 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-21 11:18 - 2014-08-20 10:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-21 11:16 - 2014-08-21 11:16 - 00000000 ____D () C:\Users\joeheff-\AppData\Local\ReceiverRadio
2014-08-21 10:36 - 2010-09-13 21:49 - 00000000 ____D () C:\Users\joeheff-\Documents\Kim
2014-08-19 12:22 - 2014-08-19 11:35 - 00000000 ____D () C:\Elkhorn Partners
2014-08-19 12:05 - 2009-07-14 00:13 - 00732638 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-19 10:26 - 2014-08-19 10:26 - 00000000 ____D () C:\Users\joeheff-\AppData\Local\Adobe
2014-08-18 10:21 - 2012-04-30 18:49 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-18 10:21 - 2012-04-30 18:49 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-18 10:21 - 2012-01-14 17:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-29 22:15 - 2010-01-19 20:08 - 00002090 ____H () C:\Users\joeheff-\Documents\Default.rdp
2014-07-29 21:58 - 2013-12-29 22:43 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-29 21:57 - 2014-07-29 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-29 21:57 - 2010-05-17 20:30 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-29 21:32 - 2014-07-29 21:32 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk

Files to move or delete:
====================
C:\Users\joeheff-\g2ax_customer_downloadhelper_win32_x86.exe

Some content of TEMP:
====================
C:\Users\joeheff-\AppData\Local\Temp\bpuninstall.exe
C:\Users\joeheff-\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmdjj5c.dll
C:\Users\joeheff-\AppData\Local\Temp\Quarantine.exe
C:\Users\joeheff-\AppData\Local\Temp\_is12A6.exe
C:\Users\joeheff-\AppData\Local\Temp\_isEF2F.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-04-06 20:03

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-08-2014 03
Ran by joeheff- at 2014-08-24 22:20:55
Running from C:\Users\joeheff-\Desktop\MalwareCleanup
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Internet Security Pro (Enabled - Up to date) {68F968AC-2AA0-091D-848C-803E83E35902}
AS: Trend Micro Internet Security Pro (Enabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall (Enabled) {70A91CD9-303D-A217-A80E-6DEE136EDB2B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden
Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3029 - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 4.1.3029 - CyberLink Corp.) Hidden
CyberLink PowerCinema (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 7.0.3306 - CyberLink Corp.)
CyberLink PowerCinema (x32 Version: 7.0.3306 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2102 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2102 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
eBay Worldwide (HKLM-x32\...\{AAF89271-2594-468D-B578-96B2E30C41C4}) (Version: 2.1.0703 - OEM)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.00.01 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON WorkForce 610 Series Printer Uninstall (HKLM\...\EPSON WorkForce 610 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4i - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)
Gateway MyBackup (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.19 - NewTech Infosystems)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.02.3004 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0811 - Gateway Incorporated)
Gateway Touch Suite (HKLM-x32\...\{C652F86F-348A-4A65-8BE8-A3F7A6370D98}) (Version: 1.00.3003 - Gateway Incorporated)
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3014 - Gateway Incorporated)
GoToAssist Express Customer 1.3.0.209 (HKLM-x32\...\GoToAssist Express Customer) (Version:  - )
H&R Block Deluxe + Efile + State 2011 (HKLM-x32\...\{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}) (Version: 11.05.7102 - HRB Technology, LLC.)
H&R Block Nebraska 2011 (HKLM-x32\...\{F654CA77-407B-4BC6-8C30-25ACFA581AD0}) (Version: 1.11.3401 - HRB Technology, LLC.)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Gateway Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
ITECIR (HKLM-x32\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.00.0000 - ITE)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.31.3 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
ManageEngine ServiceDesk Plus (HKLM-x32\...\{8D48C529-714D-493D-8BD1-F79C415994A6}) (Version:  - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2007 Trial (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox (3.6.18) (HKLM-x32\...\Mozilla Firefox (3.6.18)) (Version: 3.6.18 (en-US) - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{ab97169b-6cab-4d1a-8048-d65ef1d20f4d}) (Version:  - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.7.201 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.7.201 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.9.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.7.201 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.209 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.1.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerCinema Movie (x32 Version: 9.0.5631 - CyberLink Corp.) Hidden
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5923 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SEE2 Xtreme UV150 / UV250 / UV350 13.10.0522.1177 (HKLM-x32\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 13.10.0522.1177 - Eclipse)
Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
Shutterfly Express Uploader (x32 Version: 1.2.0 - Shutterfly, Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.8.8855 - Skype Technologies S.A.)
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
SonicWALL SSL-VPN NetExtender (HKLM-x32\...\SonicWALL SSL-VPN NetExtender) (Version: 4.0.143 - SonicWALL, Inc.)
SparkTrust PC Cleaner Plus (HKLM-x32\...\{35827710-D042-428B-A1E5-E20E12D2FEB9}) (Version: 3.2.10.0 - SparkTrust) <==== ATTENTION
TouchSettings (HKLM-x32\...\{75880CD4-9436-4EDD-B7E7-400EBFD60B2C}) (Version: 1.00.0002 - Acer Corp.)
Trend Micro Internet Security Pro (HKLM\...\{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}) (Version: 17.50 - Trend Micro Inc.)
Trend Micro Internet Security Pro (Version: 17.50 - Trend Micro Inc.) Hidden
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2010 WinPerFedFormset (x32 Version: 010.000.5821 - Intuit Inc.) Hidden
TurboTax 2010 WinPerReleaseEngine (x32 Version: 010.000.0501 - Intuit Inc.) Hidden
TurboTax 2010 WinPerTaxSupport (x32 Version: 010.000.0222 - Intuit Inc.) Hidden
TurboTax 2010 wneiper (x32 Version: 010.000.1282 - Intuit Inc.) Hidden
TurboTax 2010 wrapper (x32 Version: 010.000.0157 - Intuit Inc.) Hidden
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2309 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0474 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0186 - Intuit Inc.) Hidden
TurboTax 2012 wneiper (x32 Version: 012.000.1448 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1986 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0492 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0168 - Intuit Inc.) Hidden
TurboTax 2013 wneiper (x32 Version: 013.000.1273 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{8F32B14E-F85E-482C-BF8C-C04E1A5ADE4F}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{8F32B14E-F85E-482C-BF8C-C04E1A5ADE4F}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{8B689F89-5E1C-4DA9-B2B1-7B3843275596}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{8B689F89-5E1C-4DA9-B2B1-7B3843275596}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{BBE715CA-02FD-4C5A-90BB-440A967DF05E}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{BBE715CA-02FD-4C5A-90BB-440A967DF05E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Virtual Earth 3D (Beta) (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.00.3005 - Gateway Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wondershare iMate(Build 1.0.4.0) (HKLM-x32\...\Wondershare iMate_is1) (Version: 1.0.4.0 - WonderShare Software Co.,Ltd.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-438747998-725200510-3016165972-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\joeheff-\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points  =========================

07-04-2014 02:37:07 Installed TurboTax 2013 wneiper
22-04-2014 02:12:27 Installed Java 7 Update 55
30-07-2014 02:55:53 Installed Java 7 Update 65
21-08-2014 21:03:24 SparkTrust PC Cleaner Plus Backup
21-08-2014 22:03:26 SparkTrust PC Cleaner Plus Backup
21-08-2014 22:32:12 SparkTrust PC Cleaner Plus Backup
21-08-2014 22:47:15 SparkTrust PC Cleaner Plus Backup
21-08-2014 22:59:45 SparkTrust PC Cleaner Plus Backup
22-08-2014 01:34:19 SparkTrust PC Cleaner Plus Backup
22-08-2014 03:35:57 SparkTrust PC Cleaner Plus Backup
24-08-2014 17:21:31 Removed Norton Online Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1158A5C2-BB8B-43DE-B21C-C2052ADBFAE3} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Gateway\Gateway Recovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer)
Task: {19A34EF9-B027-401C-B6BA-E08C6E041945} - System32\Tasks\SparkTrust Update Version3 => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2014-07-31] (SparkTrust Systems) <==== ATTENTION
Task: {3B6C40C2-3FE4-4760-86C5-E251FFE0C80A} - System32\Tasks\SparkTrust Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll" RunUns
Task: {3F106E5F-102E-483A-90AD-5D224FDBF0BC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-24] (Microsoft Corporation)
Task: {7A26795E-5B59-4E94-BA5B-49CB05F9B639} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7E1D956B-41DF-43BD-9DCD-EA738AE698CF} - System32\Tasks\SparkTrust Update Version3_triggeronce => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2014-07-31] (SparkTrust Systems) <==== ATTENTION
Task: {875A844D-8F97-496F-A264-DFB42CACEF99} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-24] (Microsoft Corporation)
Task: {BD9EB752-B0CC-49BD-B777-14F17B149067} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {C14B8868-E360-4569-99BD-3EF633006CDB} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {C710F3F8-776C-4C5B-A554-E77DF1066C65} - System32\Tasks\{091BD0B1-B027-4284-B7C0-A12947F03E0F} => C:\Windows\twain_32\escndv\escndv.exe [2008-11-30] (SEIKO EPSON CORP.)
Task: {E71851B8-44A4-41D2-89D1-922F76DF7DD2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-18] (Adobe Systems Incorporated)
Task: {F0B47D45-D96A-46E6-A4F0-B54D06C11F7B} - System32\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000 => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-08-24 13:02 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-10-21 21:18 - 2012-08-28 14:20 - 00313432 _____ () C:\Windows\system32\GManager.exe
2013-10-21 21:18 - 2011-05-03 18:13 - 00199296 _____ () C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
2009-12-11 15:26 - 2009-06-29 03:43 - 00244904 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2010-03-28 10:33 - 2010-03-28 10:33 - 00207656 _____ () C:\Program Files\Trend Micro\Internet Security\UfPack.dll
2010-03-28 10:33 - 2010-03-28 10:33 - 01106864 _____ () C:\Program Files\Trend Micro\Internet Security\sqlite3.dll
2010-03-28 10:39 - 2010-03-28 10:33 - 00172808 _____ () C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEHook.dll
2014-08-24 13:10 - 2014-08-24 13:10 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2009-09-11 20:47 - 2009-08-24 21:08 - 00016384 _____ () C:\Program Files (x86)\Gateway\Gateway Touch Suite\MTGesture.dll
2009-09-11 20:47 - 2009-08-24 21:08 - 01049088 _____ () C:\Program Files (x86)\Gateway\Gateway Touch Suite\mediaPlayer.dll
2009-09-11 20:47 - 2009-08-24 21:08 - 00014336 _____ () C:\Program Files (x86)\Gateway\Gateway Touch Suite\MusicRemorting.dll
2009-09-11 20:47 - 2009-08-24 20:44 - 00015872 _____ () C:\Program Files (x86)\Gateway\Gateway Touch Suite\PhotoListViewControl.dll
2009-09-11 20:47 - 2009-08-17 03:06 - 00013824 _____ () C:\Program Files (x86)\Gateway\Gateway Touch Suite\XMLStorage.dll
2009-09-11 20:47 - 2009-08-24 20:59 - 00156672 _____ () C:\Program Files (x86)\Gateway\Gateway Touch Suite\SNSGadget.dll
2009-09-11 20:47 - 2009-08-24 20:59 - 00017408 _____ () C:\Program Files (x86)\Gateway\Gateway Touch Suite\SNSDraggableListView.dll
2009-09-11 20:47 - 2009-08-16 20:27 - 00013312 _____ () C:\Program Files (x86)\Gateway\Gateway Touch Suite\Remoting.dll
2009-09-11 20:47 - 2009-08-12 02:18 - 00036864 _____ () C:\Program Files (x86)\Gateway\Gateway Touch Suite\SNSService.dll
2009-09-11 20:47 - 2009-08-16 20:27 - 00037888 _____ () C:\Program Files (x86)\Gateway\Gateway Touch Suite\SNSAgent.exe
2009-09-11 20:47 - 2009-08-12 02:18 - 00076800 _____ () C:\Program Files (x86)\Gateway\Gateway Touch Suite\SNSStack.dll
2009-09-11 20:47 - 2009-08-24 20:53 - 00141312 _____ () C:\Program Files (x86)\Gateway\Gateway Touch Suite\Facebook.dll
2009-09-11 20:47 - 2009-08-24 20:42 - 00087552 _____ () C:\Program Files (x86)\Gateway\Gateway Touch Suite\SharingDevice.dll
2009-09-11 20:47 - 2009-08-12 02:18 - 00028672 _____ () C:\Program Files (x86)\Gateway\Gateway Touch Suite\SNSFacebook.dll
2009-09-11 20:47 - 2009-08-12 02:18 - 00033280 _____ () C:\Program Files (x86)\Gateway\Gateway Touch Suite\SNSFlickr.dll
2009-09-11 20:47 - 2009-08-24 21:08 - 00439296 _____ () C:\Program Files (x86)\Gateway\Gateway Touch Suite\MusicAgent.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-02-02 19:33 - 2009-02-02 19:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
2008-09-28 19:55 - 2008-09-28 19:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\ACE.dll
2014-08-21 16:29 - 2014-08-07 05:20 - 00051200 _____ () C:\ManageEngine\ServiceDesk\lib\TrayIcon12.dll
2014-08-21 16:29 - 2014-08-07 05:20 - 00045150 _____ () C:\ManageEngine\ServiceDesk\lib\native\AdventnetOper.dll
2014-08-21 16:29 - 2014-08-07 05:20 - 00311296 _____ () C:\ManageEngine\ServiceDesk\lib\SDeskWmi.dll
2014-08-21 16:29 - 2014-08-07 05:20 - 00077824 _____ () C:\ManageEngine\ServiceDesk\lib\MsiEditor.dll
2014-08-21 16:29 - 2013-04-01 23:34 - 01009664 _____ () C:\ManageEngine\ServiceDesk\pgsql\bin\libxml2.dll
2014-08-21 16:29 - 2013-04-01 23:34 - 00009216 _____ () C:\ManageEngine\ServiceDesk\pgsql\lib\citext.dll
2014-08-24 13:04 - 2014-08-24 13:10 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2011-02-20 18:22 - 2011-02-20 18:22 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2011-02-20 18:22 - 2011-02-20 18:22 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2012-05-24 15:43 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2012-05-24 15:43 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-08-21 11:13 - 2014-08-21 11:13 - 00718152 _____ () C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\36.0.1985.143\libglesv2.dll
2014-08-21 11:13 - 2014-08-21 11:13 - 00126280 _____ () C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\36.0.1985.143\libegl.dll
2014-08-21 11:13 - 2014-08-21 11:13 - 08537928 _____ () C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\36.0.1985.143\pdf.dll
2014-08-21 11:13 - 2014-08-21 11:13 - 00353096 _____ () C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-21 11:13 - 2014-08-21 11:13 - 01732936 _____ () C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\36.0.1985.143\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KAFVNNS905858049177951 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Express Customer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KAFVNNS905858049177951 => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BBSvc => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/24/2014 10:10:01 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: pg_ctl: another server might be running; trying to start server anyway

Error: (08/24/2014 09:54:58 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: pg_ctl: another server might be running; trying to start server anyway

System errors:
=============
Error: (08/24/2014 10:12:28 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-02-26 21:05:18.194
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-26 21:05:17.984
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-26 21:05:12.023
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-26 21:05:11.833
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 64%
Total physical RAM: 4060.1 MB
Available physical RAM: 1455.54 MB
Total Pagefile: 8118.39 MB
Available Pagefile: 4451.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:684.54 GB) (Free:582.85 GB) NTFS
Drive d: (TurboTax 2013) (CDROM) (Total:0.38 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 8BF5315B)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=684.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

remove%20outdated.jpg Uninstall some programs

We need to uninstall some programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

  • SparkTrust PC Cleaner Plus

After completing uninstalls, please manually reboot your machine!



FRST.gif Fix with Farbar Recovery Scan Tool
 

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. 


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
    start(Google Inc.) C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\browser.exe(Google Inc.) C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\browser.exe(Google Inc.) C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\browser.exeHKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [PhotoGadgetFirstRun] => [X]HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [MusicGadget] => [X]HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [TouchMemo] => [X]HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [PhotoGadget] => [X]HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [PhotoGadgetFirstRun_Portal] => [X]HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [ReceiverRadio] => C:\Windows\system32\rundll32.exe "C:\Users\joeheff-\AppData\Local\ReceiverRadio\ReceiverRadio.dll",DllRegisterServer <===== ATTENTIONHKU\S-1-5-21-438747998-725200510-3016165972-1001\...\MountPoints2: {f9991fca-e68e-11de-88b6-806e6f6e6963} - D:\setup.exeC:\Users\joeheff-\AppData\Local\ReceiverRadioToolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No FileHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No FileHandler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No FileS3 KAPFA; \??\C:\Windows\system32\drivers\KAPFA.SYS [X]C:\Users\joeheff-\AppData\LocalLow\ModulatorModelC:\Users\joeheff-\g2ax_customer_downloadhelper_win32_x86.exeTask: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTIONTask: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTIONTask: C:\Windows\Tasks\SparkTrust Update Version3.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTIONTask: C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTIONc:\program files (x86)\common files\sparktrustC:\Program Files (x86)\SparkTrust2014-08-21 15:40 - 2014-08-24 21:31 - 00000470 _____ () C:\Windows\Tasks\SparkTrust Registration3.job2014-08-21 15:40 - 2014-08-21 16:08 - 00000651 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000.job2014-08-21 15:40 - 2014-08-21 16:08 - 00000428 _____ () C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job2014-08-21 15:40 - 2014-08-21 16:08 - 00000428 _____ () C:\Windows\Tasks\SparkTrust Update Version3.job2014-08-21 15:40 - 2014-08-21 15:40 - 00004096 _____ () C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E570000002014-08-21 15:40 - 2014-08-21 15:40 - 00003250 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version32014-08-21 15:40 - 2014-08-21 15:40 - 00003140 _____ () C:\Windows\System32\Tasks\SparkTrust Registration32014-08-21 15:40 - 2014-08-21 15:40 - 00002912 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3_triggeronce2014-08-21 16:13 - 2014-08-21 16:14 - 00000000 ___RD () C:\Users\joeheff-\My SpeedyBackup SyncFolderEmptyTemp:Task: {3B6C40C2-3FE4-4760-86C5-E251FFE0C80A} - System32\Tasks\SparkTrust Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll" RunUnsTask: {19A34EF9-B027-401C-B6BA-E08C6E041945} - System32\Tasks\SparkTrust Update Version3 => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2014-07-31] (SparkTrust Systems) <==== ATTENTIONTask: {7E1D956B-41DF-43BD-9DCD-EA738AE698CF} - System32\Tasks\SparkTrust Update Version3_triggeronce => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2014-07-31] (SparkTrust Systems) <==== ATTENTIONTask: {F0B47D45-D96A-46E6-A4F0-B54D06C11F7B} - System32\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000 => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTIONend
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.



FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

Link to post
Share on other sites

Let's amend script a little.


FRST.gif Fix with Farbar Recovery Scan Tool
 

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. 


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
    start(Google Inc.) C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\browser.exe(Google Inc.) C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\browser.exe(Google Inc.) C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\browser.exeHKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [PhotoGadgetFirstRun] => [X]HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [MusicGadget] => [X]HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [TouchMemo] => [X]HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [PhotoGadget] => [X]HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [PhotoGadgetFirstRun_Portal] => [X]HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [ReceiverRadio] => C:\Windows\system32\rundll32.exe "C:\Users\joeheff-\AppData\Local\ReceiverRadio\ReceiverRadio.dll",DllRegisterServer <===== ATTENTIONHKU\S-1-5-21-438747998-725200510-3016165972-1001\...\MountPoints2: {f9991fca-e68e-11de-88b6-806e6f6e6963} - D:\setup.exeC:\Users\joeheff-\AppData\Local\ReceiverRadioToolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No FileHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No FileHandler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No FileS3 KAPFA; \??\C:\Windows\system32\drivers\KAPFA.SYS [X]C:\Users\joeheff-\AppData\LocalLow\ModulatorModelC:\Users\joeheff-\g2ax_customer_downloadhelper_win32_x86.exeTask: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTIONTask: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTIONTask: C:\Windows\Tasks\SparkTrust Update Version3.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTIONTask: C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTIONc:\program files (x86)\common files\sparktrustC:\Program Files (x86)\SparkTrust2014-08-21 15:40 - 2014-08-24 21:31 - 00000470 _____ () C:\Windows\Tasks\SparkTrust Registration3.job2014-08-21 15:40 - 2014-08-21 16:08 - 00000651 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000.job2014-08-21 15:40 - 2014-08-21 16:08 - 00000428 _____ () C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job2014-08-21 15:40 - 2014-08-21 16:08 - 00000428 _____ () C:\Windows\Tasks\SparkTrust Update Version3.job2014-08-21 15:40 - 2014-08-21 15:40 - 00004096 _____ () C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E570000002014-08-21 15:40 - 2014-08-21 15:40 - 00003250 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version32014-08-21 15:40 - 2014-08-21 15:40 - 00003140 _____ () C:\Windows\System32\Tasks\SparkTrust Registration32014-08-21 15:40 - 2014-08-21 15:40 - 00002912 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3_triggeronce2014-08-21 16:13 - 2014-08-21 16:14 - 00000000 ___RD () C:\Users\joeheff-\My SpeedyBackup SyncFolderTask: {3B6C40C2-3FE4-4760-86C5-E251FFE0C80A} - System32\Tasks\SparkTrust Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll" RunUnsTask: {19A34EF9-B027-401C-B6BA-E08C6E041945} - System32\Tasks\SparkTrust Update Version3 => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2014-07-31] (SparkTrust Systems) <==== ATTENTIONTask: {7E1D956B-41DF-43BD-9DCD-EA738AE698CF} - System32\Tasks\SparkTrust Update Version3_triggeronce => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2014-07-31] (SparkTrust Systems) <==== ATTENTIONTask: {F0B47D45-D96A-46E6-A4F0-B54D06C11F7B} - System32\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000 => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTIONend
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.



FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

Link to post
Share on other sites

Naat,
Below are the log files.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-08-2014 03
Ran by joeheff- at 2014-08-25 17:09:32 Run:5
Running from C:\Users\joeheff-\Desktop\MalwareCleanup
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
(Google Inc.) C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\browser.exe
(Google Inc.) C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\browser.exe
(Google Inc.) C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\browser.exe
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [PhotoGadgetFirstRun] => [X]
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [MusicGadget] => [X]
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [TouchMemo] => [X]
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [PhotoGadget] => [X]
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [PhotoGadgetFirstRun_Portal] => [X]
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [ReceiverRadio] => C:\Windows\system32\rundll32.exe "C:\Users\joeheff-\AppData\Local\ReceiverRadio\ReceiverRadio.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\MountPoints2: {f9991fca-e68e-11de-88b6-806e6f6e6963} - D:\setup.exe
C:\Users\joeheff-\AppData\Local\ReceiverRadio
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
S3 KAPFA; \??\C:\Windows\system32\drivers\KAPFA.SYS [X]
C:\Users\joeheff-\AppData\LocalLow\ModulatorModel
C:\Users\joeheff-\g2ax_customer_downloadhelper_win32_x86.exe
Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
c:\program files (x86)\common files\sparktrust
C:\Program Files (x86)\SparkTrust
2014-08-21 15:40 - 2014-08-24 21:31 - 00000470 _____ () C:\Windows\Tasks\SparkTrust Registration3.job
2014-08-21 15:40 - 2014-08-21 16:08 - 00000651 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000.job
2014-08-21 15:40 - 2014-08-21 16:08 - 00000428 _____ () C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job
2014-08-21 15:40 - 2014-08-21 16:08 - 00000428 _____ () C:\Windows\Tasks\SparkTrust Update Version3.job
2014-08-21 15:40 - 2014-08-21 15:40 - 00004096 _____ () C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000
2014-08-21 15:40 - 2014-08-21 15:40 - 00003250 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3
2014-08-21 15:40 - 2014-08-21 15:40 - 00003140 _____ () C:\Windows\System32\Tasks\SparkTrust Registration3
2014-08-21 15:40 - 2014-08-21 15:40 - 00002912 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3_triggeronce
2014-08-21 16:13 - 2014-08-21 16:14 - 00000000 ___RD () C:\Users\joeheff-\My SpeedyBackup SyncFolder
Task: {3B6C40C2-3FE4-4760-86C5-E251FFE0C80A} - System32\Tasks\SparkTrust Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll" RunUns
Task: {19A34EF9-B027-401C-B6BA-E08C6E041945} - System32\Tasks\SparkTrust Update Version3 => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2014-07-31] (SparkTrust Systems) <==== ATTENTION
Task: {7E1D956B-41DF-43BD-9DCD-EA738AE698CF} - System32\Tasks\SparkTrust Update Version3_triggeronce => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2014-07-31] (SparkTrust Systems) <==== ATTENTION
Task: {F0B47D45-D96A-46E6-A4F0-B54D06C11F7B} - System32\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000 => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
end
*****************

[4492] C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\browser.exe => Process closed successfully.
C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\browser.exe => No running process found
[8184] C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\browser.exe => Process closed successfully.
HKU\S-1-5-21-438747998-725200510-3016165972-1001\Software\Microsoft\Windows\CurrentVersion\Run\\PhotoGadgetFirstRun => Value not found.
HKU\S-1-5-21-438747998-725200510-3016165972-1001\Software\Microsoft\Windows\CurrentVersion\Run\\MusicGadget => Value not found.
HKU\S-1-5-21-438747998-725200510-3016165972-1001\Software\Microsoft\Windows\CurrentVersion\Run\\TouchMemo => Value not found.
HKU\S-1-5-21-438747998-725200510-3016165972-1001\Software\Microsoft\Windows\CurrentVersion\Run\\PhotoGadget => Value not found.
HKU\S-1-5-21-438747998-725200510-3016165972-1001\Software\Microsoft\Windows\CurrentVersion\Run\\PhotoGadgetFirstRun_Portal => Value not found.
HKU\S-1-5-21-438747998-725200510-3016165972-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ReceiverRadio => Value not found.
"HKU\S-1-5-21-438747998-725200510-3016165972-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9991fca-e68e-11de-88b6-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{f9991fca-e68e-11de-88b6-806e6f6e6963}" => Key not found.
"C:\Users\joeheff-\AppData\Local\ReceiverRadio" => File/Directory not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value not found.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
"HKCR\PROTOCOLS\Handler\skype-ie-addon-data" => Key not found.
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => Key not found.
"HKCR\PROTOCOLS\Handler\tmtb" => Key not found.
"HKCR\CLSID\{04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42}" => Key not found.
KAPFA => Service not found.
C:\Users\joeheff-\AppData\LocalLow\ModulatorModel => Moved successfully.
"C:\Users\joeheff-\g2ax_customer_downloadhelper_win32_x86.exe" => File/Directory not found.
C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000.job not found.
C:\Windows\Tasks\SparkTrust Registration3.job not found.
C:\Windows\Tasks\SparkTrust Update Version3.job not found.
C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job not found.
"c:\program files (x86)\common files\sparktrust" => File/Directory not found.
"C:\Program Files (x86)\SparkTrust" => File/Directory not found.
"C:\Windows\Tasks\SparkTrust Registration3.job" => File/Directory not found.
"C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000.job" => File/Directory not found.
"C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job" => File/Directory not found.
"C:\Windows\Tasks\SparkTrust Update Version3.job" => File/Directory not found.
"C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000" => File/Directory not found.
"C:\Windows\System32\Tasks\SparkTrust Update Version3" => File/Directory not found.
"C:\Windows\System32\Tasks\SparkTrust Registration3" => File/Directory not found.
"C:\Windows\System32\Tasks\SparkTrust Update Version3_triggeronce" => File/Directory not found.
"C:\Users\joeheff-\My SpeedyBackup SyncFolder" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B6C40C2-3FE4-4760-86C5-E251FFE0C80A}" => Key not found.
C:\Windows\System32\Tasks\SparkTrust Registration3 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust Registration3" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19A34EF9-B027-401C-B6BA-E08C6E041945}" => Key not found.
C:\Windows\System32\Tasks\SparkTrust Update Version3 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust Update Version3" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E1D956B-41DF-43BD-9DCD-EA738AE698CF}" => Key not found.
C:\Windows\System32\Tasks\SparkTrust Update Version3_triggeronce not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust Update Version3_triggeronce" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0B47D45-D96A-46E6-A4F0-B54D06C11F7B}" => Key not found.
C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000" => Key not found.

==== End of Fixlog ====

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by joeheff- (administrator) on JOEHEFF--PC on 25-08-2014 17:10:56
Running from C:\Users\joeheff-\Desktop\MalwareCleanup
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
( ) C:\Windows\System32\dlcccoms.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
() C:\Windows\System32\GManager.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Tanuki Software, Ltd.) C:\ManageEngine\ServiceDesk\bin\wrapper.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(SonicWALL Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
(Acer) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Acer Corp.) C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SonicWALL Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\Common Files\DesktopUtil\MCTDUtil.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\Common Files\DesktopUtil\FDispPos.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Sun Microsystems, Inc.) C:\ManageEngine\ServiceDesk\jre\bin\java.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_176_ActiveX.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\ManageEngine\ServiceDesk\pgsql\bin\postgres.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TouchPortal] => C:\Program Files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe [4936192 2009-08-24] (Acer Corp.)
HKLM\...\Run: [TouchORB] => C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe [151368 2009-08-10] (Acer Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8081952 2009-08-24] (Realtek Semiconductor)
HKLM\...\Run: [ufSeAgnt.exe] => C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1023416 2010-01-26] (Trend Micro Inc.)
HKLM\...\Run: [sonicWALLNetExtender] => C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [1099648 2011-05-03] (SonicWALL Inc.)
HKLM\...\Run: [MCTDUtil] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [FDispPos] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [backupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe [244480 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [uCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [167008 2009-09-02] (CyberLink Corp.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [843776 2009-06-05] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Express Customer\209\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [OE] => C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [842504 2010-03-28] (Trend Micro Inc.)
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [WorkForce 610(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [EPSON WorkForce 610 Series (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx4800&r=273601101200p0337y1j5k4921522q
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx4800&r=273601101200p0337y1j5k4921522q
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx4800&r=273601101200p0337y1j5k4921522q
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx4800&r=273601101200p0337y1j5k4921522q
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx4800&r=273601101200p0337y1j5k4921522q
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS363US363
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS363US363
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {1FA44E01-A60B-4449-BF97-66CDAA200433} https://clientconnect.securianadvisor.com/java/downloads/SOConfig6.cab
DPF: HKLM-x32 {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://sslvpn.ssgi.com/NELX.cab
DPF: HKLM-x32 {D22621D3-E219-4B03-AF3E-5E8AEF7CC70B} https://clientconnect.securianadvisor.com/java/downloads/SmartOfficeLink6.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF ProfilePath: C:\Users\joeheff-\AppData\Roaming\Mozilla\Firefox\Profiles\vlybr8z7.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.yahoo.com/?ilc=8
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mkg030&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: No Name - C:\Users\joeheff-\AppData\Roaming\Mozilla\Firefox\Profiles\vlybr8z7.default\Extensions\staged-xpis [2010-03-21]
FF Extension: No Name - C:\Users\joeheff-\AppData\Roaming\Mozilla\Firefox\Profiles\vlybr8z7.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-03-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-01-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-05-17]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-03]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-03-26]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-07-04]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension [2010-03-28]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 dlcc_device; C:\Windows\system32\dlcccoms.exe [566768 2007-02-14] ( )
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 GManager; C:\Windows\system32\GManager.exe [313432 2012-08-28] ()
S3 GoToAssist Express Customer; C:\Program Files (x86)\Citrix\GoToAssist Express Customer\209\g2ax_service.exe [161144 2010-01-28] (Citrix Online, a division of Citrix Systems, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MCTDesktopSvr; C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [199296 2011-05-03] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-06-29] () [File not signed]
R2 servicedesk; C:\ManageEngine\ServiceDesk\bin\wrapper.exe [511256 2014-08-07] (Tanuki Software, Ltd.)
R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [836504 2010-11-08] (Trend Micro Inc.)
R2 SONICWALL_NetExtender; C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe [505216 2011-05-03] (SonicWALL Inc.)
R3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2010-03-28] (Trend Micro Inc.)
R3 TmPfw; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [595960 2010-03-28] (Trend Micro Inc.)
R3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2010-03-28] (Trend Micro Inc.)
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 int15.sys; C:\Windows\System32\OEM\Factory\int15.sys [17952 2008-03-29] (Acer, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 mctkmd; C:\Windows\system32\drivers\mctkmd64.sys [152344 2013-05-20] (Magic Control Technology Corporation)
R0 mctkmdldr; C:\Windows\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [24264 2010-10-26] (SonicWALL Inc.)
R3 t1pusb64; C:\Windows\System32\drivers\t1pusb64.sys [179736 2013-05-08] (Magic Control Technology Corp.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [200720 2010-03-28] (Trend Micro Inc.)
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42768 2011-07-12] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2010-03-28] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [339984 2010-03-28] (Trend Micro Inc.)
R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [342288 2011-07-12] (Trend Micro Inc.)
R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2077456 2011-07-12] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 22:36 - 2014-08-24 22:36 - 00000000 _____ () C:\Users\joeheff-\Sti_Trace.log
2014-08-24 22:01 - 2014-08-24 22:07 - 00000000 ____D () C:\AdwCleaner
2014-08-24 21:39 - 2014-08-24 21:39 - 00000000 ____D () C:\Windows\ERUNT
2014-08-24 14:16 - 2014-08-25 17:10 - 00000000 ____D () C:\Users\joeheff-\Desktop\MalwareCleanup
2014-08-24 13:53 - 2014-08-25 17:11 - 00000000 ____D () C:\FRST
2014-08-24 13:35 - 2014-08-24 13:35 - 01034928 _____ (Microsoft Corporation) C:\Users\joeheff-\Downloads\setupproplusretail.x86.en-us_TX_PR_act_1_.exe
2014-08-24 13:08 - 2014-08-24 13:08 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-08-24 13:05 - 2014-08-24 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-24 13:02 - 2014-08-24 13:02 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-24 12:31 - 2014-08-24 12:31 - 00000000 ____D () C:\Windows\pss
2014-08-22 22:27 - 2014-08-24 13:40 - 00000133 _____ () C:\Windows\TMFilter.log
2014-08-21 22:37 - 2014-08-25 08:14 - 00000672 _____ () C:\Windows\setupact.log
2014-08-21 22:37 - 2014-08-24 22:08 - 00084522 _____ () C:\Windows\PFRO.log
2014-08-21 22:37 - 2014-08-21 22:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-21 20:50 - 2014-08-25 17:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 20:50 - 2014-08-21 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-21 20:50 - 2014-08-21 20:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 20:50 - 2014-08-21 20:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-21 20:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-21 20:50 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-21 20:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-21 16:27 - 2014-08-21 16:27 - 00000000 ____D () C:\Users\joeheff-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ManageEngine ServiceDesk Plus
2014-08-21 16:27 - 2014-08-21 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManageEngine ServiceDesk Plus
2014-08-21 16:27 - 2014-08-21 16:27 - 00000000 ____D () C:\ManageEngine
2014-08-21 11:21 - 2014-08-21 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-20 10:22 - 2014-08-21 11:21 - 00000000 ____D () C:\Program Files\iTunes
2014-08-20 10:22 - 2014-08-21 11:21 - 00000000 ____D () C:\Program Files\iPod
2014-08-20 10:22 - 2014-08-21 11:21 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-20 10:22 - 2014-08-21 11:18 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-19 11:35 - 2014-08-24 23:00 - 00000000 ____D () C:\Elkhorn Partners
2014-08-19 10:26 - 2014-08-19 10:26 - 00000000 ____D () C:\Users\joeheff-\AppData\Local\Adobe
2014-07-29 21:57 - 2014-07-29 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-29 21:57 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-29 21:57 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-29 21:57 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-29 21:57 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-29 21:32 - 2014-07-29 21:32 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 17:12 - 2010-03-28 10:41 - 00000824 _____ () C:\Windows\system32\Drivers\etc\tmvsthfud.bin
2014-08-25 17:12 - 2010-03-28 10:41 - 00000824 _____ () C:\Windows\system32\Drivers\etc\tmvsthfss.bin
2014-08-25 17:11 - 2014-08-24 13:53 - 00000000 ____D () C:\FRST
2014-08-25 17:10 - 2014-08-24 14:16 - 00000000 ____D () C:\Users\joeheff-\Desktop\MalwareCleanup
2014-08-25 17:07 - 2014-08-21 20:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-25 17:07 - 2012-04-30 18:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-25 17:07 - 2009-12-11 14:57 - 01696168 _____ () C:\Windows\WindowsUpdate.log
2014-08-25 12:47 - 2010-01-19 13:38 - 00000000 ____D () C:\Users\joeheff-\AppData\Local\Google
2014-08-25 12:40 - 2010-01-19 13:36 - 00000000 ____D () C:\Users\joeheff-
2014-08-25 08:25 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-25 08:25 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-25 08:14 - 2014-08-21 22:37 - 00000672 _____ () C:\Windows\setupact.log
2014-08-25 08:14 - 2013-10-21 21:18 - 00002804 _____ () C:\Windows\system32\GManager.ini
2014-08-25 08:14 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-24 23:00 - 2014-08-19 11:35 - 00000000 ____D () C:\Elkhorn Partners
2014-08-24 22:36 - 2014-08-24 22:36 - 00000000 _____ () C:\Users\joeheff-\Sti_Trace.log
2014-08-24 22:08 - 2014-08-21 22:37 - 00084522 _____ () C:\Windows\PFRO.log
2014-08-24 22:07 - 2014-08-24 22:01 - 00000000 ____D () C:\AdwCleaner
2014-08-24 22:07 - 2010-01-19 19:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-24 21:39 - 2014-08-24 21:39 - 00000000 ____D () C:\Windows\ERUNT
2014-08-24 13:40 - 2014-08-22 22:27 - 00000133 _____ () C:\Windows\TMFilter.log
2014-08-24 13:40 - 2009-07-13 23:45 - 00466384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-24 13:35 - 2014-08-24 13:35 - 01034928 _____ (Microsoft Corporation) C:\Users\joeheff-\Downloads\setupproplusretail.x86.en-us_TX_PR_act_1_.exe
2014-08-24 13:31 - 2010-01-19 13:36 - 00121088 _____ () C:\Users\joeheff-\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-24 13:11 - 2014-08-24 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-24 13:08 - 2014-08-24 13:08 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-08-24 13:08 - 2009-09-11 20:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-24 13:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-24 13:02 - 2014-08-24 13:02 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-24 12:31 - 2014-08-24 12:31 - 00000000 ____D () C:\Windows\pss
2014-08-24 12:23 - 2009-09-11 21:13 - 00000000 ____D () C:\ProgramData\Symantec
2014-08-22 09:04 - 2010-01-28 08:14 - 00000000 ____D () C:\Users\joeheff-\AppData\Local\Deployment
2014-08-21 22:57 - 2012-01-14 17:11 - 00002731 _____ () C:\Windows\wininit.ini
2014-08-21 22:49 - 2012-04-07 12:53 - 00000000 ____D () C:\Users\joeheff-\AppData\Roaming\Dropbox
2014-08-21 22:40 - 2012-04-07 13:01 - 00000000 ___RD () C:\Users\joeheff-\Dropbox
2014-08-21 22:37 - 2014-08-21 22:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-21 20:50 - 2014-08-21 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-21 20:50 - 2014-08-21 20:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 20:50 - 2014-08-21 20:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-21 17:15 - 2009-09-11 21:02 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-21 17:05 - 2009-09-11 21:02 - 00000000 ____D () C:\Program Files\Google
2014-08-21 16:27 - 2014-08-21 16:27 - 00000000 ____D () C:\Users\joeheff-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ManageEngine ServiceDesk Plus
2014-08-21 16:27 - 2014-08-21 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManageEngine ServiceDesk Plus
2014-08-21 16:27 - 2014-08-21 16:27 - 00000000 ____D () C:\ManageEngine
2014-08-21 16:27 - 2009-09-11 20:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-21 16:21 - 2009-09-11 21:02 - 00000000 ____D () C:\ProgramData\Google
2014-08-21 16:07 - 2009-12-11 15:29 - 00000000 ____D () C:\Users\Public\Documents\Screensaver
2014-08-21 16:07 - 2009-09-11 21:15 - 00000000 ___HD () C:\OEM
2014-08-21 16:07 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-08-21 16:07 - 2007-07-11 20:49 - 00000000 ____D () C:\Windows\Panther
2014-08-21 16:05 - 2011-10-03 09:25 - 00000000 ____D () C:\temp
2014-08-21 11:21 - 2014-08-21 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-21 11:21 - 2014-08-20 10:22 - 00000000 ____D () C:\Program Files\iTunes
2014-08-21 11:21 - 2014-08-20 10:22 - 00000000 ____D () C:\Program Files\iPod
2014-08-21 11:21 - 2014-08-20 10:22 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-21 11:18 - 2014-08-20 10:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-21 10:36 - 2010-09-13 21:49 - 00000000 ____D () C:\Users\joeheff-\Documents\Kim
2014-08-19 12:05 - 2009-07-14 00:13 - 00732638 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-19 10:26 - 2014-08-19 10:26 - 00000000 ____D () C:\Users\joeheff-\AppData\Local\Adobe
2014-08-18 10:21 - 2012-04-30 18:49 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-18 10:21 - 2012-04-30 18:49 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-18 10:21 - 2012-01-14 17:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-29 22:15 - 2010-01-19 20:08 - 00002090 ____H () C:\Users\joeheff-\Documents\Default.rdp
2014-07-29 21:58 - 2013-12-29 22:43 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-29 21:57 - 2014-07-29 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-29 21:57 - 2010-05-17 20:30 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-29 21:32 - 2014-07-29 21:32 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-04-06 20:03

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-08-2014 03
Ran by joeheff- at 2014-08-25 17:12:37
Running from C:\Users\joeheff-\Desktop\MalwareCleanup
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Internet Security Pro (Enabled - Up to date) {68F968AC-2AA0-091D-848C-803E83E35902}
AS: Trend Micro Internet Security Pro (Enabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall (Enabled) {70A91CD9-303D-A217-A80E-6DEE136EDB2B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden
Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3029 - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 4.1.3029 - CyberLink Corp.) Hidden
CyberLink PowerCinema (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 7.0.3306 - CyberLink Corp.)
CyberLink PowerCinema (x32 Version: 7.0.3306 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2102 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2102 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
eBay Worldwide (HKLM-x32\...\{AAF89271-2594-468D-B578-96B2E30C41C4}) (Version: 2.1.0703 - OEM)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.00.01 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON WorkForce 610 Series Printer Uninstall (HKLM\...\EPSON WorkForce 610 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4i - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)
Gateway MyBackup (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.19 - NewTech Infosystems)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.02.3004 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0811 - Gateway Incorporated)
Gateway Touch Suite (HKLM-x32\...\{C652F86F-348A-4A65-8BE8-A3F7A6370D98}) (Version: 1.00.3003 - Gateway Incorporated)
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3014 - Gateway Incorporated)
GoToAssist Express Customer 1.3.0.209 (HKLM-x32\...\GoToAssist Express Customer) (Version:  - )
H&R Block Deluxe + Efile + State 2011 (HKLM-x32\...\{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}) (Version: 11.05.7102 - HRB Technology, LLC.)
H&R Block Nebraska 2011 (HKLM-x32\...\{F654CA77-407B-4BC6-8C30-25ACFA581AD0}) (Version: 1.11.3401 - HRB Technology, LLC.)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Gateway Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
ITECIR (HKLM-x32\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.00.0000 - ITE)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.31.3 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
ManageEngine ServiceDesk Plus (HKLM-x32\...\{8D48C529-714D-493D-8BD1-F79C415994A6}) (Version:  - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2007 Trial (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox (3.6.18) (HKLM-x32\...\Mozilla Firefox (3.6.18)) (Version: 3.6.18 (en-US) - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{ab97169b-6cab-4d1a-8048-d65ef1d20f4d}) (Version:  - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.7.201 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.7.201 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.9.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.7.201 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.209 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.1.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerCinema Movie (x32 Version: 9.0.5631 - CyberLink Corp.) Hidden
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5923 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SEE2 Xtreme UV150 / UV250 / UV350 13.10.0522.1177 (HKLM-x32\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 13.10.0522.1177 - Eclipse)
Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
Shutterfly Express Uploader (x32 Version: 1.2.0 - Shutterfly, Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.8.8855 - Skype Technologies S.A.)
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
SonicWALL SSL-VPN NetExtender (HKLM-x32\...\SonicWALL SSL-VPN NetExtender) (Version: 4.0.143 - SonicWALL, Inc.)
TouchSettings (HKLM-x32\...\{75880CD4-9436-4EDD-B7E7-400EBFD60B2C}) (Version: 1.00.0002 - Acer Corp.)
Trend Micro Internet Security Pro (HKLM\...\{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}) (Version: 17.50 - Trend Micro Inc.)
Trend Micro Internet Security Pro (Version: 17.50 - Trend Micro Inc.) Hidden
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2010 WinPerFedFormset (x32 Version: 010.000.5821 - Intuit Inc.) Hidden
TurboTax 2010 WinPerReleaseEngine (x32 Version: 010.000.0501 - Intuit Inc.) Hidden
TurboTax 2010 WinPerTaxSupport (x32 Version: 010.000.0222 - Intuit Inc.) Hidden
TurboTax 2010 wneiper (x32 Version: 010.000.1282 - Intuit Inc.) Hidden
TurboTax 2010 wrapper (x32 Version: 010.000.0157 - Intuit Inc.) Hidden
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2309 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0474 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0186 - Intuit Inc.) Hidden
TurboTax 2012 wneiper (x32 Version: 012.000.1448 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1986 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0492 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0168 - Intuit Inc.) Hidden
TurboTax 2013 wneiper (x32 Version: 013.000.1273 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{8F32B14E-F85E-482C-BF8C-C04E1A5ADE4F}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{8F32B14E-F85E-482C-BF8C-C04E1A5ADE4F}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{8B689F89-5E1C-4DA9-B2B1-7B3843275596}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{8B689F89-5E1C-4DA9-B2B1-7B3843275596}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{BBE715CA-02FD-4C5A-90BB-440A967DF05E}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{BBE715CA-02FD-4C5A-90BB-440A967DF05E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Virtual Earth 3D (Beta) (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.00.3005 - Gateway Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wondershare iMate(Build 1.0.4.0) (HKLM-x32\...\Wondershare iMate_is1) (Version: 1.0.4.0 - WonderShare Software Co.,Ltd.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-438747998-725200510-3016165972-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\joeheff-\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points  =========================

07-04-2014 02:37:07 Installed TurboTax 2013 wneiper
22-04-2014 02:12:27 Installed Java 7 Update 55
30-07-2014 02:55:53 Installed Java 7 Update 65
21-08-2014 21:03:24 SparkTrust PC Cleaner Plus Backup
21-08-2014 22:03:26 SparkTrust PC Cleaner Plus Backup
21-08-2014 22:32:12 SparkTrust PC Cleaner Plus Backup
21-08-2014 22:47:15 SparkTrust PC Cleaner Plus Backup
21-08-2014 22:59:45 SparkTrust PC Cleaner Plus Backup
22-08-2014 01:34:19 SparkTrust PC Cleaner Plus Backup
22-08-2014 03:35:57 SparkTrust PC Cleaner Plus Backup
24-08-2014 17:21:31 Removed Norton Online Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1158A5C2-BB8B-43DE-B21C-C2052ADBFAE3} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Gateway\Gateway Recovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer)
Task: {3F106E5F-102E-483A-90AD-5D224FDBF0BC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-24] (Microsoft Corporation)
Task: {7A26795E-5B59-4E94-BA5B-49CB05F9B639} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {875A844D-8F97-496F-A264-DFB42CACEF99} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-24] (Microsoft Corporation)
Task: {BD9EB752-B0CC-49BD-B777-14F17B149067} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {C14B8868-E360-4569-99BD-3EF633006CDB} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {C710F3F8-776C-4C5B-A554-E77DF1066C65} - System32\Tasks\{091BD0B1-B027-4284-B7C0-A12947F03E0F} => C:\Windows\twain_32\escndv\escndv.exe [2008-11-30] (SEIKO EPSON CORP.)
Task: {E71851B8-44A4-41D2-89D1-922F76DF7DD2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-18] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-08-24 13:02 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-10-21 21:18 - 2012-08-28 14:20 - 00313432 _____ () C:\Windows\system32\GManager.exe
2010-03-28 10:39 - 2010-03-28 10:33 - 00172808 _____ () C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEHook.dll
2013-10-21 21:18 - 2011-05-03 18:13 - 00199296 _____ () C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
2009-12-11 15:26 - 2009-06-29 03:43 - 00244904 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2010-03-28 10:33 - 2010-03-28 10:33 - 00207656 _____ () C:\Program Files\Trend Micro\Internet Security\UfPack.dll
2010-03-28 10:33 - 2010-03-28 10:33 - 01106864 _____ () C:\Program Files\Trend Micro\Internet Security\sqlite3.dll
2014-08-24 13:10 - 2014-08-24 13:10 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-02-02 19:33 - 2009-02-02 19:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
2008-09-28 19:55 - 2008-09-28 19:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\ACE.dll
2014-08-24 13:04 - 2014-08-24 13:10 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-05-24 15:43 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2012-05-24 15:43 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2014-08-21 16:29 - 2014-08-07 05:20 - 00051200 _____ () C:\ManageEngine\ServiceDesk\lib\TrayIcon12.dll
2014-08-21 16:29 - 2014-08-07 05:20 - 00045150 _____ () C:\ManageEngine\ServiceDesk\lib\native\AdventnetOper.dll
2014-08-21 16:29 - 2014-08-07 05:20 - 00311296 _____ () C:\ManageEngine\ServiceDesk\lib\SDeskWmi.dll
2014-08-21 16:29 - 2014-08-07 05:20 - 00077824 _____ () C:\ManageEngine\ServiceDesk\lib\MsiEditor.dll
2014-08-21 16:29 - 2013-04-01 23:34 - 01009664 _____ () C:\ManageEngine\ServiceDesk\pgsql\bin\libxml2.dll
2011-02-20 18:22 - 2011-02-20 18:22 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2011-02-20 18:22 - 2011-02-20 18:22 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2014-08-21 16:29 - 2013-04-01 23:34 - 00009216 _____ () C:\ManageEngine\ServiceDesk\pgsql\lib\citext.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KAFVNNS905858049177951 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Express Customer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KAFVNNS905858049177951 => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BBSvc => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/25/2014 00:51:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FRST64.exe, version: 24.8.2014.3, time stamp: 0x53fa06d9
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc00000fd
Fault offset: 0x0000000000053483
Faulting process id: 0x1880
Faulting application start time: 0xFRST64.exe0
Faulting application path: FRST64.exe1
Faulting module path: FRST64.exe2
Report Id: FRST64.exe3

Error: (08/25/2014 00:49:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FRST64.exe, version: 24.8.2014.3, time stamp: 0x53fa06d9
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc00000fd
Fault offset: 0x0000000000054f4a
Faulting process id: 0x2144
Faulting application start time: 0xFRST64.exe0
Faulting application path: FRST64.exe1
Faulting module path: FRST64.exe2
Report Id: FRST64.exe3

Error: (08/25/2014 00:42:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FRST64.exe, version: 24.8.2014.3, time stamp: 0x53fa06d9
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc00000fd
Fault offset: 0x0000000000056314
Faulting process id: 0x2054
Faulting application start time: 0xFRST64.exe0
Faulting application path: FRST64.exe1
Faulting module path: FRST64.exe2
Report Id: FRST64.exe3

Error: (08/25/2014 00:41:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FRST64.exe, version: 24.8.2014.3, time stamp: 0x53fa06d9
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc00000fd
Fault offset: 0x0000000000054f36
Faulting process id: 0xe64
Faulting application start time: 0xFRST64.exe0
Faulting application path: FRST64.exe1
Faulting module path: FRST64.exe2
Report Id: FRST64.exe3

Error: (08/25/2014 00:35:08 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2014 00:35:08 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2014 00:16:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16450 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d8c

Start Time: 01cfc088147b2efe

Termination Time: 80

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (08/25/2014 09:47:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5569

Error: (08/25/2014 09:47:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5569

Error: (08/25/2014 09:47:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (08/25/2014 08:19:00 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070420

Error: (08/25/2014 08:18:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

Error: (08/24/2014 10:51:27 PM) (Source: DCOM) (EventID: 10016) (User: joeheff--PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}joeheff--PCjoeheff-S-1-5-21-438747998-725200510-3016165972-1001LocalHost (Using LRPC)

Error: (08/24/2014 10:51:26 PM) (Source: DCOM) (EventID: 10016) (User: joeheff--PC)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}joeheff--PCjoeheff-S-1-5-21-438747998-725200510-3016165972-1001LocalHost (Using LRPC)

Error: (08/24/2014 10:12:28 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-02-26 21:05:18.194
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-26 21:05:17.984
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-26 21:05:12.023
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-26 21:05:11.833
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 65%
Total physical RAM: 4060.1 MB
Available physical RAM: 1417.32 MB
Total Pagefile: 8118.39 MB
Available Pagefile: 4694.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:684.54 GB) (Free:582.06 GB) NTFS
Drive d: (TurboTax 2013) (CDROM) (Total:0.38 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 8BF5315B)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=684.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Please update me about any other issues you may be facing :)



51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.



ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.

To perform the scan:

  • Make sure that Enable detecion of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!

Link to post
Share on other sites

Naat,

Here is the log file for malaware, but i couldn't get to the log for the eset scan.

 

alwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/26/2014
Scan Time: 9:05:32 AM
Logfile: Malwarebytes Scan log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.26.02
Rootkit Database: v2014.08.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: joeheff-

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 320719
Time Elapsed: 19 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Disabled
Rootkits: Enabled
Heuristics: Disabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

OK, let's try another scanner.

panda-av.jpg Scan with Panda Cloud Cleaner

This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.

Please download Panda Cloud Cleaner and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Install the scanner by right-click on panda-av.jpg icon and select RunAsAdmin.jpg Run as Administrator.
  • It should start itself automaticaly after the installation.
  • In the main console click Accept and Scan.
  • This scan won't take long, about several minutes (depending on your system specs). Let it run uninterrupted.
  • At the last stage you will see a couple of messages about veryfying & analyzing results. Wait patiently.
  • Upon completion you will see detections window. Enter one of them and click there View Report at the bottom right side.
  • A notepad window named PCloudCleaner.log will open. Save it to your desktop.

Please include the contents of that file in your next reply.
Don't forget to re-enable your switched-off protection software!
After that you may uninstall Panda Cloud Cleaner from your machine, if you wish to.

Link to post
Share on other sites

here is the log file for the panda cloud cleaner

 

Malware. FILE: C:\USERS\JOEHEFF-\APPDATA\LOCAL\TEMP\COOKIES\ZDPHPXG4.TXT to be deleted.

Malware. FILE: C:\USERS\JOEHEFF-\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GEH9OU7Z.TXT to be deleted.

Malware. FILE: C:\USERS\JOEHEFF-\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DKQ24I5E.TXT to be deleted.

Malware. FILE: C:\USERS\JOEHEFF-\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KBMVD6MW.TXT to be deleted.

Malware. FILE: C:\USERS\JOEHEFF-\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\4Y99K9ZA.TXT to be deleted.

Malware. FILE: C:\USERS\JOEHEFF-\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\R9JPIEBX.TXT to be deleted.

Malware. FILE: C:\USERS\JOEHEFF-\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\8ZJIQRX9.TXT to be deleted.

Malware. FILE: C:\USERS\JOEHEFF-\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Y7TAWIKU.TXT to be deleted.

Malware. FILE: C:\USERS\JOEHEFF-\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CDDC400S.TXT to be deleted.

Malware. FILE: C:\USERS\JOEHEFF-\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CAH4VDYL.TXT to be deleted.

Malware. FILE: C:\USERS\JOEHEFF-\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HUD6BK8W.TXT to be deleted.

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0

Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted.

Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLETASKMGR]. Value: DISABLETASKMGR To be deleted.

Link to post
Share on other sites

I don't think that there is tracur here, couse I don;t see any signs of it in your logs.
 
Please tell me what other issues persist.



51c9d14017fa0-SecurityCheck.PNG Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

  • Right-click on 51c9d14017fa0-SecurityCheck.PNG icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow onscreen instructions inside the black box. This scan won't take long.
  • Soon a notepad document called checkup.txt will open automaticaly.

Please include the content of that document.

Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.87 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
Trend Micro Internet Security Pro  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 65 
 Java version out of Date!
 Adobe Flash Player 14.0.0.145 
 Adobe Reader 10.1.11 Adobe Reader out of Date! 
 Mozilla Firefox (3.6.18) Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 ESET NOD32 Antivirus egui.exe 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
 joeheff- Desktop MalwareCleanup SecurityCheck.exe
 Trend Micro TrendSecure TISProToolbar ProToolbarUpdate.exe
 Trend Micro Internet Security TMAS_OE TMAS_OEMon.exe
 Trend Micro Internet Security SfCtlCom.exe 
 Trend Micro Internet Security UfSeAgnt.exe 
 Trend Micro Internet Security TmPfw.exe 
 Trend Micro Internet Security TmProxy.exe 
 Trend Micro BM TMBMSRV.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.