Jump to content

searchnet.blinkxcore.com malware blocking help needed please


updatehelp
 Share

Recommended Posts

i keep getting te notification that malware bytes blcoks an ooutgoing process to this site. it happens in chrome as well as my other browsers.  basicaly wehni go to any side that has some particular kid of ads this pops up.

 

i have malwayrebytes preium and i attached the protection log as well as frst.txt and addition from running  farbar.

  any help appreciated.  thx

 

malwarebytes log 9-24.txt

FRST.txt

Addition.txt

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.

Link to post
Share on other sites

actually i reran the gmer as i wasn't sure if i ran it correctly the first time.  this itme the log was much smaller her eis it

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-09-25 23:57:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JF4O 698.64GB
Running: cz4v388t.exe; Driver: C:\Users\d\AppData\Local\Temp\pxldapoc.sys
 
---- Processes - GMER 2.1 ----
 
Library  C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\MSVCP80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1028] (Microsoft® C++ Runtime Library/Microsoft Corporation)(2014-01-26 15:09:52)  0000000073de0000
Library  C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\MSVCR80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1028] (Microsoft® C Runtime Library/Microsoft Corporation)(2014-01-26 15:09:52)    00000000722b0000
Library  C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\MSVCP80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [2344] (Microsoft® C++ Runtime Library/Microsoft Corporation)(2014-01-26 15:09:52)      0000000073de0000
Library  C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\MSVCR80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [2344] (Microsoft® C Runtime Library/Microsoft Corporation)(2014-01-26 15:09:52)        00000000722b0000
Library  C:\Users\dl\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\dl\AppData\Roaming\Dropbox\bin\Dropbox.exe [4852](2014-09-13 00:20:58)                                                                                         00000000041d0000
Library  c:\users\dl\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc50wkh.dll (*** suspicious ***) @ C:\Users\dl\AppData\Roaming\Dropbox\bin\Dropbox.exe [4852](2014-09-26 00:35:55)                                           0000000003f10000
Library  C:\Users\dl\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\dl\AppData\Roaming\Dropbox\bin\Dropbox.exe [4852](2013-08-23 19:01:44)                                                                                               00000000515e0000
Library  C:\Users\dl\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\dl\AppData\Roaming\Dropbox\bin\Dropbox.exe [4852] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42)                                                                 0000000077670000
Library  C:\Users\dl\AppData\Local\Temp\_MEI5962\python27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5372] (Python Core/Python Software Foundation)(2014-09-26 00:34:15)                                                000000001e000000
Library  C:\Users\dl\AppData\Local\Temp\_MEI5962\win32api.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5372](2014-09-26 00:34:13)                                                                                         000000001e8c0000
Library  C:\Users\dl\AppData\Local\Temp\_MEI5962\pywintypes27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5372](2014-09-26 00:34:14)                                                                                     000000001e7a0000
Library  C:\Users\dl\AppData\Local\Temp\_MEI5962\pythoncom27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5372](2014-09-26 00:34:13)                                                                                      0000000000270000
Library  C:\Users\dl\AppData\Local\Temp\_MEI5962\_socket.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5372](2014-09-26 00:34:13)                                                                                          00000000003b0000
Library  C:\Users\dl\AppData\Local\Temp\_MEI5962\_ssl.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5372](2014-09-26 00:34:14)                                                                                             0000000010000000
Library  C:\Users\dl\AppData\Local\Temp\_MEI5962\win32com.shell.shell.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5372](2014-09-26 00:34:13)                                                                             000000001e800000
Library  C:\Users\dl\AppData\Local\Temp\_MEI5962\_hashlib.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5372](2014-09-26 00:34:14)                                                                                         00000000029e0000
Library  C:\Users\dl\AppData\Local\Temp\_MEI5962\wx._core_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5372](2014-09-26 00:34:13)                                                                                        0000000003280000
Library  C:\Users\dl\AppData\Local\Temp\_MEI5962\wxbase294u_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5372] (wxWidgets for MSW/wxWidgets development team)(2014-09-26 00:34:15)                                   00000000033b0000
Library  C:\Users\dl\AppData\Local\Temp\_MEI5962\wxbase294u_net_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5372] (wxWidgets for MSW/wxWidgets development team)(2014-09-26 00:34:17)                               00000000003d0000
Library  C:\Users\dl\AppData\Local\Temp\_MEI5962\wxmsw294u_core_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5372] (wxWidgets for MSW/wxWidgets development team)(2014-09-26 00:34:15)                               00000000035a0000
 
---- Registry - GMER 2.1 ----
 
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2bfde99f                                                                                                                                                                             
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2bfde99f (not active ControlSet)                                                                                                                                                         
 
---- EOF - GMER 2.1 ----
Link to post
Share on other sites

Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Norton Internet Security or Avast!.

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

fixlist.txt

Link to post
Share on other sites

here is the frst log, i didn't realize it created a log b/c it crashed, it looks like maybe i overwrote the first log by running it again, and that the fix worked?

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-09-2014
Ran by dl at 2014-09-26 08:54:53 Run:8
Running from C:\Users\dl\Downloads
Loaded Profiles: UpdatusUser & d & dl (Available profiles: UpdatusUser & d & dl)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CHR Extension: (Auto Refresh Plus) - C:\Users\dl\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih [2013-08-15]
CHR Extension: (Easy Auto Refresh) - C:\Users\dl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2013-05-09]
 
EmptyTemp:
 
*****************
 
C:\Users\dl\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih directory not found.
C:\Users\dl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc directory not found.
 
 
 
i also re raran frst scan so here is the log of that
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2014
Ran by dl (ATTENTION: The logged in user is not administrator) on D-HP on 26-09-2014 08:58:17
Running from C:\Users\dl\Downloads
Loaded Profiles: UpdatusUser & d & dl (Available profiles: UpdatusUser & d & dl)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Microsoft Corporation) C:\Users\dl\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Bloomberg L.P.) C:\blp\API\Office Tools\bxlaui.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(WebEx) C:\Program Files (x86)\AIM\AIM Pro\aimpro.exe
(Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Bloomberg L.P.) C:\blp\API\Office Tools\bxladiag.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Dropbox, Inc.) C:\Users\dl\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
() C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersHelper.exe
(ChessBase GmbH) C:\Program Files\ChessBase\CBase12\CBase12.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\dl\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-05-10] (IDT, Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [setDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-20] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [362432 2011-12-22] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AIMPro] => C:\Program Files (x86)\AIM\AIM Pro\aimpro.exe [5043528 2007-10-09] (WebEx)
HKLM-x32\...\Run: [Absolute Notifier] => C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe [85864 2013-07-19] (Absolute Software)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [1300792 2014-04-10] (Malwarebytes Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-23] (AVAST Software)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-07-08] (Hewlett-Packard)
HKLM\...\RunOnce: [*Restore] => C:\Windows\System32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-781968581-105214310-1320907150-1003\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-781968581-105214310-1320907150-1003\...\Run: [CLRHost] => C:\blp\API\Office Tools\bbxlcmd.exe [273920 2013-03-20] ()
HKU\S-1-5-21-781968581-105214310-1320907150-1003\...\Run: [skyDrive] => C:\Users\dl\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-21-781968581-105214310-1320907150-1003\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-781968581-105214310-1320907150-1003\...\Run: [Google Update] => C:\Users\dl\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-08-14] (Google Inc.)
HKU\S-1-5-21-781968581-105214310-1320907150-1003\...\Run: [GoogleChromeAutoLaunch_3BE3EF227D31C3258AE19A7422BA3B94] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-23] (Google Inc.)
HKU\S-1-5-21-781968581-105214310-1320907150-1003\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-781968581-105214310-1320907150-1003\...\MountPoints2: {301f5bf0-55d5-11e3-b87c-a0b3cc490d23} - F:\AutoRun.exe
HKU\S-1-5-21-781968581-105214310-1320907150-1003\...\MountPoints2: {301f5bf2-55d5-11e3-b87c-a0b3cc490d23} - F:\AutoRun.exe
HKU\S-1-5-21-781968581-105214310-1320907150-1003\...\MountPoints2: {605e4673-980e-11e3-b211-a0b3cc490d23} - F:\AutoRun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-10-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\Users\dl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\dl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\dl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\original1.Dropbox.lnk
ShortcutTarget: original1.Dropbox.lnk -> C:\Users\dl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\dl\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\dl\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\dl\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\dl\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: hp.com/HPDetect -> C:\Users\dl\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
FF Plugin ProgramFiles/Appdata: C:\Users\dl\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\dl\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\dl\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-23]
 
Chrome: 
=======
CHR Profile: C:\Users\dl\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\dl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-05-09]
CHR Extension: (Google Drive) - C:\Users\dl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-09]
CHR Extension: (Session Manager) - C:\Users\dl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2013-05-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\dl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\dl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-09]
CHR Extension: (Google Search) - C:\Users\dl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-09]
CHR Extension: (White Noise) - C:\Users\dl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkjpdnomgodmagfmhojepjlajpoicip [2013-12-17]
CHR Extension: (White Noise) - C:\Users\dl\AppData\Local\Google\Chrome\User Data\Default\Extensions\eliebigndoeiljgegombjpjdacmnpggj [2013-12-17]
CHR Extension: (avast! Online Security) - C:\Users\dl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-23]
CHR Extension: (TweetDeck by Twitter) - C:\Users\dl\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2013-05-09]
CHR Extension: (Reddit PGN viewer.) - C:\Users\dl\AppData\Local\Google\Chrome\User Data\Default\Extensions\hplecpnihkigeaiobbmfnfblepiadjdh [2013-05-09]
CHR Extension: (Kindle Cloud Reader) - C:\Users\dl\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-05-09]
CHR Extension: (Website Logon) - C:\Users\dl\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2013-10-28]
CHR Extension: (Hangouts) - C:\Users\dl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-08-23]
CHR Extension: (Google Wallet) - C:\Users\dl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\dl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-23]
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AbsoluteNotifier; C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [11112 2013-07-19] (Absolute Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-23] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-09-23] (AVAST Software)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2013-04-08] (CrashPlan) [File not signed]
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [347448 2014-04-10] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 MouseWithoutBordersSvc; C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [27872 2012-12-28] (Microsoft)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-08-21] (IBM Corp.)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-23] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-09-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-23] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-09-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-23] ()
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63928 2014-04-11] ()
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 RapportCerberus_80049; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80049.sys [768184 2014-09-23] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [444184 2014-08-21] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [536984 2014-08-21] (IBM Corp.)
S3 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [563096 2014-08-21] (IBM Corp.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [20016 2011-10-14] (Synaptics Incorporated)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 ATRK; \??\C:\Users\dl\Dropbox\alapin\TrendMicro AntiThreat Toolkit\hc_attk\atrk64.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-26 08:31 - 2014-09-26 08:31 - 02108928 _____ (Farbar) C:\Users\dl\Downloads\FRST64 (1).exe
2014-09-26 08:26 - 2014-09-26 08:26 - 00000320 _____ () C:\Users\dl\Downloads\fixlist.txt
2014-09-26 08:14 - 2014-09-26 08:14 - 00000000 ____D () C:\Users\dl\Downloads\FRST-OlderVersion
2014-09-25 23:47 - 2014-09-25 23:47 - 00006684 _____ () C:\Users\d\Documents\ark2.txt
2014-09-25 20:41 - 2014-09-25 20:41 - 31766208 _____ (Microsoft Corporation) C:\Users\dl\Downloads\Windows-KB890830-x64-V5.16 (4).exe
2014-09-25 17:52 - 2014-09-25 17:52 - 31766208 _____ (Microsoft Corporation) C:\Users\dl\Downloads\Windows-KB890830-x64-V5.16 (3).exe
2014-09-25 17:35 - 2014-09-25 17:35 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-25 17:35 - 2014-09-25 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-25 16:22 - 2014-09-25 16:22 - 31766208 _____ (Microsoft Corporation) C:\Users\dl\Downloads\Windows-KB890830-x64-V5.16 (2).exe
2014-09-25 16:05 - 2014-09-25 16:32 - 00000614 _____ () C:\Users\dl\Downloads\WY2014 Round 5.ini
2014-09-25 16:05 - 2014-09-25 16:05 - 00341044 _____ () C:\Users\dl\Downloads\WY2014 Round 5.pgn
2014-09-25 16:05 - 2014-09-25 16:05 - 00001864 _____ () C:\Users\dl\Downloads\WY2014 Round 5.pgi
2014-09-25 15:43 - 2014-09-25 15:43 - 31766208 _____ (Microsoft Corporation) C:\Users\dl\Downloads\Windows-KB890830-x64-V5.16 (1).exe
2014-09-25 15:40 - 2014-09-25 15:40 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\dl\Downloads\tdsskiller (1).exe
2014-09-25 15:37 - 2014-09-25 15:37 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\dl\Downloads\tdsskiller.exe
2014-09-25 15:34 - 2014-09-25 23:57 - 00006384 _____ () C:\Users\d\Documents\ark.txt
2014-09-25 15:06 - 2014-09-26 08:49 - 00000000 ____D () C:\Users\d\AppData\Local\CrashDumps
2014-09-25 10:49 - 2014-09-25 10:50 - 00380416 _____ () C:\Users\dl\Downloads\cz4v388t.exe
2014-09-25 09:15 - 2014-09-25 09:15 - 31766208 _____ (Microsoft Corporation) C:\Users\dl\Downloads\Windows-KB890830-x64-V5.16.exe
2014-09-24 17:50 - 2014-09-24 17:50 - 00039918 _____ () C:\Users\dl\Downloads\Addition (1).txt
2014-09-24 10:34 - 2014-09-24 10:36 - 00039918 _____ () C:\Users\dl\Downloads\Addition.txt
2014-09-24 10:33 - 2014-09-26 08:58 - 00032197 _____ () C:\Users\dl\Downloads\FRST.txt
2014-09-24 10:22 - 2014-09-24 10:22 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\dl\Downloads\rkill.exe
2014-09-24 09:27 - 2014-09-24 09:28 - 01682416 _____ (Malwarebytes Corporation) C:\Users\dl\Downloads\mbam-check-2.1.1.1001.exe
2014-09-24 08:53 - 2014-09-24 08:53 - 49305024 _____ () C:\Users\dl\Downloads\tws40_upgrade_latest (3).exe
2014-09-24 08:51 - 2014-09-24 08:50 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-24 08:50 - 2014-09-24 08:50 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-24 08:50 - 2014-09-24 08:50 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-24 08:50 - 2014-09-24 08:50 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-24 08:50 - 2014-09-24 08:50 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-24 08:48 - 2014-09-24 08:48 - 00918440 _____ (Oracle Corporation) C:\Users\dl\Downloads\chromeinstall-7u67.exe
2014-09-24 08:48 - 2014-09-24 08:48 - 00918440 _____ (Oracle Corporation) C:\Users\dl\Downloads\chromeinstall-7u67 (1).exe
2014-09-24 00:30 - 2014-09-26 08:58 - 00000000 ____D () C:\FRST
2014-09-24 00:12 - 2014-09-24 00:12 - 29421992 _____ (Oracle Corporation) C:\Users\dl\Downloads\jre-7u67-windows-i586 (1).exe
2014-09-24 00:02 - 2014-09-24 00:02 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-24 00:02 - 2014-09-24 00:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-24 00:02 - 2014-09-24 00:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-24 00:02 - 2014-09-24 00:02 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-23 23:59 - 2014-09-24 00:00 - 31013800 _____ (Oracle Corporation) C:\Users\dl\Downloads\jre-7u67-windows-x64.exe
2014-09-23 23:59 - 2014-09-24 00:00 - 29421992 _____ (Oracle Corporation) C:\Users\dl\Downloads\jre-7u67-windows-i586.exe
2014-09-23 23:33 - 2014-09-23 23:34 - 01373475 _____ () C:\Users\dl\Downloads\AdwCleaner (1).exe
2014-09-23 20:38 - 2014-09-23 20:38 - 00001952 _____ () C:\Users\Public\Desktop\avast! Premier.lnk
2014-09-23 20:36 - 2014-09-23 20:36 - 00000000 __SHD () C:\Users\d\AppData\Local\EmieUserList
2014-09-23 20:36 - 2014-09-23 20:36 - 00000000 __SHD () C:\Users\d\AppData\Local\EmieSiteList
2014-09-23 20:35 - 2014-09-23 20:35 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-09-23 20:34 - 2014-09-23 20:34 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-09-23 19:14 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-23 19:14 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-23 19:14 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-23 19:14 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-23 19:14 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-23 19:14 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-23 19:14 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-23 19:14 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-23 19:14 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-23 19:14 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-23 19:14 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-23 19:14 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-23 19:14 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-23 19:14 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-23 19:14 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-23 19:14 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-23 19:14 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-23 19:14 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-23 19:14 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-23 19:14 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-23 19:14 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-23 19:14 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-23 19:14 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-23 19:14 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-23 19:14 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-23 19:14 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-23 19:14 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-23 19:14 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-23 19:14 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-23 19:14 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-23 19:14 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-23 19:14 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-23 19:14 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-23 19:14 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-23 19:14 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-23 19:13 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-23 19:13 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-23 19:13 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-23 19:13 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-23 19:13 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-23 19:13 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-23 19:13 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-23 19:13 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-23 19:13 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-23 19:13 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-23 19:13 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-23 19:13 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-23 19:13 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-23 19:13 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-23 19:13 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-23 19:13 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-23 19:13 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-23 19:13 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-23 19:13 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-23 19:13 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-23 19:13 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-23 18:55 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-23 18:55 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-23 18:33 - 2014-09-23 18:33 - 00000000 ____D () C:\Users\d\AppData\Roaming\AVAST Software
2014-09-23 17:31 - 2014-09-23 17:31 - 00000000 ____D () C:\Users\dl\AppData\Roaming\AVAST Software
2014-09-23 17:30 - 2014-09-23 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-23 17:29 - 2014-09-23 17:29 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-23 17:29 - 2014-09-23 17:29 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-23 17:29 - 2014-09-23 17:29 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-23 17:29 - 2014-09-23 17:29 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-23 17:29 - 2014-09-23 17:29 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-23 17:29 - 2014-09-23 17:29 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-23 17:29 - 2014-09-23 17:29 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-23 17:29 - 2014-09-23 17:29 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-23 17:29 - 2014-09-23 17:29 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-23 17:29 - 2014-09-23 17:29 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-23 17:27 - 2014-09-23 17:27 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-23 17:26 - 2014-09-23 17:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-23 17:24 - 2014-09-23 17:24 - 04862664 _____ (AVAST Software) C:\Users\dl\Downloads\avast_free_antivirus_setup_online.exe
2014-09-23 16:35 - 2014-09-23 17:00 - 00000614 _____ () C:\Users\dl\Downloads\wycc-r3 (1).ini
2014-09-23 16:35 - 2014-09-23 16:35 - 00002008 _____ () C:\Users\dl\Downloads\wycc-r3 (1).pgi
2014-09-23 16:34 - 2014-09-23 16:34 - 00355955 _____ () C:\Users\dl\Downloads\wycc-r3 (1).pgn
2014-09-23 15:08 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 15:08 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 13:17 - 2014-09-23 17:40 - 00000614 _____ () C:\Users\dl\Downloads\wycc-r3.ini
2014-09-23 13:17 - 2014-09-23 13:17 - 00355955 _____ () C:\Users\dl\Downloads\wycc-r3.pgn
2014-09-23 13:17 - 2014-09-23 13:17 - 00002008 _____ () C:\Users\dl\Downloads\wycc-r3.pgi
2014-09-23 01:45 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-23 01:44 - 2014-09-23 23:39 - 00000000 ____D () C:\AdwCleaner
2014-09-23 01:43 - 2014-09-23 01:43 - 01373475 _____ () C:\Users\dl\Downloads\AdwCleaner.exe
2014-09-22 14:35 - 2014-09-22 14:35 - 00024242 _____ () C:\Users\dl\Downloads\Max Lu Openings.pgn
2014-09-22 14:13 - 2014-09-22 15:41 - 00000615 _____ () C:\Users\dl\Downloads\wycc-r2.ini
2014-09-22 14:12 - 2014-09-22 14:12 - 00281466 _____ () C:\Users\dl\Downloads\wycc-r2.pgn
2014-09-22 14:12 - 2014-09-22 14:12 - 00001580 _____ () C:\Users\dl\Downloads\wycc-r2.pgi
2014-09-22 09:42 - 2014-09-22 09:42 - 00000000 ____D () C:\Users\dl\Documents\Add-in Express
2014-09-21 16:20 - 2014-09-21 16:20 - 00001472 _____ () C:\Users\dl\Downloads\wycc-r1 (2).pgi
2014-09-21 15:48 - 2014-09-22 00:35 - 00000614 _____ () C:\Users\dl\Downloads\wycc-r1 (1).ini
2014-09-21 15:48 - 2014-09-21 15:48 - 00001472 _____ () C:\Users\dl\Downloads\wycc-r1 (1).pgi
2014-09-21 15:47 - 2014-09-21 15:47 - 00251927 _____ () C:\Users\dl\Downloads\wycc-r1.pgn
2014-09-21 15:47 - 2014-09-21 15:47 - 00251927 _____ () C:\Users\dl\Downloads\wycc-r1 (1).pgn
2014-09-21 15:47 - 2014-09-21 15:47 - 00001472 _____ () C:\Users\dl\Downloads\wycc-r1.pgi
2014-09-18 19:46 - 2014-09-18 19:46 - 00000708 _____ () C:\Users\dl\Downloads\fischer_spassky_1972 (1).pgn
2014-09-15 13:55 - 2014-09-15 13:55 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-15 13:55 - 2014-09-15 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-15 13:54 - 2014-09-15 13:55 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-15 13:54 - 2014-09-15 13:55 - 00000000 ____D () C:\Program Files\iTunes
2014-09-15 13:54 - 2014-09-15 13:55 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-15 13:54 - 2014-09-15 13:54 - 00000000 ____D () C:\Program Files\iPod
2014-09-14 09:30 - 2014-09-14 09:30 - 00000708 _____ () C:\Users\dl\Downloads\fischer_spassky_1972.pgn
2014-09-13 22:57 - 2014-09-13 22:57 - 00006579 _____ () C:\Users\dl\Downloads\max tarrasch french-1.cbv
2014-09-13 14:58 - 2014-09-13 14:58 - 00004977 _____ () C:\Users\dl\Downloads\publically available games max-1.cbv
2014-09-13 14:40 - 2014-09-13 14:40 - 00015791 _____ () C:\Users\dl\Downloads\max games  prior-1 (1).cbv
2014-09-13 14:38 - 2014-09-13 14:41 - 00000817 _____ () C:\Users\dl\Downloads\max games  prior-1.ini
2014-09-13 12:16 - 2014-09-13 12:16 - 00032937 _____ () C:\Users\dl\Downloads\chess_com_games_(17182444)-2014_09_13_9_13_am (1).pgn
2014-09-13 12:16 - 2014-09-13 12:16 - 00000506 _____ () C:\Users\dl\Downloads\chess_com_games_(17182444)-2014_09_13_9_13_am (2).pgn
2014-09-13 12:15 - 2014-09-13 12:15 - 00014455 _____ () C:\Users\dl\Downloads\chess_com_games_(17182444)-2014_09_13_9_13_am.pgn
2014-09-13 09:09 - 2014-09-13 09:10 - 00000611 _____ () C:\Users\dl\Downloads\Tim_Sage_vs_ttny2014_2014_09_02 (1).ini
2014-09-13 09:09 - 2014-09-13 09:09 - 00000562 _____ () C:\Users\dl\Downloads\Tim_Sage_vs_ttny2014_2014_09_02 (1).pgn
2014-09-13 08:56 - 2014-09-13 14:38 - 00015791 _____ () C:\Users\dl\Downloads\max games  prior-1.cbv
2014-09-13 08:55 - 2014-09-13 08:55 - 00001640 _____ () C:\Users\dl\Downloads\max games  prior-1.cbp
2014-09-13 08:55 - 2014-09-13 08:55 - 00001121 _____ () C:\Users\dl\Downloads\max games  prior-1.cbt
2014-09-13 08:55 - 2014-09-13 08:55 - 00000218 _____ () C:\Users\dl\Downloads\max games  prior-1.cbc
2014-09-13 08:55 - 2014-09-13 08:55 - 00000100 _____ () C:\Users\dl\Downloads\max games  prior-1.cbs
2014-09-13 08:53 - 2014-09-13 08:53 - 00013436 _____ () C:\Users\dl\Downloads\max games  prior-1.cba
2014-09-13 08:53 - 2014-09-13 08:53 - 00002417 _____ () C:\Users\dl\Downloads\max games  prior-1.cbg
2014-09-13 08:53 - 2014-09-13 08:53 - 00001592 _____ () C:\Users\dl\Downloads\max games  prior-1.cbj
2014-09-13 08:53 - 2014-09-13 08:53 - 00000966 _____ () C:\Users\dl\Downloads\max games  prior-1.cbh
2014-09-13 08:53 - 2014-09-13 08:53 - 00000093 _____ () C:\Users\dl\Downloads\max games  prior-1.cbtt
2014-09-13 08:45 - 2014-09-20 19:07 - 00000611 _____ () C:\Users\dl\Downloads\ttny2014_vs_sasha_13_2014_09_07 (1).ini
2014-09-13 08:44 - 2014-09-13 08:44 - 00000851 _____ () C:\Users\dl\Downloads\ttny2014_vs_sasha_13_2014_09_07 (1).pgn
2014-09-13 08:36 - 2014-09-13 08:36 - 00000032 _____ () C:\Users\dl\Downloads\max games  prior-1.cbm
2014-09-13 08:36 - 2014-09-13 08:36 - 00000032 _____ () C:\Users\dl\Downloads\max games  prior-1.cbe
2014-09-11 08:11 - 2014-09-11 08:11 - 00000000 ____D () C:\Users\d\Documents\Add-in Express
2014-09-10 19:47 - 2014-09-10 19:47 - 00000616 _____ () C:\Users\dl\Downloads\bartel_lie_2014.pgn
2014-09-09 13:44 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-09 13:44 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-09 13:44 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-09 13:44 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-09 13:44 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-09 13:44 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-09 13:44 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-09 13:44 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-09 13:44 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-09 13:43 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-09 13:43 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-08 21:36 - 2014-09-08 22:15 - 1051502888 _____ (ChessBase GmbH) C:\Users\dl\Downloads\SetupMega2014.exe
2014-09-08 20:04 - 2014-09-08 20:32 - 484134888 _____ (ChessBase GmbH) C:\Users\dl\Downloads\Setup_Playerbase.exe
2014-09-08 13:38 - 2014-09-08 13:39 - 00000000 ____D () C:\srevice 12
2014-09-07 13:35 - 2014-09-07 13:35 - 00000851 _____ () C:\Users\dl\Downloads\ttny2014_vs_sasha_13_2014_09_07.pgn
2014-09-05 22:29 - 2014-09-05 22:29 - 00000557 _____ () C:\Users\dl\Downloads\ttny2014_vs_MROlsson_2014_09_05 (1).pgn
2014-09-05 22:28 - 2014-09-05 22:28 - 00000557 _____ () C:\Users\dl\Downloads\ttny2014_vs_MROlsson_2014_09_05.pgn
2014-09-02 23:09 - 2014-09-02 23:09 - 00000784 _____ () C:\Users\dl\Downloads\Einherjar521_vs_ttny2014_2014_09_02.pgn
2014-09-02 23:05 - 2014-09-02 23:05 - 00000669 _____ () C:\Users\dl\Downloads\ttny2014_vs_Einherjar521_2014_09_02.pgn
2014-09-02 22:54 - 2014-09-02 22:54 - 00000562 _____ () C:\Users\dl\Downloads\Tim_Sage_vs_ttny2014_2014_09_02.pgn
2014-09-01 19:04 - 2014-09-01 19:04 - 01057176 _____ (Adobe) C:\Users\dl\Downloads\install_flashplayer14x32axau_mssa_aaa_aih.exe
2014-09-01 18:59 - 2014-09-01 18:59 - 00000655 _____ () C:\Users\dl\Downloads\ttny2014_vs_miky876_2014_09_01.pgn
2014-09-01 18:56 - 2014-09-01 18:56 - 00001296 _____ () C:\Users\dl\Downloads\SpinZero_vs_ttny2014_2014_08_31 (1).pgn
2014-08-31 21:06 - 2014-08-31 21:06 - 00001296 _____ () C:\Users\dl\Downloads\SpinZero_vs_ttny2014_2014_08_31.pgn
2014-08-31 20:17 - 2014-08-31 20:17 - 00007067 _____ () C:\Users\dl\Downloads\MaximillianLu.pgn
2014-08-31 10:53 - 2014-08-31 10:53 - 116272896 _____ (Microsoft Corporation) C:\Users\dl\Downloads\msert (15).exe
2014-08-31 09:29 - 2014-08-31 10:52 - 00000000 ____D () C:\Users\d\AppData\Local\NPE
2014-08-31 09:29 - 2014-08-31 09:29 - 03077584 ____N (Symantec Corporation) C:\Users\dl\Downloads\NPE.exe
2014-08-31 09:17 - 2014-08-31 09:26 - 00000000 ____D () C:\Users\d\AppData\Roaming\Skype
2014-08-31 09:17 - 2014-08-31 09:17 - 00000000 ____D () C:\Users\d\AppData\Local\Skype
2014-08-30 13:31 - 2014-08-30 13:31 - 00032139 _____ () C:\Users\dl\Downloads\chess_com_games_(17182444)-2014_08_30_10_27_am (1).pgn
2014-08-30 13:31 - 2014-08-30 13:31 - 00031772 _____ () C:\Users\dl\Downloads\chess_com_games_(17182444)-2014_08_30_10_27_am (2).pgn
2014-08-30 13:31 - 2014-08-30 13:31 - 00030151 _____ () C:\Users\dl\Downloads\chess_com_games_(17182444)-2014_08_30_10_27_am.pgn
2014-08-30 13:30 - 2014-08-30 13:30 - 00032383 _____ () C:\Users\dl\Downloads\chess_com_games_(17182444)-2014_08_30_10_28_am (1).pgn
2014-08-30 13:30 - 2014-08-30 13:30 - 00029989 _____ () C:\Users\dl\Downloads\chess_com_games_(17182444)-2014_08_30_10_28_am.pgn
2014-08-28 06:24 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 06:24 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 06:24 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-26 08:55 - 2013-05-10 22:07 - 00000000 ____D () C:\Users\dl\AppData\Local\CrashDumps
2014-09-26 08:52 - 2013-05-09 11:57 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-26 08:48 - 2009-07-14 00:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-26 08:48 - 2009-07-14 00:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-26 08:43 - 2013-05-09 11:21 - 01829341 _____ () C:\Windows\WindowsUpdate.log
2014-09-26 08:42 - 2013-05-13 00:56 - 00000000 ___RD () C:\Users\dl\Dropbox
2014-09-26 08:41 - 2014-07-07 01:27 - 00000000 ___RD () C:\Users\dl\OneDrive
2014-09-26 08:41 - 2013-05-09 14:45 - 00000000 ____D () C:\Users\dl\AppData\Roaming\Dropbox
2014-09-26 08:41 - 2013-05-09 14:34 - 00000000 ____D () C:\Users\dl\AppData\Roaming\Skype
2014-09-26 08:39 - 2013-08-14 22:55 - 00017408 _____ () C:\Windows\system32\rpcnetp.exe
2014-09-26 08:39 - 2013-08-12 10:08 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2014-09-26 08:39 - 2013-05-09 11:57 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-26 08:38 - 2014-05-25 13:19 - 00007199 _____ () C:\Windows\setupact.log
2014-09-26 08:38 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-26 08:30 - 2014-08-14 17:25 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-781968581-105214310-1320907150-1003UA.job
2014-09-26 08:13 - 2013-05-09 12:51 - 00000000 ____D () C:\Jts
2014-09-26 08:06 - 2014-05-27 12:27 - 00561940 _____ () C:\Windows\PFRO.log
2014-09-26 08:06 - 2013-05-09 10:39 - 00000000 ____D () C:\ProgramData\Norton
2014-09-26 08:05 - 2013-05-26 19:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-25 20:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-25 17:35 - 2012-02-29 19:20 - 00000000 ____D () C:\ProgramData\Skype
2014-09-25 17:30 - 2014-08-14 17:25 - 00000844 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-781968581-105214310-1320907150-1003Core.job
2014-09-25 15:08 - 2014-01-25 09:58 - 00000320 _____ () C:\Windows\Tasks\HPCeeScheduleFordl.job
2014-09-25 14:21 - 2014-07-07 01:27 - 00002161 _____ () C:\Users\dl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-09-25 00:18 - 2013-05-09 11:57 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 08:54 - 2014-01-15 00:06 - 00001928 _____ () C:\Users\Public\Desktop\TWS Previous Version.LNK
2014-09-24 08:54 - 2013-05-09 12:51 - 00002032 _____ () C:\Users\Public\Desktop\Trader Workstation 4.0.LNK
2014-09-24 08:54 - 2013-05-09 12:51 - 00000563 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check for TWS Updates.lnk
2014-09-24 08:54 - 2013-05-09 12:51 - 00000043 _____ () C:\Windows\ib.ini
2014-09-24 08:51 - 2013-10-19 13:39 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-24 02:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-24 00:06 - 2013-05-09 11:21 - 00000000 ____D () C:\Users\d
2014-09-23 23:50 - 2013-08-14 22:55 - 00017408 _____ () C:\Windows\SysWOW64\rpcnetp.dll
2014-09-23 23:49 - 2013-08-14 22:55 - 00017408 _____ () C:\Windows\SysWOW64\rpcnetp.exe
2014-09-23 20:48 - 2009-07-14 00:45 - 00314512 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-23 20:13 - 2014-04-10 09:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 19:12 - 2013-05-09 13:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-23 19:10 - 2014-03-22 17:51 - 00775124 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-23 19:10 - 2009-07-14 01:13 - 00775124 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-23 19:09 - 2013-07-21 18:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-23 18:53 - 2014-05-08 12:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-23 18:43 - 2014-01-26 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-09-23 17:26 - 2013-05-10 12:28 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-23 15:05 - 2012-02-29 19:10 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 15:05 - 2012-02-29 19:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 09:42 - 2013-05-11 05:36 - 00000000 ____D () C:\Users\dl\AppData\Stockwatch
2014-09-21 16:17 - 2013-09-07 04:33 - 00000720 _____ () C:\Users\dl\Downloads\PEPBTBsmp.ini
2014-09-21 13:59 - 2013-05-11 00:36 - 00000000 ____D () C:\Users\dl\AppData\Roaming\Apple Computer
2014-09-17 19:07 - 2013-05-13 00:56 - 00001004 _____ () C:\Users\dl\Desktop\Dropbox.lnk
2014-09-17 19:07 - 2013-05-13 00:52 - 00000000 ____D () C:\Users\dl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-17 15:35 - 2013-06-01 15:55 - 00000000 ____D () C:\Axys3
2014-09-15 09:06 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-11 08:11 - 2014-07-22 14:27 - 00004014 _____ () C:\Users\d\AppData\AppUpdate.log
2014-09-11 08:11 - 2014-07-17 09:46 - 00000000 ____D () C:\Users\d\AppData\Stockwatch
2014-09-09 00:19 - 2013-05-11 10:07 - 00000000 ____D () C:\Users\dl\Documents\ChessBase
2014-09-05 13:31 - 2013-08-12 10:07 - 00000000 ____D () C:\Temp
2014-09-01 13:38 - 2013-05-11 00:40 - 00000000 ____D () C:\Users\dl\AppData\Local\Bloomberg
2014-08-31 09:25 - 2014-07-07 09:19 - 00000000 ___RD () C:\Users\dl\Google Drive
2014-08-31 09:24 - 2013-05-09 11:24 - 00000000 ____D () C:\Users\d\AppData\Roaming\hpqlog
2014-08-31 09:21 - 2013-05-09 11:24 - 00000000 ____D () C:\Users\d\AppData\Roaming\Hewlett-Packard
2014-08-30 13:56 - 2014-06-15 10:25 - 00000000 ____D () C:\Users\d\AppData\Roaming\Apple Computer
2014-08-29 13:01 - 2013-05-10 12:54 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-27 19:45 - 2014-08-23 01:11 - 00000000 ____D () C:\ProgramData\firebird
2014-08-27 19:32 - 2014-08-23 01:10 - 00000000 ____D () C:\Users\dl\Documents\Chess Position Trainer 4
 
Some content of TEMP:
====================
C:\Users\dl\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfsud1v.dll
C:\Users\dl\AppData\Local\Temp\Extract.exe
C:\Users\dl\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD, see Addition.txt for additional information.
 
==================== End Of Log ============================
Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 9/26/2014

Scan Time: 9:01:14 AM

Logfile: 

Administrator: No

 

Version: 2.00.2.1012

Malware Database: v2014.09.26.04

Rootkit Database: v2014.09.19.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: dl

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 288290

Time Elapsed: 7 min, 34 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

I won´t do a system restore here.

 

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also

 
 
 
Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Link to post
Share on other sites

after running these i sitll get the popup. agian only for some websites.

 

~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.2.3 (09.27.2014:1)

OS: Windows 7 Home Premium x64

Ran by d on Mon 09/29/2014 at 21:32:49.65

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{70AC9BAC-E975-40CE-B361-AE6048A26D49}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{70AC9BAC-E975-40CE-B361-AE6048A26D49}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 09/29/2014 at 21:40:27.52

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 


# AdwCleaner v3.310 - Report created 29/09/2014 at 20:54:48

# Updated 12/09/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : d - D-HP

# Running from : C:\Users\dl\Downloads\AdwCleaner (1).exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17280

 

 

-\\ Google Chrome v37.0.2062.124

 

[ File : C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

[ File : C:\Users\dl\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [2750 octets] - [23/09/2014 01:44:27]

AdwCleaner[R1].txt - [2814 octets] - [23/09/2014 23:34:25]

AdwCleaner[R2].txt - [1053 octets] - [29/09/2014 09:59:09]

AdwCleaner[R3].txt - [1114 octets] - [29/09/2014 10:06:50]

AdwCleaner[R4].txt - [1174 octets] - [29/09/2014 20:51:03]

AdwCleaner[s0].txt - [2606 octets] - [23/09/2014 23:38:48]

AdwCleaner[s1].txt - [1098 octets] - [29/09/2014 20:54:48]

 

########## EOF - \AdwCleaner\AdwCleaner[s1].txt - [1158 octets] ##########

 

Link to post
Share on other sites

~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.2.3 (09.27.2014:1)

OS: Windows 7 Home Premium x64

Ran by d on Mon 09/29/2014 at 21:32:49.65

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{70AC9BAC-E975-40CE-B361-AE6048A26D49}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{70AC9BAC-E975-40CE-B361-AE6048A26D49}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 09/29/2014 at 21:40:27.52

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

 

Update, 9/29/2014 7:45:00 AM, SYSTEM, D-HP, Scheduler, Malware Database, 2014.9.29.2, 2014.9.29.4, 

Protection, 9/29/2014 7:45:26 AM, SYSTEM, D-HP, Protection, Refresh, Starting, 

Protection, 9/29/2014 7:45:26 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopping, 

Protection, 9/29/2014 7:45:27 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopped, 

Protection, 9/29/2014 7:45:45 AM, SYSTEM, D-HP, Protection, Refresh, Success, 

Protection, 9/29/2014 7:45:46 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Starting, 

Protection, 9/29/2014 7:45:46 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Started, 

Update, 9/29/2014 8:39:57 AM, SYSTEM, D-HP, Scheduler, Malware Database, 2014.9.29.4, 2014.9.29.5, 

Protection, 9/29/2014 8:39:58 AM, SYSTEM, D-HP, Protection, Refresh, Starting, 

Protection, 9/29/2014 8:39:58 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopping, 

Protection, 9/29/2014 8:39:58 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopped, 

Protection, 9/29/2014 8:40:04 AM, SYSTEM, D-HP, Protection, Refresh, Success, 

Protection, 9/29/2014 8:40:04 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Starting, 

Protection, 9/29/2014 8:40:05 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Started, 

Update, 9/29/2014 9:45:59 AM, SYSTEM, D-HP, Scheduler, Malware Database, 2014.9.29.5, 2014.9.29.6, 

Protection, 9/29/2014 9:46:00 AM, SYSTEM, D-HP, Protection, Refresh, Starting, 

Protection, 9/29/2014 9:46:00 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopping, 

Protection, 9/29/2014 9:46:00 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopped, 

Protection, 9/29/2014 9:46:06 AM, SYSTEM, D-HP, Protection, Refresh, Success, 

Protection, 9/29/2014 9:46:06 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Starting, 

Protection, 9/29/2014 9:46:07 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Started, 

Update, 9/29/2014 10:44:42 AM, SYSTEM, D-HP, Scheduler, Malware Database, 2014.9.29.6, 2014.9.29.7, 

Protection, 9/29/2014 10:44:49 AM, SYSTEM, D-HP, Protection, Refresh, Starting, 

Protection, 9/29/2014 10:44:50 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopping, 

Protection, 9/29/2014 10:44:50 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopped, 

Protection, 9/29/2014 10:44:56 AM, SYSTEM, D-HP, Protection, Refresh, Success, 

Protection, 9/29/2014 10:44:56 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Starting, 

Protection, 9/29/2014 10:44:56 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Started, 

Update, 9/29/2014 12:41:06 PM, SYSTEM, D-HP, Scheduler, Malware Database, 2014.9.29.7, 2014.9.29.9, 

Protection, 9/29/2014 12:41:07 PM, SYSTEM, D-HP, Protection, Refresh, Starting, 

Protection, 9/29/2014 12:41:08 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopping, 

Protection, 9/29/2014 12:41:08 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopped, 

Protection, 9/29/2014 12:41:14 PM, SYSTEM, D-HP, Protection, Refresh, Success, 

Protection, 9/29/2014 12:41:14 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Starting, 

Protection, 9/29/2014 12:41:15 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Started, 

Update, 9/29/2014 2:30:21 PM, SYSTEM, D-HP, Scheduler, Malware Database, 2014.9.29.9, 2014.9.29.11, 

Protection, 9/29/2014 2:30:22 PM, SYSTEM, D-HP, Protection, Refresh, Starting, 

Protection, 9/29/2014 2:30:23 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopping, 

Protection, 9/29/2014 2:30:23 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopped, 

Protection, 9/29/2014 2:30:29 PM, SYSTEM, D-HP, Protection, Refresh, Success, 

Protection, 9/29/2014 2:30:29 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Starting, 

Protection, 9/29/2014 2:30:30 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Started, 

Update, 9/29/2014 5:59:24 PM, SYSTEM, D-HP, Scheduler, Malware Database, 2014.9.29.11, 2014.9.29.12, 

Protection, 9/29/2014 5:59:24 PM, SYSTEM, D-HP, Protection, Refresh, Starting, 

Protection, 9/29/2014 5:59:25 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopping, 

Protection, 9/29/2014 5:59:25 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopped, 

Protection, 9/29/2014 5:59:39 PM, SYSTEM, D-HP, Protection, Refresh, Success, 

Protection, 9/29/2014 5:59:39 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Starting, 

Protection, 9/29/2014 5:59:40 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Started, 

Update, 9/29/2014 8:02:38 PM, SYSTEM, D-HP, Scheduler, Malware Database, 2014.9.29.12, 2014.9.29.14, 

Protection, 9/29/2014 8:02:39 PM, SYSTEM, D-HP, Protection, Refresh, Starting, 

Protection, 9/29/2014 8:02:39 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopping, 

Protection, 9/29/2014 8:02:40 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopped, 

Protection, 9/29/2014 8:03:40 PM, SYSTEM, D-HP, Protection, Refresh, Success, 

Protection, 9/29/2014 8:03:40 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Starting, 

Protection, 9/29/2014 8:03:41 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Started, 

Protection, 9/29/2014 9:56:28 PM, SYSTEM, D-HP, Protection, Malware Protection, Starting, 

Protection, 9/29/2014 9:56:28 PM, SYSTEM, D-HP, Protection, Malware Protection, Started, 

Protection, 9/29/2014 9:56:29 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Starting, 

Protection, 9/29/2014 9:57:44 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Started, 

Detection, 9/29/2014 9:59:49 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49974, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

Detection, 9/29/2014 9:59:49 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49974, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

Detection, 9/29/2014 9:59:49 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49975, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

Detection, 9/29/2014 10:13:27 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50473, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

Protection, 9/29/2014 10:23:57 PM, SYSTEM, D-HP, Protection, Malware Protection, Starting, 

Protection, 9/29/2014 10:23:58 PM, SYSTEM, D-HP, Protection, Malware Protection, Started, 

Protection, 9/29/2014 10:23:58 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Starting, 

Protection, 9/29/2014 10:24:18 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Started, 

 

(end)

Link to post
Share on other sites

Farbar Recovery Scan Tool (x64) Version: 26-09-2014

Ran by dl at 2014-09-30 09:28:20

Running from C:\Users\dl\Downloads

Boot Mode: Normal

 

================== Search Registry: "searchnet;blinkxcore" ===========

 

 

===================== Search result for "searchnet" ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{D92078C4-1B1D-4122-B77C-847294D3E05A}"="v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=66.45.56.100-66.45.56.199|Name=searchnet.blinkxcore.com|"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{D92078C4-1B1D-4122-B77C-847294D3E05A}"="v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=66.45.56.100-66.45.56.199|Name=searchnet.blinkxcore.com|"

 

===================== Search result for "blinkxcore" ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{D92078C4-1B1D-4122-B77C-847294D3E05A}"="v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=66.45.56.100-66.45.56.199|Name=searchnet.blinkxcore.com|"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{D92078C4-1B1D-4122-B77C-847294D3E05A}"="v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=66.45.56.100-66.45.56.199|Name=searchnet.blinkxcore.com|"

====== End Of Search ======

Link to post
Share on other sites

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

hi i get the error application has generated an exception that could not be handled. procedd id = 0x1990, threat id=0x1e50 (7760)

click Ok to terminate the application

click cancel to debug the application. 

the program did produce a log though

 

Farbar Recovery Scan Tool (x64) Version: 26-09-2014
Ran by dl at 2014-09-30 09:28:20
Running from C:\Users\dl\Downloads
Boot Mode: Normal
 
================== Search Registry: "searchnet;blinkxcore" ===========
 
 
===================== Search result for "searchnet" ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D92078C4-1B1D-4122-B77C-847294D3E05A}"="v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=66.45.56.100-66.45.56.199|Name=searchnet.blinkxcore.com|"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D92078C4-1B1D-4122-B77C-847294D3E05A}"="v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=66.45.56.100-66.45.56.199|Name=searchnet.blinkxcore.com|"
 
===================== Search result for "blinkxcore" ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D92078C4-1B1D-4122-B77C-847294D3E05A}"="v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=66.45.56.100-66.45.56.199|Name=searchnet.blinkxcore.com|"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D92078C4-1B1D-4122-B77C-847294D3E05A}"="v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=66.45.56.100-66.45.56.199|Name=searchnet.blinkxcore.com|"
====== End Of Search ======
Link to post
Share on other sites

sorry i pasted the wrong log, here is the correct one

 

ComboFix 14-09-29.02 - d 09/30/2014  11:07:32.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16279.10905 [GMT -4:00]
Running from: c:\users\dl\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\d\AppData\Local\assembly\tmp
c:\users\dl\AppData\Local\assembly\tmp
c:\windows\TEMP\jna8557937401749638396.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-28 to 2014-09-30  )))))))))))))))))))))))))))))))
.
.
2014-09-30 15:19 . 2014-09-30 15:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-09-30 15:19 . 2014-09-30 15:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-30 15:19 . 2014-09-30 15:19 -------- d-----w- c:\users\d\AppData\Local\temp
2014-09-30 05:33 . 2014-09-30 05:33 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2250873-2B3C-4572-9953-03A7EA2E196C}\offreg.dll
2014-09-30 02:30 . 2014-09-30 02:30 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Exploit
2014-09-30 02:08 . 2014-09-30 02:43 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit
2014-09-30 01:47 . 2014-09-30 15:18 -------- d-----w- c:\users\d\AppData\Local\assembly
2014-09-30 01:32 . 2014-09-30 01:32 -------- d-----w- c:\windows\ERUNT
2014-09-26 16:18 . 2014-09-30 15:18 -------- d-----w- c:\users\dl\AppData\Local\assembly
2014-09-26 06:09 . 2014-09-15 06:08 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2250873-2B3C-4572-9953-03A7EA2E196C}\mpengine.dll
2014-09-25 21:35 . 2014-09-25 21:35 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-09-25 21:35 . 2014-09-25 21:35 -------- d-----r- c:\program files (x86)\Skype
2014-09-25 19:06 . 2014-09-26 12:49 -------- d-----w- c:\users\d\AppData\Local\CrashDumps
2014-09-24 12:51 . 2014-09-24 12:51 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-09-24 12:50 . 2014-09-24 12:50 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-24 12:50 . 2014-09-24 12:50 -------- d-----w- c:\program files (x86)\Java
2014-09-24 04:30 . 2014-09-30 13:28 -------- d-----w- C:\FRST
2014-09-24 04:02 . 2014-09-24 04:02 319912 ----a-w- c:\windows\system32\javaws.exe
2014-09-24 04:02 . 2014-09-24 04:02 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-09-24 04:02 . 2014-09-24 04:02 189352 ----a-w- c:\windows\system32\javaw.exe
2014-09-24 04:02 . 2014-09-24 04:02 189352 ----a-w- c:\windows\system32\java.exe
2014-09-24 00:36 . 2014-09-24 00:36 -------- d-sh--w- c:\users\d\AppData\Local\EmieUserList
2014-09-24 00:36 . 2014-09-24 00:36 -------- d-sh--w- c:\users\d\AppData\Local\EmieSiteList
2014-09-24 00:35 . 2014-09-24 00:35 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-09-24 00:34 . 2014-09-24 00:34 448400 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-09-23 23:13 . 2014-08-18 22:18 639488 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll
2014-09-23 22:55 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-23 22:55 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-23 22:33 . 2014-09-23 22:33 -------- d-----w- c:\users\d\AppData\Roaming\AVAST Software
2014-09-23 21:31 . 2014-09-23 21:31 -------- d-----w- c:\users\dl\AppData\Roaming\AVAST Software
2014-09-23 21:29 . 2014-09-23 21:29 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-09-23 21:29 . 2014-09-23 21:29 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-09-23 21:29 . 2014-09-23 21:29 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-09-23 21:29 . 2014-09-23 21:29 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-09-23 21:29 . 2014-09-23 21:29 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-09-23 21:29 . 2014-09-23 21:29 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-09-23 21:29 . 2014-09-23 21:29 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-09-23 21:29 . 2014-09-23 21:29 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-09-23 21:29 . 2014-09-23 21:29 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-09-23 21:29 . 2014-09-23 21:29 43152 ----a-w- c:\windows\avastSS.scr
2014-09-23 21:27 . 2014-09-23 21:27 -------- d-----w- c:\program files\AVAST Software
2014-09-23 21:26 . 2014-09-23 21:27 -------- d-----w- c:\programdata\AVAST Software
2014-09-23 19:08 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-23 19:08 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-23 05:45 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-09-23 05:44 . 2014-09-30 00:55 -------- d-----w- C:\AdwCleaner
2014-09-15 17:54 . 2014-09-15 17:54 -------- d-----w- c:\program files\iPod
2014-09-15 17:54 . 2014-09-15 17:55 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-15 17:54 . 2014-09-15 17:55 -------- d-----w- c:\program files\iTunes
2014-09-15 17:54 . 2014-09-15 17:55 -------- d-----w- c:\program files (x86)\iTunes
2014-09-09 17:44 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-09 17:44 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-09 17:44 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-09 17:44 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-09 17:44 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-09 17:44 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-09 17:44 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-09 17:44 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-09 17:44 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-09 17:43 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-09 17:43 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-09-08 17:38 . 2014-09-08 17:39 -------- d-----w- C:\srevice 12
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-30 02:23 . 2013-08-15 02:55 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2014-09-30 02:23 . 2013-08-12 14:08 69792 ----a-w- c:\windows\SysWow64\rpcnet.dll
2014-09-24 03:50 . 2013-08-15 02:55 17408 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2014-09-24 03:49 . 2013-08-15 02:55 17408 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2014-09-24 00:13 . 2014-04-10 13:20 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-23 22:32 . 2011-03-29 02:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-23 19:05 . 2012-02-29 23:10 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-23 19:05 . 2012-02-29 23:10 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-15 13:06 . 2010-11-21 03:27 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-08-29 17:01 . 2013-05-10 16:54 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-08-23 02:07 . 2014-08-28 10:24 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 10:24 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-28 10:24 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-21 20:03 . 2014-01-26 15:09 536984 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2014-07-25 06:35 . 2014-07-25 06:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47 . 2014-07-25 03:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-18 16:38 . 2014-07-18 16:38 491008 ----a-r- c:\users\dl\AppData\Roaming\Microsoft\Installer\{19C7ABD4-4445-48B0-9D02-5A706D080688}\RDMC.exe
2014-07-18 16:38 . 2014-07-18 16:38 481280 ----a-r- c:\users\dl\AppData\Roaming\Microsoft\Installer\{19C7ABD4-4445-48B0-9D02-5A706D080688}\EikonDesktop.exe
2014-07-18 16:38 . 2014-07-18 16:38 318976 ----a-r- c:\users\dl\AppData\Roaming\Microsoft\Installer\{19C7ABD4-4445-48B0-9D02-5A706D080688}\EikonExcel.exe
2014-07-14 02:02 . 2014-08-13 22:41 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-13 22:41 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-07-09 02:03 . 2014-08-13 22:42 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-07-09 02:03 . 2014-08-13 22:42 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-07-09 02:03 . 2014-08-13 22:42 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-07-09 02:03 . 2014-08-13 22:42 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-09 02:03 . 2014-08-13 22:42 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-07-09 01:31 . 2014-08-13 22:42 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31 . 2014-08-13 22:42 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-08-27 22041192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2011-12-05 291096]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-12-22 362432]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"AIMPro"="c:\program files (x86)\AIM\AIM Pro\aimpro.exe" [2007-10-09 5043528]
"Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2013-07-19 85864]
"Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2014-08-29 440632]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-09-23 4085896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
c:\users\dl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
original1.desktop.ini [2013-5-10 174]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2013-4-8 209920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MouseWithoutBordersSvc;Mouse without Borders Service;c:\program files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe;c:\program files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [x]
R2 rpcld;Remote Procedure Call (RPC) LD;c:\programdata\Rpcnet\Bin\rpcld.exe;c:\programdata\Rpcnet\Bin\rpcld.exe [x]
R3 ATRK;ATRK;c:\users\dl\Dropbox\alapin\TrendMicro AntiThreat Toolkit\hc_attk\atrk64.sys;c:\users\dl\Dropbox\alapin\TrendMicro AntiThreat Toolkit\hc_attk\atrk64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcecm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RapportKE64;RapportKE64;c:\windows\system32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
R3 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S1 RapportCerberus_80049;RapportCerberus_80049;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80049.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80049.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe;c:\program files\CrashPlan\CrashPlanService.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys;c:\windows\SYSNATIVE\drivers\Smb_driver.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 03:52 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-29 19:05]
.
2014-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-09 15:57]
.
2014-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-09 15:57]
.
2014-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-781968581-105214310-1320907150-1003Core.job
- c:\users\dl\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-14 21:25]
.
2014-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-781968581-105214310-1320907150-1003UA.job
- c:\users\dl\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-14 21:25]
.
2014-09-29 c:\windows\Tasks\HPCeeScheduleFordl.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-09-23 21:29 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-05-11 1425408]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-05-25 439064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-05-25 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-05-25 398616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-07-09 21720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{824C7CCD-F389-42FE-AA64-6469601361B5}: NameServer = 8.8.8.8,8.8.4.4
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\d\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\d\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\d\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\dl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\d\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
c:\users\dl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\original1.Dropbox.lnk - c:\users\d\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Bloomberg Keyboard v11.1 - c:\windows\System32\drivers\UNWISE.EXE
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}]
@DACL=(02 0000)
@="Dropbox Autoplay COM Server"
.
[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}]
@Class="REG_SZ"
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
@DACL=(02 0000)
@="SyncingOverlayHandler Class"
.
[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
@DACL=(02 0000)
@="ErrorOverlayHandler Class"
.
[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{C9E37353-EC76-4A58-B575-BBA8B4BD06D1}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}]
@DACL=(02 0000)
@="SkyDriveEx"
.
[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}]
@DACL=(02 0000)
@="SynTPCpl0"
"LocalizedString"="Synaptics TouchPad V8.1"
"System.ApplicationName"="Synaptics.SynTPCpl0"
"System.ControlPanel.Category"="2"
"System.Software.TasksFileUrl"="c:\\ProgramData\\Synaptics\\SynTP\\SynTPCpl0.xml"
.
[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
@DACL=(02 0000)
@="UpToDateOverlayHandler Class"
.
[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}]
@DACL=(02 0000)
@="SyncFileInformationProvider Class"
.
[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-09-30  11:24:54
ComboFix-quarantined-files.txt  2014-09-30 15:24
.
Pre-Run: 249,573,908,480 bytes free
Post-Run: 249,311,731,712 bytes free
.
- - End Of File - - 552A4E9A9C1636B6CE1657C8FFF6079C
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.