Jump to content

Cannot start mbam or its services


sreigle
 Share

Recommended Posts

Note - the forum says my post is too long so am instead attaching farbar logs and hijack this log as files.

 

Symptoms:
- MBAM Premium will not start
- Chameleon cannot start mbam (tried all 13 buttons)
- Internet connection is slow and jerky. It is normally fast cable internet. Wife's laptop connection is fine, so the cable is not the problem.

Sequence of events (may have forgotten some):
2 or 3 weeks ago:
- MBAM would not start. Internet was jerky and slow.
- Started safe mode. Started MBAM. During scan, computer suddenly powered off.
- started safe mode. While trying to start MBAM, computer powered off.
- started safe mode with dos prompt. Ran Chameleon. Tried all 13 buttons. None would start mbam.
- uninstalled mbam and reinstalled from my copy of an earlier version of mbam. It installed and immediately downloaded and tried to install the current version but got errors and could not install properly.
- Fully restored drive C from a two-month old backup to make sure it was prior to the problems. The backup included the current mbam which then updated definitions.
- All was well for roughly a week.

About a week ago:
All was well for about a week when the above symptoms started again.
- tried starting safe mode but laptop powered off each time.
- tried Chameleon in regular windows. Could not start mbam.
- Started regular windows. First move of the mouse the laptop powered off. Did this three times before it stopped doing that.

- Fully restored drive C from the point above (about a week back).
- uninstalled Microsoft Security Essentials anti-virus and installed the free version of Avast.
- Avast found several problems and fixed them. Did both in-windows full system scan and boot-time scan. Problems fixed each time.
- All was fine but noticed Norton Ghost backup had got confused and I no longer had the source files for the above backups. Ghost started over in other words.
- After roughly a week the above symptoms returned.
- downloaded and ran malwarebytes' anti-rootkit beta but it found nothing.

At this time:
- cannot start mbam
- tried starting mbamservice.exe and mbamscheduler.exe services from admin tools/services. Both try to start but do not. Message is that they "terminated unexpectedly."
- Avast finds no problems, both with full system in-windows scan and boot time scan. It did find some corrupted google earth compressed files and one corrupted Garmin compressed file. Have since uninstalled google earth and deleted that folder.

Have seen other posts here about this problem but the assistance seems to be individualized. I need some help/guidance here. Can someone help?
I am very reluctant to just reformat and reinstall everything.
Per this forum, below are pasted the logs for
last Malwarebytes Anti-Malware log - xml format
Farbar - frst.txt and addition.txt
Hiack This - log file

Thanks. Will appreciate any help you can give me.

--------------- start Malwarebytes log -
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/10/08 05:03:17 -0700</date>
<logfile>mbam-log-2014-10-08 (05-03-15).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.10.08.03</malware-database>
<rootkit-database>v2014.09.19.01</rootkit-database>
<license>premium</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>enabled</self-protection>
</engine>
<system>
<osversion>Windows 7</osversion>
<arch>x64</arch>
<username>Steve</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>335491</objects>
<time>2783</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>
--------- end malware log ------------
farbar frst.txt and addition.txt and hijack this log are attached as files.

Addition.txt

FRST.txt

hijackthis.log

Link to post
Share on other sites

  • Replies 58
  • Created
  • Last Reply

Top Posters In This Topic

When I try to rename it, it says I have to provide Administrator permission to rename the file. I have just one user account on this sytem and it is an Administrator. So how can I rename this? Last I checked I was not able to start safe mode.

 

I also tried renaming it from a cmd prompt but "access is denied."

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.



 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


Thank you
 

Link to post
Share on other sites

- note - no problem using regedit if you want me to modify the registry. I'm a retired techie (old) who is not current with current software and hardware technologies but I have the basics. Bought my first home computer in 1980. This just to give you a comfort level with whatever you ask me to do.

- disabled Avast for the duration except for a short period the first time I tried to run RogueKiller. It was stuck in "Initialization" for 15 minutes until I disabled Avast. I ended up running it again anyhow. See below about that.

- where I say "log attached" it may be copied/pasted as requested unless the post is too long. Then it's attached.

A separate question for you... should I emable self protection for mbam? I had it enabled previously. Anything else I should set other than what's in your prior post?

Here's the sequence of events for my running the tests and all that you outlined:

1. Ran Rkill. Log attached.
2. Ran erunt.
3. mbam would not start.
4. did the mbam-clean process as outlined in the link. Note: I have mbam premium.
5. Installed the latest mbam, downloaded a couple of days ago.
6. Mbam started!
7. Activated, did the update, and made the recommended settings changes.
8. Ran a threat scan - nothing detected. Log attached.
9. rebooted
10. Mbam started with the boot process!  ***NOTE: just noticed I have no right-click context menu on the tray icon. I can double-click and bring up mbam but no context menu.***
11. Reactivated Avast.
12. Started RogueKiller64
13. RK64 was stuck in intialization for 15 minutes until I deactivated Avast again.
14. No report from RK64. I had not pressed the Report button. Ran RK64 again, this time withough activating Avast. It went much quicker. Clicked the report button and saved the report that came up. Report attached.

Here are the reports:
-----RKILL log 1-----
Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingc...opic308364.html

Program started at: 10/15/2014 12:01:45 PM in x64 mode.
Windows Version: Windows 7 Home Premium

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 10/15/2014 12:03:55 PM
Execution time: 0 hours(s), 2 minute(s), and 10 seconds(s)
-----end rkill log 1-----

-----rkill log 2-----
Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingc...opic308364.html

Program started at: 10/15/2014 12:29:56 PM in x64 mode.
Windows Version: Windows 7 Home Premium

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 10/15/2014 12:32:43 PM
Execution time: 0 hours(s), 2 minute(s), and 47 seconds(s)
-----end rkill log 2-----

-----mbam threat log-----
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/15/2014
Scan Time: 12:44:57 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.15.08
Rootkit Database: v2014.10.15.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: Steve

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337710
Time Elapsed: 28 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
------end mbam threat log-----

-----RogueKiller64 log-----
RogueKiller V10.0.1.0 (x64) [Oct 10 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Steve [Administrator]
Mode : Scan -- Date : 10/15/2014  14:00:23

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 17 ¤¤¤
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2685816709-1183233577-2187356989-1001\Software\Microsoft\Windows

\CurrentVersion\Run | PCShowServer : C:\Users\Steve\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe  -> Found
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2685816709-1183233577-2187356989-1001\Software\Microsoft\Windows

\CurrentVersion\Run | PCShowServer : C:\Users\Steve\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2685816709-1183233577-2187356989-1001\Software\Microsoft\Internet Explorer

\Main | Start Page : http://my.yahoo.com/  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2685816709-1183233577-2187356989-1001\Software\Microsoft\Internet Explorer

\Main | Start Page : http://my.yahoo.com/  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{DE6421C2-A2F9-47BB-

AD0C-3FC7132A7634} | DhcpNameServer : 172.16.0.1  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2685816709-1183233577-2187356989-1001\Software\Microsoft\Windows

\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2685816709-1183233577-2187356989-1001\Software\Microsoft\Windows

\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2685816709-1183233577-2187356989-1001\Software\Microsoft\Windows

\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2685816709-1183233577-2187356989-1001\Software\Microsoft\Windows

\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2685816709-1183233577-2187356989-1001\Software\Microsoft\Windows

\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2685816709-1183233577-2187356989-1001\Software\Microsoft\Windows

\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons

\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons

\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons

\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons

\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2685816709-1183233577-2187356989-1001\Software\Microsoft\Windows

\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2685816709-1183233577-2187356989-1001\Software\Microsoft\Windows

\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 190 (Driver: Loaded) ¤¤¤
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - ADVANCEDSETUPDIALOG : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1730c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AbortPrinter : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1d220
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AddFormA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf17384
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AddFormW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1f2e0
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AddJobA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf19648
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AddJobW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf24fa0
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AddMonitorA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf17824
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AddMonitorW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf255e4
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AddPortA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf17590
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AddPortExA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf17c50
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AddPortExW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf20728
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AddPortW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf27aa8
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AddPrintProcessorA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf16700
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AddPrintProcessorW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf23f98
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AddPrintProvidorA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf17a7c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AddPrintProvidorW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf20300
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AddPrinterA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf15bf8
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AddPrinterConnection2A : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf159b8
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AddPrinterConnection2W : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf380b8
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AddPrinterConnectionA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf15cf8
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AddPrinterConnectionW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf377c4
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AddPrinterDriverA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf163cc
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AddPrinterDriverExA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf161b4
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AddPrinterDriverExW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf22d00
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AddPrinterDriverW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1c840
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AddPrinterW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf229a8
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AdvancedDocumentPropertiesA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1a828
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AdvancedDocumentPropertiesW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1f1a0
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - AdvancedSetupDialog : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1730c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - ClosePrinter : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf2f798
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - CloseSpoolFileHandle : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1e000
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - CommitSpoolData : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1dee4
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - ConfigurePortA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1762c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - ConfigurePortW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf27d84
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - ConnectToPrinterDlg : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf2157c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - ConvertAnsiDevModeToUnicodeDevmode : C:\Windows\system32\WINSPOOL.DRV @

0x7fefaf15794
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - ConvertUnicodeDevModeToAnsiDevmode : C:\Windows\system32\WINSPOOL.DRV @

0x7fefaf18748
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - CorePrinterDriverInstalledA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf38da8
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - CorePrinterDriverInstalledW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf3940c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - CreatePrintAsyncNotifyChannel : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf384ac
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - CreatePrinterIC : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf2002c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DEVICECAPABILITIES : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1acf8
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DEVICEMODE : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf170e4
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeleteFormA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1743c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeleteFormW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1f3f0
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeleteMonitorA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf178e8
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeleteMonitorW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf256bc
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeletePortA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf176c8
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeletePortW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf2806c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeletePrintProcessorA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf179a8
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeletePrintProcessorW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf25758
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeletePrintProvidorA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf17b90
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeletePrintProvidorW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf257f4
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeletePrinter : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf22c14
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeletePrinterConnectionA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf15d44
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeletePrinterConnectionW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf37ef0
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeletePrinterDataA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf168cc
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeletePrinterDataExA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf16938
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeletePrinterDataExW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1e59c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeletePrinterDataW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1e4e8
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeletePrinterDriverA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf164bc
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeletePrinterDriverExA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf163e0
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeletePrinterDriverExW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf23e48
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeletePrinterDriverPackageA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf390c0
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeletePrinterDriverPackageW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf39670
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeletePrinterDriverW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf23efc
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeletePrinterIC : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf201c4
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeletePrinterKeyA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf169d8
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeletePrinterKeyW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1e66c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DevQueryPrint : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf207e8
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DevQueryPrintEx : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf20888
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeviceCapabilities : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1acf8
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeviceCapabilitiesA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1acf8
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeviceCapabilitiesW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf2776c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DeviceMode : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf170e4
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DevicePropertySheets : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf2908c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DocumentEvent : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf28358
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DocumentPropertiesA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1a39c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DocumentPropertiesW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf27584
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - DocumentPropertySheets : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf293c8
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - EXTDEVICEMODE : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1a4f0
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - EndDocPrinter : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1d65c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - EndPagePrinter : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1d138
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - EnumFormsA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1aa4c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - EnumFormsW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1f7b4
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - EnumJobsA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf18a58
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - EnumJobsW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf22794
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - EnumMonitorsA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1abfc
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - EnumMonitorsW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1fa98
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - EnumPortsA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1ab00
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - EnumPortsW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1f980
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - EnumPrintProcessorDatatypesA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf19540
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - EnumPrintProcessorDatatypesW : C:\Windows\system32\WINSPOOL.DRV @

0x7fefaf1ca24
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - EnumPrintProcessorsA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1936c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - EnumPrintProcessorsW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf24060
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - EnumPrinterDataA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf19e94
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - EnumPrinterDataExA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1a00c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - EnumPrinterDataExW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1e250
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - EnumPrinterDataW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1e0b4
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - EnumPrinterDriversA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf18cc0
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - EnumPrinterDriversW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf23414
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - EnumPrinterKeyA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1a1bc
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - EnumPrinterKeyW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1e3d0
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - EnumPrintersA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf18824
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - EnumPrintersW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1b94c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - ExtDeviceMode : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1a4f0
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - FindClosePrinterChangeNotification : C:\Windows\system32\WINSPOOL.DRV @

0x7fefaf2de34
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - FindFirstPrinterChangeNotification : C:\Windows\system32\WINSPOOL.DRV @

0x7fefaf2d920
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - FindNextPrinterChangeNotification : C:\Windows\system32\WINSPOOL.DRV @

0x7fefaf2d950
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - FlushPrinter : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1d020
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - FreePrinterNotifyInfo : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf2d61c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - GetCorePrinterDriversA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf38b40
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - GetCorePrinterDriversW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf392a4
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - GetDefaultPrinterA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1b204
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - GetDefaultPrinterW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf2e324
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - GetFormA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1a97c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - GetFormW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1f4d4
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - GetJobA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf18980
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - GetJobW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf22594
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - GetPrintExecutionData : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf21f1c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - GetPrintProcessorDirectoryA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf19474
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - GetPrintProcessorDirectoryW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf24164
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - GetPrinterA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf18b94
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - GetPrinterDataA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf196a8
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - GetPrinterDataExA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf19a68
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - GetPrinterDataExW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1dcac
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - GetPrinterDataW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1dadc
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - GetPrinterDriver2A : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf159b8
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - GetPrinterDriver2W : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf23a64
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - GetPrinterDriverA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf18ecc
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - GetPrinterDriverDirectoryA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf191d8
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - GetPrinterDriverDirectoryW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf23cfc
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - GetPrinterDriverPackagePathA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf38e9c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - GetPrinterDriverPackagePathW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf3952c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - GetPrinterDriverW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf23a2c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - GetPrinterW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1c3ec
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - GetSpoolFileHandle : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1de1c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - InstallPrinterDriverFromPackageA : C:\Windows\system32\WINSPOOL.DRV @

0x7fefaf387ec
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - InstallPrinterDriverFromPackageW : C:\Windows\system32\WINSPOOL.DRV @

0x7fefaf391a4
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - IsValidDevmodeA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf17f00
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - IsValidDevmodeW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf21d6c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - OpenPrinter2A : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf159b8
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - OpenPrinter2W : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf2f464
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - OpenPrinterA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf158b8
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - OpenPrinterW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf2ee1c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - PerfClose : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf3a3cc
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - PerfCollect : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf3a268
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - PerfOpen : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf3a120
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - PlayGdiScriptOnPrinterIC : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf20164
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - PrinterMessageBoxA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf17764
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - PrinterMessageBoxW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf202f4
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - PrinterProperties : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf27178
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - QueryColorProfile : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf20f0c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - QueryRemoteFonts : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf20238
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - QuerySpoolMode : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf21030
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - ReadPrinter : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1d394
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - RegisterForPrintAsyncNotifications : C:\Windows\system32\WINSPOOL.DRV @

0x7fefaf381f4
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - ReportJobProcessingProgress : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf38754
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - ResetPrinterA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf159d4
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - ResetPrinterW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf223d8
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - ScheduleJob : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf25294
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - SeekPrinter : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1cf38
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - SetDefaultPrinterA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf17f1c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - SetDefaultPrinterW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf2e854
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - SetFormA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1749c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - SetFormW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1f694
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - SetJobA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf15aa8
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - SetJobW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1bac0
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - SetPortA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf17e0c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - SetPortW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf211ac
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - SetPrinterA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf15d90
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - SetPrinterDataA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf16a44
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - SetPrinterDataExA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf16b20
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - SetPrinterDataExW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1e814
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - SetPrinterDataW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1e720
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - SetPrinterW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1bd50
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - SplDriverUnloadComplete : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1e92c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - SpoolerDevQueryPrintW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf26b20
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - SpoolerPrinterEvent : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf26e70
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - StartDocDlgA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf1b044
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - StartDocDlgW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf25878
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - StartDocPrinterA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf16820
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - StartDocPrinterW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf2426c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - StartPagePrinter : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf24910
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - UnRegisterForPrintAsyncNotifications : C:\Windows\system32\WINSPOOL.DRV @

0x7fefaf382e0
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - UploadPrinterDriverPackageA : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf3898c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - UploadPrinterDriverPackageW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf3975c
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - WaitForPrinterChange : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf2dcac
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - WritePrinter : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf24f84
[EAT:Addr] (explorer.exe) WLIDNSP.DLL - XcvDataW : C:\Windows\system32\WINSPOOL.DRV @ 0x7fefaf21254

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 2p7e7n2m.default : user_pref("browser.startup.homepage", "http://my.yahoo.com/"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK3276GSX +++++
--- User ---
[MBR] a304b927090d71b90581e8faf90ea665
[bSP] 8943ad645efd962f443b8c8cf2dddf29 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 15000 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 30722048 | Size: 290144 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WD 5000AAC External USB Device +++++
--- User ---
[MBR] a0dd5729daf2e9c10b40f19bb971fcf9
[bSP] 96545aae4c3a8e5d84fbb99372be0652 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: WD My Book 1130 USB Device +++++
--- User ---
[MBR] 05057e01396b4cba6c1a5d56ad4ddfb9
[bSP] 8269ede672a8e14161b3829f58e1fc1d : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907696 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_10152014_134944.log
-----end RogueKiller64 log-----

Link to post
Share on other sites

  • Root Admin

It's possible that a reboot or other scan cleaned up something that was blocking it. Not showing anything specific.

 

I would like to go ahead though and run through some other scans and cleans just to make sure all is okay. Just remember that your antivirus will try to block these tools so it needs to be disabled when running them, and then re-enable once done.

 

 

 

 

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.


  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.


  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites

Avast tells me adwcleaner.exe from bleepingcomputer is infected with Win32:Evo-gen [susp]. I downloaded it anyhow but will not run it until I hear from you that it's ok.

 

I like to download all the scanners ahead of time and then go down your instructions, step by step.

 

I'll not run any of the above until I hear from you about adwcleaner.

 

Thanks.

Link to post
Share on other sites

Ron, just letting you know I'm running the online scanner and it's taking a very long time (lots and lots to scan). Since you mentioned earlier that it was late where you are (at that time) and it was not late here, we probably have a significant timezone difference. I'm on the west coast. When all the scans are completed I will post the results here but am not thinking you'll be able to respond today. Just when you can. Thanks.

 

The online scan has run an hour and 52 minutes and is 33% complete. It is 4:30 pm here so it will be late before everything is done.

 

Steve

Link to post
Share on other sites

1. Ran JRT.exe - note, before this my mbam tray icon had no right context menu even after rebooting. Now the context menu is back.
- log attached

2. Ran AdwCleaner - log attached.

3. Ran MBAM Threat scan - log attached

4. Ran eset online scan - 1 threat found (in winzip installation file). - log attached.

5. Ran Farbar. It got an updated version (I had downloaded earlier today) - both logs attached.

-----jrt log-----
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Home Premium x64
Ran by Steve on Thu 10/16/2014 at 13:08:08.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{00E52484-6E50-4762-8415-2C59EE8F7A39}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{0268769E-8E78-4A3C-AD1D-5F165C198C7C}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{02867A70-E79A-480A-9918-126E23D5C692}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{07678838-A4A7-41A5-A8E0-833FE50AE04E}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{0785604B-679E-43A0-993C-A725855C549B}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{09521804-13FB-46F8-8CCC-A89A5BF1B790}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{0D0D5C48-1326-4019-B3E8-8E96AEBA865F}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{0EAC3FB4-2820-4E3B-9017-5D789C2FB599}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{2536CACC-B24D-4646-B92C-02CFE5679650}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{2F764695-1822-4914-82DA-FAD12B382024}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{30348CF9-036B-4571-A92D-21701CE000DF}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{39E13674-C213-4EDF-8C0F-D7F742D4FD62}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{3DC47060-9828-4C69-87B4-2143954CD21D}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{3DEB9135-0194-42FD-ACBA-0C40B8B19F64}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{42F6910F-1FBF-4B97-A10E-905008D755C1}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{49948416-9BD0-4A5E-A095-2D9E0D50B569}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4EE88143-DADA-481D-B74C-90BF6D73E8E4}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{5476CD87-ADFC-413B-B836-B108F69662BA}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{589AFFA5-DDE1-4368-84E0-968EC5FD79B1}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{62832D53-78A2-484F-BC59-C8DD52B859C4}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{684A7F71-28A3-4336-9076-BFC49FE17824}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{6A6C150F-C6CA-46B2-BDBF-93D1BEEF0C19}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{74450EFC-3B97-4F05-9863-30E21581B675}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{76E95E0A-6620-40FA-B9B5-A9E7986C6232}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{77547E64-0054-47B9-A9CA-B0917ABA7562}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{7B02E0A8-6679-4D2A-9CB8-27FA81D1F97A}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{7F01C3FC-F644-4DD1-AE77-EA5C6326D415}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{89C1DD6C-D1B3-48A9-A525-878B8DDA3FCF}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{8EE82458-03EA-491D-A52B-2ACC73056B81}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{8EF8D3AD-895C-4898-80DD-D32A0E347BC9}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{999C70B4-6373-4B82-84A6-7FAC8FD5E22C}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{A1D621C5-7363-4B26-8B8D-2B0DE2CE6244}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{A44DAFEC-6B69-4169-AEA9-EE6B6D7230E2}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{AD4B4A26-EAD4-4BF3-B4A4-BCA77F19DC05}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{AD51D9DC-EC53-477A-A5C8-18C6C6D5370E}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{BA7827C9-3F1D-49E5-A050-9988E52A2354}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{BDF81CA7-DEDA-4B86-A16A-4837FEF62FE9}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{C10F1AA5-BB96-4D85-9784-209B4B446F52}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{C5685F84-EFE5-4009-9EFE-329D75BA1A96}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{C56F27DC-D016-4762-9B5F-F44825E1322C}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{C79E86BD-9170-47FB-B793-696E530DBE48}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{C9E71936-2060-413D-8A9D-91D0F9FE9B4C}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{CCD2CC09-014F-44C7-B59C-941A122C8A71}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{D41AD79B-09EF-4225-8C77-395EB0B48247}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{D596DC6D-5C5A-4446-8201-E9DC88378DB1}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{D70224C0-6FE2-4B9A-9D83-12E834B95681}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{E5B371C5-9B64-44CA-AB40-64DE5C824DBA}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{E816979F-E1E0-4743-9068-31FB674F87F3}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{ED02A70C-F9FB-42C6-9721-A87DFBA18021}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{F15428E0-4660-4520-83C6-9DB5682E6A58}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{F3083330-268D-4E65-BB18-2957375934A2}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{F3E2D374-F98C-443E-AB2E-A0539B4C3967}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{F405FCE8-AEE8-4B9F-A7A7-A619573BEBF7}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{F9618821-E801-4582-A399-DFFC9DAC7BB2}



~~~ FireFox

Successfully deleted: [File] C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\2p7e7n2m.default\user.js
Emptied folder: C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\2p7e7n2m.default\minidumps [6 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/16/2014 at 13:21:24.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

----AdwCleaner log-----
# AdwCleaner v4.000 - Report created 16/10/2014 at 13:41:38
# DB v2014-10-15.7
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : Steve - STEVEDELL
# Running from : C:\Users\Steve\Desktop\malwarebytes\AdwCleaner\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Steve\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Steve\AppData\Roaming\HPAppData

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v32.0.3 (x86 en-US)


-\\ Google Chrome v37.0.2062.124


*************************

AdwCleaner[R0].txt - [1319 octets] - [16/10/2014 13:35:27]
AdwCleaner[s0].txt - [1048 octets] - [16/10/2014 13:41:38]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1108 octets] ##########

-----MBAM Threat Scan log-----
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/16/2014
Scan Time: 1:48:11 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.16.07
Rootkit Database: v2014.10.15.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: Steve

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338134
Time Elapsed: 32 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

-----eset online scan log-----
G:\Installed Dell Inspiron\winzip17.5\WinZip175.exe    a variant of Win32/OpenInstall potentially unwanted application

----- Farbar FRST.txt log-----
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by Steve (administrator) on STEVEDELL on 16-10-2014 17:16:11
Running from C:\Users\Steve\Desktop\malwarebytes\Farbar Recovery Scan Tool
Loaded Profile: Steve (Available profiles: Steve)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4df47d9dbfb58b44\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(NDS Technologies) C:\Users\Steve\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe
(Kensington) C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Users\Steve\AppData\Local\NDS\PCShow\NDSPCShowServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4df47d9dbfb58b44\AESTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3195248 2010-03-05] (Dell Inc.)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-21] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5470208 2011-01-14] (Dell Inc.)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Norton Ghost 15.0] => C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2598760 2010-03-03] (Symantec Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [3926528 2010-08-23] (Dell, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-28] (AVAST Software)
HKLM-x32\...\Run: [Kensington TrackballWorks Helper] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [504320 2012-02-20] (Kensington)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2685816709-1183233577-2187356989-1001\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2685816709-1183233577-2187356989-1001\...\Run: [PCShowServer] => C:\Users\Steve\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe [1625440 2013-10-02] (NDS Technologies)
HKU\S-1-5-21-2685816709-1183233577-2187356989-1001\...\Run: [Kensington TrackballWorks] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [504320 2012-02-20] (Kensington)
HKU\S-1-5-21-2685816709-1183233577-2187356989-1001\...\Policies\Explorer: [NoInternetOpenWith] 0
HKU\S-1-5-21-2685816709-1183233577-2187356989-1001\...\Policies\Explorer: [NoExpandedNewMenu] 0
HKU\S-1-5-21-2685816709-1183233577-2187356989-1001\...\MountPoints2: {79d528a4-d902-11e1-b095-f04da2a10497} - E:\ZTE_Handset_USB_Driver.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5090116
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {409E944C-418D-420C-9535-1D61CEA56A23} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2p7e7n2m.default
FF Homepage: hxxp://my.yahoo.com/
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nds.com/PlayerPlugin -> C:\Users\Steve\AppData\Local\NDS\PCShow\npPlayerPlugin.dll (COX)
FF Plugin HKCU: NDS.com/PlayerPlugin -> C:\Users\Steve\AppData\Local\NDS\PCShow\npPlayerPlugin.dll (COX)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Garmin Communicator - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2p7e7n2m.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-08-26]
FF Extension: Flashblock - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2p7e7n2m.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-08-25]
FF Extension: Cookie Controller - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2p7e7n2m.default\Extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [2014-08-23]
FF Extension: Adblock Plus - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2p7e7n2m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-25]
FF Extension: Tab Mix Plus - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2p7e7n2m.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-08-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-09-27]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-05-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-28]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Profile: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-20]
CHR Extension: (Webpage Screenshot) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2014-02-21]
CHR Extension: (Image Downloader) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2014-02-21]
CHR Extension: (Screen Capture (by Google)) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg [2014-02-21]
CHR Extension: (Share link via email) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdbkikfbnnhmachnnomjfgjbgkcnjkb [2014-02-21]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-02-21]
CHR Extension: (Vanilla Cookie Manager) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gieohaicffldbmiilohhggbidhephnjj [2014-02-21]
CHR Extension: (AdBlock) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-21]
CHR Extension: (avast! Online Security) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-01]
CHR Extension: (Disconnect) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-04-21]
CHR Extension: (Google Maps) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-02-21]
CHR Extension: (FlashControl) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2014-02-21]
CHR Extension: (Session Manager) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2014-02-21]
CHR Extension: (Google Wallet) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Hover Zoom) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-02-21]
CHR Extension: (Auto Refresh Plus) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih [2014-02-21]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Steve\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx []
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4df47d9dbfb58b44\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-28] (AVAST Software)
S4 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1017832 2012-08-03] (Cyber Power Systems, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4df47d9dbfb58b44\STacSV64.exe [244736 2010-01-21] (IDT, Inc.)
S3 Symantec SymSnap VSS Provider; C:\windows\system32\dllhost.exe [9728 2009-07-13] (Microsoft Corporation)
S3 Symantec SymSnap VSS Provider; C:\windows\SysWOW64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2009-09-21] (Symantec)
R2 VZWConfigService; C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [218160 2012-04-16] (Novatel Wireless Inc.)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4950016 2011-01-14] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-28] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-28] ()
S3 CrystalSysInfo; C:\Program Files\MediaCoder\SysInfoX64.sys [18128 2007-09-25] ()
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-28] (Broadcom Corporation)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [18456 2011-03-07] (HandSet Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 NwGPSOverWiFi64; C:\Windows\System32\DRIVERS\nwvcomnet64.sys [37888 2012-09-27] (Novatel Wireless Inc.)
R3 nwusbserial; C:\Windows\System32\DRIVERS\nwvcomnet64.sys [37888 2012-09-27] (Novatel Wireless Inc.)
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2009-09-21] (StorageCraft)
R3 tbwkern; C:\Windows\System32\DRIVERS\tbwkern.sys [32848 2011-06-13] ()
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [129304 2011-03-07] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [129304 2011-03-07] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\System32\DRIVERS\zghsnmea.sys [129304 2011-03-07] (ZTE Incorporated)
U2 V2iMount; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 14:32 - 2014-10-16 14:32 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-16 13:35 - 2014-10-16 13:41 - 00000000 ____D () C:\AdwCleaner
2014-10-16 13:07 - 2014-10-16 13:07 - 00000000 ____D () C:\Windows\ERUNT
2014-10-16 13:06 - 2014-10-16 13:06 - 00001191 _____ () C:\Users\Steve\Desktop\post - third followup.lnk
2014-10-16 09:14 - 2014-10-16 09:14 - 00006128 _____ () C:\Users\Steve\Desktop\[#UST-862-41597] 'Show Results' does not work when 'threat detected' message.eml
2014-10-15 21:04 - 2014-10-15 21:04 - 01682416 _____ (Malwarebytes Corporation) C:\Users\Steve\Downloads\mbam-check-2.1.1.1001.exe
2014-10-15 15:26 - 2014-10-15 15:26 - 00007625 _____ () C:\Users\Steve\Desktop\New reply to Cannot start mbam or its services.eml
2014-10-15 13:32 - 2014-10-15 13:55 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-15 13:32 - 2014-10-15 13:32 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-15 12:36 - 2014-10-16 15:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-15 12:36 - 2014-10-15 12:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-15 12:36 - 2014-10-15 12:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-15 12:36 - 2014-10-15 12:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-15 12:36 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-15 12:36 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-15 12:36 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-15 12:09 - 2014-10-15 12:09 - 00000000 ____D () C:\Windows\ERDNT
2014-10-15 12:07 - 2014-10-15 12:08 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-10-15 12:07 - 2014-10-15 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-10-15 08:43 - 2014-10-15 08:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-10-14 10:25 - 2014-10-14 10:25 - 00000284 _____ () C:\Users\Steve\Desktop\Cannot start mbam or its services - Malware Removal Help - Malwarebytes Forum.URL
2014-10-14 07:51 - 2014-10-16 09:14 - 00000000 ____D () C:\Users\Steve\Desktop\avast
2014-10-12 20:28 - 2014-10-12 20:28 - 00279144 _____ () C:\Windows\Minidump\101214-20763-01.dmp
2014-10-12 13:45 - 2014-10-12 13:45 - 00003178 _____ () C:\Windows\System32\Tasks\{BF46ADF2-ECAF-445F-A1BF-CCFB1C8CDEB2}
2014-10-12 12:27 - 2014-10-16 13:30 - 00000000 ____D () C:\Users\Steve\Desktop\malwarebytes
2014-10-12 10:39 - 2014-10-12 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrackballWorks
2014-10-12 10:38 - 2014-10-12 10:38 - 00003302 _____ () C:\Windows\System32\Tasks\{494063BF-B5EF-4162-A21F-DC2D696E64B2}
2014-10-09 15:24 - 2014-10-09 15:58 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-08 21:45 - 2014-10-08 21:45 - 00021808 _____ () C:\Users\Steve\Desktop\REIGLE,STEPHEN.eml
2014-10-08 12:43 - 2014-10-08 12:43 - 00275576 _____ () C:\Windows\Minidump\100814-18189-01.dmp
2014-10-06 20:08 - 2014-10-12 20:28 - 320593998 _____ () C:\Windows\MEMORY.DMP
2014-10-06 20:08 - 2014-10-12 20:28 - 00000000 ____D () C:\Windows\Minidump
2014-10-06 20:08 - 2014-10-06 20:08 - 00275576 _____ () C:\Windows\Minidump\100614-22932-01.dmp
2014-10-02 22:06 - 2014-10-11 13:31 - 00000000 ____D () C:\Users\Steve\AppData\Local\TVConnect
2014-10-02 22:06 - 2014-10-02 22:06 - 00000000 ____D () C:\Users\Steve\AppData\Local\NDS
2014-10-02 22:06 - 2014-10-02 22:06 - 00000000 ____D () C:\Users\Steve\AppData\Local\cef_data
2014-10-02 22:06 - 2014-10-02 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cox Communications
2014-10-02 22:06 - 2014-10-02 22:06 - 00000000 ____D () C:\Program Files (x86)\Cox Communications
2014-10-02 09:59 - 2014-10-02 09:59 - 00003616 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 3510 series
2014-10-02 09:53 - 2014-10-02 09:53 - 00000000 ____D () C:\Users\Steve\AppData\Local\Hewlett-Packard
2014-10-02 09:52 - 2014-10-02 09:52 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-10-02 09:50 - 2014-10-02 09:50 - 00000000 ____D () C:\Users\Steve\Downloads\HP 3512 printer software
2014-09-30 20:28 - 2014-09-30 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-09-30 20:27 - 2014-09-30 20:27 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-09-30 19:38 - 2014-09-30 20:27 - 00000000 ____D () C:\Users\Steve\Documents\AvastPEToolkit
2014-09-29 17:04 - 2014-09-29 19:58 - 00008623 _____ () C:\Users\Steve\Desktop\Landscape request - unit 3, #40, question.eml
2014-09-29 17:04 - 2014-09-29 17:04 - 00002287 _____ () C:\Users\Steve\Desktop\Landscape request - unit 3, #40, question2.eml
2014-09-28 18:11 - 2014-10-16 13:43 - 00004096 ___SH () C:\VSNAP.IDX
2014-09-28 17:06 - 2014-09-28 17:06 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-28 17:06 - 2014-09-28 17:06 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\DropboxMaster
2014-09-28 17:05 - 2014-09-28 17:06 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Dropbox
2014-09-28 16:55 - 2014-09-28 16:55 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\AVAST Software
2014-09-28 16:52 - 2014-10-15 13:27 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-28 16:52 - 2014-09-28 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-28 16:51 - 2014-09-28 16:52 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-28 16:51 - 2014-09-28 16:51 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-28 16:51 - 2014-09-28 16:51 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-28 16:51 - 2014-09-28 16:51 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-28 16:51 - 2014-09-28 16:51 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-28 16:51 - 2014-09-28 16:51 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-28 16:51 - 2014-09-28 16:51 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-28 16:51 - 2014-09-28 16:51 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-28 16:51 - 2014-09-28 16:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-28 16:51 - 2014-09-28 16:51 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-28 16:48 - 2014-09-28 17:56 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-28 16:44 - 2014-09-28 16:48 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-27 12:38 - 2014-09-27 12:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 17:16 - 2014-04-11 15:35 - 00000000 ____D () C:\FRST
2014-10-16 17:00 - 2014-08-22 16:55 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-16 17:00 - 2014-08-22 16:55 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-16 16:34 - 2009-02-08 17:46 - 00000000 ___RD () C:\Budget
2014-10-16 13:52 - 2009-07-13 21:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-16 13:52 - 2009-07-13 21:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-16 13:48 - 2011-01-14 17:43 - 01719100 _____ () C:\Windows\WindowsUpdate.log
2014-10-16 13:45 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-16 13:44 - 2011-01-14 18:45 - 00267214 _____ () C:\Windows\PFRO.log
2014-10-16 13:44 - 2009-07-13 21:51 - 00131250 _____ () C:\Windows\setupact.log
2014-10-15 23:04 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-10-15 21:05 - 2012-08-26 09:43 - 00000000 ____D () C:\Users\Steve\Desktop\Temp Hold
2014-10-15 08:46 - 2012-05-23 13:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-12 10:39 - 2014-08-29 15:33 - 00000000 ____D () C:\Program Files (x86)\Kensington
2014-10-12 10:39 - 2011-01-14 18:46 - 00071818 _____ () C:\Windows\DPINST.LOG
2014-10-10 11:57 - 2013-04-07 18:07 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-10 11:51 - 2011-05-12 18:19 - 00001396 _____ () C:\Windows\QUICKEN.INI
2014-10-09 11:54 - 2011-05-13 15:55 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe
2014-10-09 00:00 - 2013-06-25 13:45 - 00000000 ____D () C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2014-10-08 20:30 - 2014-05-24 09:44 - 00000000 ____D () C:\Users\Steve\Desktop\temp
2014-10-08 20:24 - 2009-07-13 22:13 - 00780436 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-08 11:18 - 2010-09-20 08:58 - 00000000 ____D () C:\Users\Steve\Desktop\Financial to do
2014-10-06 20:08 - 2009-07-13 22:08 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-06 19:46 - 2014-08-25 14:38 - 00010326 _____ () C:\Users\Steve\activity.txt
2014-10-03 22:32 - 2014-08-21 18:33 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cox, Inc
2014-10-03 22:02 - 2011-05-20 10:33 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-10-02 17:59 - 2009-07-13 21:45 - 00343536 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-02 09:53 - 2011-05-10 16:50 - 00076704 _____ () C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-27 12:40 - 2014-09-12 21:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-09-27 11:57 - 2011-05-10 16:50 - 00000000 ____D () C:\Users\Steve

Some content of TEMP:
====================
C:\Users\Steve\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk3m2se.dll
C:\Users\Steve\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Steve\AppData\Local\Temp\Quarantine.exe
C:\Users\Steve\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 00:12

==================== End Of Log ============================

-----Farbar Addition.txt------------
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014
Ran by Steve at 2014-10-16 17:17:45
Running from C:\Users\Steve\Desktop\malwarebytes\Farbar Recovery Scan Tool
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.9.0.6 - Canon Inc.)
Canon PowerShot SX50 HS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSX50HS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.20.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.2.1.13 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.8.0.10 - Canon Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Copy (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Cox TV Connect (HKLM-x32\...\{EA86FAE4-25FE-48B1-89E6-24D51B47C2B1}) (Version: 11.53.00 - Cox Communications)
CyberPower PowerPanel Personal Edition 1.3.4 (HKLM-x32\...\{612DBD6B-D073-43A9-8A26-D89DDF835137}) (Version: 1.3.4 - Cyber Power Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Driver Download Manager (HKCU\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.0.3 - Dell Inc.)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.101.202 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_AIO_05_F4400_Software_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.18 - Dell Inc.)
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
F4400 (x32 Version: 140.0.696.000 - Hewlett-Packard) Hidden
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Garmin BaseCamp (HKLM-x32\...\{CBB4288D-2D32-43BB-8FCE-3F102E385956}) (Version: 4.3.5 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2013.20 Update (HKLM-x32\...\{8BBC40D0-95A4-40F1-817B-F2B30A1ADF02}) (Version: 16.20.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2013.40 Update (HKLM-x32\...\{CB9E92AF-55F4-46A7-BC7A-16005E4BF39D}) (Version: 16.40.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2014.10 Update (HKLM-x32\...\{A83B8B0E-1DD8-4CB3-BFA2-A5A8670D7F42}) (Version: 17.10.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2014.20 Update (HKLM-x32\...\{74619A00-3DE7-4487-A42D-5075DD8BD683}) (Version: 17.20.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2014.30 Update (HKLM-x32\...\{6D30B301-7D44-4D64-9369-638E0101F922}) (Version: 17.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2014.40 Update (HKLM-x32\...\{82B42DF2-2ECF-4C4B-B939-A275664028E2}) (Version: 17.40.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2015.20 (HKLM-x32\...\{74699736-87EB-49E7-8B71-7527A45C35C6}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator NorthAmerica NT 2013.30 Update (HKLM-x32\...\{45C4E2EC-53D5-4190-B1A5-02B9BA732C3A}) (Version: 16.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapInstall (HKLM-x32\...\{5ED7CD44-1A33-4B36-BA09-0B55FE82AF95}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin POI Loader (HKLM-x32\...\{48BCA9A6-1D2A-4E4B-BB55-F82A888CE344}) (Version: 2.7.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{B39177F9-269D-4A9B-82F2-7A48589CCCEF}) (Version: 2.5.2 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hoyle Puzzle and Board Games (HKLM-x32\...\{C7B5CB95-3535-4322-A0D1-07C18A0FDB6E}) (Version: 1.00.0000 - Encore Software, Inc.)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP Deskjet 3510 series Product Improvement Study (HKLM\...\{791D3241-C6A4-417F-82E6-00543B6E5012}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5 (HKLM\...\{A800FCC9-8E1E-4D84-9CED-47870701FDE1}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.${CAB_VERSION} - HP Photo Creations)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6267.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Jasc After Shot (HKLM-x32\...\InstallShield_{FDA14220-0C7A-4804-ACC5-E01A2AA791D2}) (Version: 1.0.0.0 - Jasc Software Inc.)
Jasc After Shot (x32 Version: 1.0.0.0 - Jasc Software Inc.) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
KeePass Password Safe 1.19b (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.19b - Dominik Reichl)
Linksys Wireless-G USB Network Adapter (HKLM-x32\...\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}) (Version:  - )
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
LiveUpdate 3.2 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
MediaCoder x64 2011 (HKLM\...\MediaCoder x64) (Version: 2011 - Broad Intelligence)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Streets & Trips 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.18.2600 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable Package (x32 Version: 1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MiFi 4620 Mobile Broadband Drivers (HKLM-x32\...\{3A6120C6-AA5F-4851-9447-BF6BDBB786D5}) (Version: 2.08.005.001.17 - Novatel Wireless)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 en-US)) (Version: 31.2.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Ghost (HKLM-x32\...\{B0255743-165B-4BD5-8DA8-37DFB9930015}) (Version: 15.0.1.36526 - Symantec Corporation)
Paint Shop Pro 7 Anniversary Edition (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Quicken 2004 (HKLM-x32\...\InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}) (Version: 13.00.0000 - Intuit)
Quicken 2004 (x32 Version: 13.00.0000 - Intuit) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.6.0 - Dell Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30109 - Realtek Semiconductor Corp.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Scrabble Complete (HKLM-x32\...\{B36649A3-D0DD-4706-B042-F5B384529C7A}) (Version: 1.00.000 - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 5.3 (HKLM-x32\...\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}) (Version: 5.3.120 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrackballWorks (HKLM-x32\...\{51ADFD15-6B63-4F8E-8076-F4E31FFEE32A}) (Version: 1.1.18 - Kensington Computer Products Group)
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB2284654) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{FB166E7C-8AA6-48C8-B726-1F25BEE7825A}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 System (KB2539530) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 (KB980729) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9400 - Broadcom Corporation)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
WinZip 11.2 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}) (Version: 11.3.8261 - WinZip Computing, S.L. )
ZTE Handset USB Driver 5.2066.1.8 (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2066.1.8 - ZTE Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2685816709-1183233577-2187356989-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2685816709-1183233577-2187356989-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2685816709-1183233577-2187356989-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2685816709-1183233577-2187356989-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2685816709-1183233577-2187356989-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2685816709-1183233577-2187356989-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2685816709-1183233577-2187356989-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2685816709-1183233577-2187356989-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2685816709-1183233577-2187356989-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2685816709-1183233577-2187356989-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2685816709-1183233577-2187356989-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2685816709-1183233577-2187356989-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

27-09-2014 19:07:50 Windows Update
28-09-2014 23:47:33 avast! antivirus system restore point
01-10-2014 07:19:21 Windows Update
02-10-2014 16:51:23 Installed HP Support Solutions Framework
04-10-2014 04:46:02 Installed Cox PC HealthCheck
04-10-2014 05:30:27 Removed Cox PC HealthCheck
09-10-2014 00:28:02 avast! antivirus system restore point
10-10-2014 18:53:14 Removed Google Earth.
11-10-2014 17:51:12 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00B44109-BD51-4EA4-88A4-F4D6E737DC22} - System32\Tasks\{D4FEB905-385D-4599-91BA-15D2AFC57312} => C:\Program Files\Windows Calendar\Calender for Win7\Windows Calendar\WinCal.exe
Task: {04E0ADCC-15A0-40E4-8E90-147D8FD2A338} - System32\Tasks\{DCA77212-6D75-4100-B07A-C9F02198CB44} => C:\Program Files (x86)\WinZip\WINZIP32.EXE [2008-09-23] (WinZip Computing, S.L.)
Task: {064FE340-7B52-4096-9E68-B0D3BE742E59} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-28] (AVAST Software)
Task: {12187019-9059-4552-857B-54D19CAFD990} - System32\Tasks\{30F2345F-B6B6-4E99-A885-88FD8216C917} => C:\Program Files (x86)\Atari\Scrabble Complete\ScrabbleComplete.exe [2002-09-02] (Infogrames Interactive)
Task: {1AFF3B21-6FF1-432C-98A4-986CC6C15E16} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {3CA94B5F-3436-446B-89A5-A71428931097} - System32\Tasks\{6F3B53EC-52D4-4B76-802B-3224B5761FE9} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-06-15] (Skype Technologies S.A.)
Task: {48BE6DF9-AA6B-4F4C-B82C-9E0DF8621650} - System32\Tasks\{EB94E78E-2F4F-412E-BDFB-7FED76A90349} => D:\ARHELPER.EXE
Task: {4D22D7E9-F363-4E7A-9514-51F8969E7C5D} - System32\Tasks\HPCustParticipation HP Deskjet 3510 series => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {5B42407C-90BB-461C-A2A9-E55EFC29935B} - System32\Tasks\{204D36C0-9C14-4960-B211-A5D4925BD51C} => D:\ARHELPER.EXE
Task: {C61E191C-AA99-47D8-82B7-200CCD6DC1FD} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-05-20] ()
Task: {C6AC6099-01AE-41D5-836A-A2EA939161E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-22] (Google Inc.)
Task: {E68855D6-FAA0-4940-800C-9EB127FA87EB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-22] (Google Inc.)
Task: {F89E69F2-BF17-4FB7-88DF-16E5C28F178B} - System32\Tasks\{51081D7F-AC38-443B-ADCF-C184773FD5C2} => C:\Program Files\Windows Calendar\Calender for Win7\Windows Calendar\WinCal.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-06-04 14:40 - 2009-06-04 14:40 - 00167936 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2013-10-02 11:58 - 2013-10-02 11:58 - 08089936 _____ () C:\Users\Steve\AppData\Local\NDS\PCShow\NDSPCShowServer.exe
2014-09-28 16:51 - 2014-09-28 16:51 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-16 13:08 - 2014-10-16 13:08 - 02874368 _____ () C:\Program Files\AVAST Software\Avast\defs\14101601\algo.dll
2013-10-02 11:58 - 2013-10-02 11:58 - 00332104 _____ () C:\Users\Steve\AppData\Local\NDS\PCShow\ndsLogStore.dll
2013-10-02 11:58 - 2013-10-02 11:58 - 03006792 _____ () C:\Users\Steve\AppData\Local\NDS\PCShow\DrmSingleton.dll
2013-10-02 11:58 - 2013-10-02 11:58 - 07556936 _____ () C:\Users\Steve\AppData\Local\NDS\PCShow\gsttspplugin.dll
2013-10-02 11:58 - 2013-10-02 11:58 - 00688984 _____ () C:\Users\Steve\AppData\Local\NDS\PCShow\libgstreamer-0.10.dll
2013-10-02 11:58 - 2013-10-02 11:58 - 01403208 _____ () C:\Users\Steve\AppData\Local\NDS\PCShow\libxml2-2.dll
2013-10-02 11:58 - 2013-10-02 11:58 - 00091960 _____ () C:\Users\Steve\AppData\Local\NDS\PCShow\z.dll
2012-05-30 18:06 - 2012-05-30 18:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 18:06 - 2012-05-30 18:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-28 16:51 - 2014-09-28 16:51 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-06-15 21:43 - 2011-06-15 21:43 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\603cfebf58b7ca0b9871be72a7a0b8eb\IsdiInterop.ni.dll
2011-01-14 18:33 - 2010-03-03 19:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Steve\Desktop\Landscape request - unit 3, #40, question.eml:OECustomProperty
AlternateDataStreams: C:\Users\Steve\Desktop\Landscape request - unit 3, #40, question2.eml:OECustomProperty
AlternateDataStreams: C:\Users\Steve\Desktop\New reply to Cannot start mbam or its services.eml:OECustomProperty
AlternateDataStreams: C:\Users\Steve\Desktop\Welcome to Client Connect!.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Camio Viewer.lnk => C:\Windows\pss\Camio Viewer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\Windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk => C:\Windows\pss\Quicken Scheduled Updates.lnk.CommonStartup
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: PowerPanel Personal Edition User Interaction => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2685816709-1183233577-2187356989-500 - Administrator - Disabled)
Guest (S-1-5-21-2685816709-1183233577-2187356989-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2685816709-1183233577-2187356989-1002 - Limited - Enabled)
Steve (S-1-5-21-2685816709-1183233577-2187356989-1001 - Administrator - Enabled) => C:\Users\Steve

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/16/2014 05:17:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/16/2014 02:38:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/16/2014 01:47:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/16/2014 01:47:08 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/16/2014 01:46:55 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/16/2014 01:46:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/16/2014 01:45:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/16/2014 01:45:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/16/2014 01:41:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/16/2014 01:41:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (10/16/2014 01:47:51 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {7D1933CB-86F6-4A98-8628-01BE94C9A575}

Error: (10/16/2014 01:44:59 PM) (Source: BTHUSB) (EventID: 5) (User: )
Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Error: (10/16/2014 01:26:08 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Pentium® CPU P6200 @ 2.13GHz
Percentage of memory in use: 43%
Total physical RAM: 3894.7 MB
Available physical RAM: 2212.63 MB
Total Pagefile: 23892.81 MB
Available Pagefile: 21659.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:146.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Backups) (Fixed) (Total:1862.98 GB) (Free:553.97 GB) NTFS
Drive g: (Data) (Fixed) (Total:465.75 GB) (Free:328.67 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 489DC50A)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=283.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 8D399BC0)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00064002)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 

Link to post
Share on other sites

  • Root Admin

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.

Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.
Next:

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.
Link to post
Share on other sites

1. Uninstalled the only (just one) instance of Java shown in Control Panel / Programs and Features. Java 7 Update 67

2. Ran JavaRA - log attached

3. Ran TFC. It did request reboot. Rebooted.

----JavaRA log----
JavaRa 1.16 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Thu Oct 16 19:00:47 2014

Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkitFound and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalledFound and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper ObjectsFound and removed: SOFTWARE\JavaSoftFound and removed: SOFTWARE\JreMetricsFound and removed: SOFTWARE\Classes\JavaPlugin.10512------------------------------------Finished reporting.

Link to post
Share on other sites

  • Root Admin

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

Ran ComboFix. Log attached.

Note: While ComboFix was deleting files I looked away for a minute. When I looked back my laptop was shutting down using the normal windows shutdown procedure. This is not in the combofix guide.

I powered up and windows restarted normally and the combofix window appeared saying it was preparing the report. It appeared to complete normally after that.

*****QUESTION: After this process, Kensington TrackballWorks is not starting. This has adjustments for my trackball. Is there a reason this should not be started? I have not started and will not until I hear from you.*****

---Combofix log---
ComboFix 14-10-15.01 - Steve 10/17/2014  14:40:46.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3895.2323 [GMT -7:00]
Running from: c:\users\Steve\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Kensington\TrackballWorks\TbwHelper.exe
c:\users\Steve\AppData\Roaming\inst.exe
c:\users\Steve\GoToAssistDownloadHelper.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-17 to 2014-10-17  )))))))))))))))))))))))))))))))
.
.
2014-10-17 21:54 . 2014-10-17 21:54    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-10-16 20:35 . 2014-10-16 20:41    --------    d-----w-    C:\AdwCleaner
2014-10-16 20:07 . 2014-10-16 20:07    --------    d-----w-    c:\windows\ERUNT
2014-10-15 20:32 . 2014-10-15 20:55    37624    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-10-15 20:32 . 2014-10-15 20:32    --------    d-----w-    c:\programdata\RogueKiller
2014-10-15 19:36 . 2014-10-17 21:59    129752    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-15 19:36 . 2014-10-15 19:36    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-15 19:36 . 2014-10-15 19:36    --------    d-----w-    c:\programdata\Malwarebytes
2014-10-15 19:36 . 2014-10-01 18:11    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-10-15 19:36 . 2014-10-01 18:11    93400    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-10-15 19:36 . 2014-10-01 18:11    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-10-15 19:07 . 2014-10-15 19:08    --------    d-----w-    c:\program files (x86)\ERUNT
2014-10-15 15:43 . 2014-10-15 15:45    --------    d-----w-    c:\program files (x86)\Mozilla Thunderbird
2014-10-09 22:24 . 2014-10-09 22:58    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-10-04 05:33 . 2014-10-09 17:35    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{2625D05B-E394-4B9D-896B-CE374A4C2277}\offreg.dll
2014-10-04 05:23 . 2014-09-15 09:08    11578928    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{2625D05B-E394-4B9D-896B-CE374A4C2277}\mpengine.dll
2014-10-03 05:06 . 2014-10-11 20:31    --------    d-----w-    c:\users\Steve\AppData\Local\TVConnect
2014-10-03 05:06 . 2014-10-03 05:06    --------    d-----w-    c:\users\Steve\AppData\Local\NDS
2014-10-03 05:06 . 2014-10-03 05:06    --------    d-----w-    c:\users\Steve\AppData\Local\cef_data
2014-10-03 05:06 . 2014-10-03 05:06    --------    d-----w-    c:\program files (x86)\Cox Communications
2014-10-02 16:53 . 2014-10-02 16:53    --------    d-----w-    c:\users\Steve\AppData\Local\Hewlett-Packard
2014-10-02 16:52 . 2014-10-02 16:52    --------    d-----w-    c:\program files (x86)\Hewlett-Packard
2014-10-01 03:27 . 2014-10-01 03:27    --------    d-----w-    c:\program files (x86)\Windows Kits
2014-09-29 00:05 . 2014-09-29 00:06    --------    d-----w-    c:\users\Steve\AppData\Roaming\Dropbox
2014-09-28 23:55 . 2014-09-28 23:55    --------    d-----w-    c:\users\Steve\AppData\Roaming\AVAST Software
2014-09-28 23:51 . 2014-09-28 23:52    427360    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-09-28 23:51 . 2014-09-28 23:51    92008    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2014-09-28 23:51 . 2014-09-28 23:51    79184    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-09-28 23:51 . 2014-09-28 23:51    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-09-28 23:51 . 2014-09-28 23:51    29208    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-09-28 23:51 . 2014-09-28 23:51    224896    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-09-28 23:51 . 2014-09-28 23:51    1041168    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-09-28 23:51 . 2014-09-28 23:51    93568    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-09-28 23:51 . 2014-09-28 23:51    307344    ----a-w-    c:\windows\system32\aswBoot.exe
2014-09-28 23:51 . 2014-09-28 23:51    43152    ----a-w-    c:\windows\avastSS.scr
2014-09-28 23:48 . 2014-09-29 00:56    --------    d-----w-    c:\program files\AVAST Software
2014-09-28 23:44 . 2014-09-28 23:48    --------    d-----w-    c:\programdata\AVAST Software
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-15 16:06 . 2011-05-20 17:43    278152    ------w-    c:\windows\system32\MpSigStub.exe
2014-09-15 03:47 . 2012-03-30 01:57    701104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-15 03:47 . 2011-05-18 05:21    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-29 04:01 . 2012-07-17 22:37    23256    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-01 06:41 . 2011-05-18 04:18    99218768    ----a-w-    c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-05-07 20:48    223432    ----a-w-    c:\users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-05-07 20:48    223432    ----a-w-    c:\users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-05-07 20:48    223432    ----a-w-    c:\users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3510 series (NET)"="c:\program files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"PCShowServer"="c:\users\Steve\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe" [2013-10-02 1625440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Norton Ghost 15.0"="c:\program files (x86)\Norton Ghost\Agent\VProTray.exe" [2010-03-04 2598760]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-08-23 3926528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-09-28 4085896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-6-4 1079584]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoExpandedNewMenu"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w764.sys;c:\windows\SYSNATIVE\DRIVERS\AE2500w764.sys [x]
R3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]
R3 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
R3 NwGPSOverWiFi64;Novatel GPSOverWiFi Virtual Serial Port;c:\windows\system32\DRIVERS\nwvcomnet64.sys;c:\windows\SYSNATIVE\DRIVERS\nwvcomnet64.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe;c:\windows\SYSNATIVE\dllhost.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys;c:\windows\SYSNATIVE\DRIVERS\zghsdiag.sys [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys;c:\windows\SYSNATIVE\DRIVERS\zghsmdm.sys [x]
R3 zghsnmea;ZTE General Handset NMEA Port;c:\windows\system32\DRIVERS\zghsnmea.sys;c:\windows\SYSNATIVE\DRIVERS\zghsnmea.sys [x]
R4 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4df47d9dbfb58b44\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4df47d9dbfb58b44\AESTSr64.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VZWConfigService;VZW Config Service;c:\program files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe;c:\program files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys;c:\windows\SYSNATIVE\DRIVERS\GenericMount.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 nwusbserial;Novatel Wireless VCOM Port;c:\windows\system32\DRIVERS\nwvcomnet64.sys;c:\windows\SYSNATIVE\DRIVERS\nwvcomnet64.sys [x]
S3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [x]
S3 tbwkern;Kensington TrackballWorks driver;c:\windows\system32\DRIVERS\tbwkern.sys;c:\windows\SYSNATIVE\DRIVERS\tbwkern.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-27 19:01    1096520    ----a-w-    c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-22 23:55]
.
2014-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-22 23:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-05-07 20:48    262344    ----a-w-    c:\users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-05-07 20:48    262344    ----a-w-    c:\users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-05-07 20:48    262344    ----a-w-    c:\users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-09-28 23:51    634872    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-15 5470208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2p7e7n2m.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2011-05-20 13:27; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Kensington TrackballWorks - c:\program files (x86)\Kensington\TrackballWorks\TbwHelper.exe
Wow6432Node-HKLM-Run-Kensington TrackballWorks Helper - c:\program files (x86)\Kensington\TrackballWorks\TbwHelper.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Norton Ghost\Agent\VProSvc.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\users\Steve\AppData\Local\NDS\PCShow\NDSPCShowServer.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
.
**************************************************************************
.
Completion time: 2014-10-17  15:08:42 - machine was rebooted
ComboFix-quarantined-files.txt  2014-10-17 22:08
.
Pre-Run: 156,369,469,440 bytes free
Post-Run: 156,184,907,776 bytes free
.
- - End Of File - - 51FE617960495D1670DF8D847AECCB95

Link to post
Share on other sites

Thanks. If needed I can reinstall trackballworks.

 

2014-10-17 22:05:11 . 2014-10-17 22:05:11              197 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-Kensington TrackballWorks Helper.reg.dat
2014-10-17 22:05:07 . 2014-10-17 22:05:07              181 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-Kensington TrackballWorks.reg.dat
2014-10-17 21:49:32 . 2014-10-17 21:49:32           26,030 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2014-10-17 21:37:53 . 2014-10-17 21:37:53               51 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2012-09-12 20:46:52 . 2007-11-05 12:23:18          240,248 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\wpcap.dll.vir
2012-09-12 20:46:52 . 2007-11-05 12:22:30           68,224 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\WanPacket.dll.vir
2012-09-12 20:46:52 . 2007-11-05 12:19:28           53,299 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\pthreadVC.dll.vir
2012-08-28 22:56:17 . 2012-08-29 01:58:13           99,384 ----a-w-  C:\Qoobox\Quarantine\C\Users\Steve\AppData\Roaming\inst.exe.vir
2012-02-20 21:57:34 . 2012-02-20 21:57:34          504,320 ----a-w-  C:\Qoobox\Quarantine\C\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe.vir
2009-03-17 20:09:43 . 2011-09-05 00:56:20          103,784 ----a-w-  C:\Qoobox\Quarantine\C\Users\Steve\GoToAssistDownloadHelper.exe.vir
2007-11-07 15:44:20 . 2007-11-07 15:44:20          855,040 ----a-w-  C:\Qoobox\Quarantine\C\install.exe.vir
2007-11-05 12:23:04 . 2007-11-05 12:23:04           88,704 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\Packet.dll.vir
 

Link to post
Share on other sites

I wanted to post something but don't want it to get lost about Kensington Trackballworks so am just mentioning it for that reason (see a couple of posts above). I know it's the weekend and do not expect a reply on the weekend.

 

Here's a question: MBAM is scheduled for a nightly threat scan. Same scan every night of the week. Last night, Saturday, it located ComboFix as a trojan. It had me reboot so it could remove it. I assume this was a false positive but how come MBAM did not find it before last night? It was installed on Thursday, I think it was. At least a couple of days. Just wondering. Thanks.

 

Let me know what to do about Trackballworks when you get a chance. I can reinstall it if you think that's the best method.

Link to post
Share on other sites

Sorry to keep posting more things but I think this is important. In the later stages of the scans you had me do my system and internet connection improved to where it was really good, far better than it had been in a long time. The slow and jerky internet was gone. It was really good for a couple of days but beginning late Saturday afternoon it slowed down and became jerky again. Not quite as bad as it was before the scans but getting close.

 

I did a speed test several times at the cox site, which checks speed between my system and their servers. During the good time it was fast and smooth. Now it's up and down on speed and very jerky - starts and stops.

 

Could whatever the scans got rid of maybe have come back somehow? I have not knowingly installed anything other than the scans you had me do. I've intentionally avoided adding any new variables. Is there a way to find out what is going on?

 

Thanks again.

Link to post
Share on other sites

  • Root Admin

Please rename the extension for these 2 files from .DAT to .REG - then double click to run them and import the change back into the registry.

C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-Kensington TrackballWorks Helper.reg.dat

C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-Kensington TrackballWorks.reg.dat

Rename this one from .vir to .exe and the copy the file to this folder: C:\Program Files (x86)\Kensington\TrackballWorks\

C:\Qoobox\Quarantine\C\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe.vir

I can have Combofix do it for you if needed but should be prett easy to do.

As for speed well the Internet is not a controlled connection. Speeds often fluctuate greatly from one point in time to another.

After you run the above please reboot the computer and the mouse issue should be resolved, next run the following.

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
Link to post
Share on other sites

I think the slow and jerky internet problem is something to do with my computer, possibly malware, and not the internet itself, for these reasons:
1. My wife's laptop (identical to mine) is connected to the same router and is smooth and fast.
2. My tablet is smooth and fast.
3. Mine was smooth and fast after running all those scans last week and that lasted for 2 or 3 days before the slow/jerky connection returned. It has now been slow and jerky for close to two days straight.
4. When I do the internet speed test on the Cox website it is testing only the connection from my laptop to my ISP's (Cox) servers. That test graphically shows the stops and starts and the variation in speed. It's pretty obvious.

Is there something I can run to see if the bad guys are back?

 


Did all the trackballworks things. Rebooted. Trackballworks is working normally. Thanks!

Ran Security Check. Ran for about 3+ hours. Log below.

 Results of screen317's Security Check version 0.99.89  
 Windows 7  x64 (UAC is enabled)  
 Out of date service pack!!
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Norton Ghost    
 Adobe Flash Player 15.0.0.152  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox 32.0.3 Firefox out of Date!  
 Mozilla Thunderbird (31.2.0)
 Google Chrome 37.0.2062.124  
 Google Chrome 38.0.2125.104  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

  • Root Admin

It should not have ran that long. One problem you have is No Service Pack, but that alone is not a reason for slow down but is not good for security of the computer.

Please run the following

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

PC Winvids - How to run Kaspersky TDSSKiller

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.

Link to post
Share on other sites

I did not disable MBAM nor Avast prior to running Security Check. Might that have contributed to the long run time? Do I need to disable them and run it again?

Ran tdskiller. No threats found. Was told this post is too long so have attached both logs instead.

 

Thanks once again.



 

TDSSKiller.3.0.0.40_21.10.2014_14.24.10_log.txt

TDSSKiller.3.0.0.40_21.10.2014_14.28.42_log.txt

Link to post
Share on other sites

After running all those scans last week the computer was working better than it's worked in a long time, including internet. Then during the weekend the slow jerky internet returned and the computer response in general became slow. In other words, I'd type something but what I typed did not display for a few seconds and then did so in a jerky manner. I'd double click to open a folder and it might take several seconds for it to open. Videos were pretty much unwatchable. Jerky. Facebook casino games were just too slow to be played. Etc.

 

Then after running tdskiller the computer became much better again. At this point it's pretty decent. Since tdskiller says it found nothing I don't understand how that affected the performance.

 

MBAM is now fine. I've not yet tried mbam in safe mode or boot time. But it's working great in regular windows.

 

Given that after I restored (full backup restore of C drive) the computer to an earlier date from a backup it worked well for about a week and then went bad again (did that twice) and given that after running the scans last week it was great for a couple of days before going bad again, then I'd like to give this a few days to see if the computer is going to continue to do well for more than a few days.

 

Does that work for you to keep this open for a few days? I'll calendar my self to respond here next Monday if all is still well. Sooner, if not well.

 

Also, we have to go out today so I'm going to schedule an Avast boot time scan to run while we're gone. I think if it finds nothing then I'll go to safe mode and run mbam and avast to make sure all is well. Does that sound reasonable to you?

 

Thanks very much for all your help.And your patience. At the moment my laptop is running as well as my wife's. Hopefully it will stay that way.

 

Steve

Link to post
Share on other sites

Update. What do you make of this?

 

1. Just rebooted and then had TWO MBAM tray icons. Task Manager showed two mbam processes running. I killed the first in Task Manager and now have just one running and one tray icon.

 

But before this I was almost back to square one.

1. Got home and found Avast Boot Time scan found no threats and had booted to Windows.

2. System was slow, as described in another post, and internet was slow and jerky.

3. Booted into basic Safe Mode (no networking).

4. Started mbam threat scan. Ran a few minutes and then the laptop powered off.

5. Started safe mode again. Got to the desktop and then powered off.

6. Started regular windows. After showing the desktop and while loading startups it powered off.

7. 2nd try. Same thing.

8. 3rd try. Started ok but had two mbam tray icons and two mbam.exe processes in task manager. Killed one and that's where we're at now. Internet seems to be decent but not great.

 

This is almost identical to the original situation except mbam did start. It may not start on next reboot. We'll see next time I reboot.

 

Any ideas?

 

Thanks.

Link to post
Share on other sites

  • Root Admin

It sounds like you have an older version of the program as that was already fixed. Please do the following clean removal and reinstall of the program.

Thank You
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.