Need help removing Poweliks Trojan

[Naathim]

Looks like the procedure went OK. Tell me - do you face any other issues?

[TerryH]

No. I haven't seen any issues for a couple days. The only issue ever noticed was Malwarebytes blocking outgoing dll.exe. My computer didn't suffer from obvious side effects. Thanks.

[TerryH]

I just upgraded Malwarebytes to premium so it's monitoring on the task bar.

[Naathim]

Wise move

Now please run a scan with Malwarebytes and post it report.

[TerryH]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/23/2014
Scan Time: 3:15:44 PM
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.23.08
Rootkit Database: v2014.10.22.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Terry

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 380472
Time Elapsed: 12 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

[Naathim]

We need to give ComboFix another one try.

Fix with ComboFix

Let's prepare a Script for ComboFix to mark some things for being deleted.

• Press the + R on your keyboard at the same time.
• A Run window should appear in the lower left corner. Type in notepad.exe and press Enter.
• In the shown window paste in the following script:

  DDS::uInternet Settings,ProxyOverride = *.localuInternet Settings,ProxyServer = localhost:8080ClearJavaCache::Domains::

• Go to File menu and select Save as.
• Make sure that the Save as type option is set to Text files (*.txt) and the place to save will be your desktop.
• Name the file CFScript and select Save.

Your CFScript.txt file should appear on your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Now drag your CFScript file and drop it onto the icon:

  

• This will start ComboFix. Let it run uninterrupted!
• A reboot may be needed during this run. Allow it.
• When finished, it shall produce a log for you at C:\ComboFix.txt and display it.

Please include that log in your next reply.

If you'll encounter any issues with internet connection after running ComboFix, please visit this link.

If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

Do not forget to turn on your previously switched-off protection software!

[TerryH]

ComboFix 14-10-24.01 - Terry 10/23/2014  23:46:39.4.8 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.12278.9190 [GMT -7:00]
Running from: c:\users\Terry\Desktop\ComboFix.exe
Command switches used :: c:\users\Terry\Desktop\CFScript.txt
AV: AVG AntiVirus 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-24 to 2014-10-24  )))))))))))))))))))))))))))))))
.
.
2014-10-24 06:58 . 2014-10-24 06:58    --------    d-----w-    c:\users\Terry\AppData\Local\temp
2014-10-24 06:58 . 2014-10-24 06:58    --------    d-----w-    c:\users\Mcx1\AppData\Local\temp
2014-10-24 06:58 . 2014-10-24 06:58    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-10-23 19:12 . 2014-10-23 19:12    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2014-10-22 23:28 . 2014-10-24 06:07    129752    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-22 23:28 . 2014-10-22 23:28    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-22 23:28 . 2014-10-22 23:28    --------    d-----w-    c:\programdata\Malwarebytes
2014-10-22 23:28 . 2014-10-01 18:11    64216    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-10-22 23:28 . 2014-10-01 18:11    93400    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-10-22 23:28 . 2014-10-01 18:11    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-10-22 23:17 . 2014-10-23 23:12    --------    d-----w-    c:\users\Terry\AppData\Local\CrashDumps
2014-10-22 21:18 . 2014-10-22 21:18    --------    d-----w-    c:\program files (x86)\ESET
2014-10-19 21:49 . 2014-10-21 15:52    --------    d-----w-    C:\FRST
2014-10-19 20:38 . 2014-10-19 20:59    --------    d-----w-    C:\AdwCleaner
2014-10-19 18:12 . 2014-10-19 18:25    --------    d-----w-    C:\NPE
2014-10-19 18:09 . 2014-10-19 18:50    --------    d-----w-    c:\users\Terry\AppData\Local\NPE
2014-10-19 18:09 . 2014-10-19 18:09    --------    d-----w-    c:\programdata\Norton
2014-10-19 09:03 . 2014-10-20 07:04    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy 2
2014-10-16 10:18 . 2014-09-17 06:57    76800    ----a-w-    c:\windows\system32\packager.dll
2014-10-16 10:18 . 2014-09-16 16:56    66560    ----a-w-    c:\windows\SysWow64\packager.dll
2014-10-16 10:18 . 2014-09-27 23:41    2782208    ----a-w-    c:\windows\system32\win32k.sys
2014-10-16 10:14 . 2014-06-15 22:18    1131664    ----a-w-    c:\windows\SysWow64\dfshim.dll
2014-10-16 10:14 . 2014-06-15 22:18    1943696    ----a-w-    c:\windows\system32\dfshim.dll
2014-10-16 10:14 . 2014-06-13 18:22    81560    ----a-w-    c:\windows\SysWow64\mscories.dll
2014-10-16 10:14 . 2014-06-13 18:22    156824    ----a-w-    c:\windows\SysWow64\mscorier.dll
2014-10-16 10:14 . 2014-06-13 17:36    73880    ----a-w-    c:\windows\system32\mscories.dll
2014-10-16 10:14 . 2014-06-13 17:36    156312    ----a-w-    c:\windows\system32\mscorier.dll
2014-10-16 10:13 . 2014-09-04 23:38    198656    ----a-w-    c:\windows\system32\drivers\fastfat.sys
2014-09-24 07:18 . 2014-09-09 06:40    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-24 07:18 . 2014-09-09 06:24    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-16 10:00 . 2006-11-02 12:35    103265616    ----a-w-    c:\windows\system32\mrt.exe
2014-09-24 17:15 . 2012-04-05 16:05    701104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-24 17:15 . 2011-05-20 05:10    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-23 01:05 . 2014-08-28 10:00    304128    ----a-w-    c:\windows\SysWow64\gdi32.dll
2014-08-23 00:42 . 2014-08-28 10:00    390144    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-10 17:37 . 2014-08-10 17:38    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-06 17:50 . 2014-08-06 17:50    123672    ----a-w-    c:\windows\system32\drivers\avgmfx64.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-09-01 16:44    233128    ----a-w-    c:\users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-09-01 16:44    233128    ----a-w-    c:\users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-09-01 16:44    233128    ----a-w-    c:\users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    131480    ----a-w-    c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    131480    ----a-w-    c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    131480    ----a-w-    c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    131480    ----a-w-    c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    131480    ----a-w-    c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    131480    ----a-w-    c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    131480    ----a-w-    c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    131480    ----a-w-    c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Amazon Music"="c:\users\Terry\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-09-06 6281536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"OpwareSE2"="c:\program files (x86)\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"UVS11 Preload"="c:\program files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 341232]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-06-11 3695416]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-29 642656]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-08-25 5188112]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2014-07-06 2117632]
.
c:\users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-12 36414624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-3 113664]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Amazon\AMAZON~2\AmazonExtIE.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{981b174d-7733-4e7f-b89d-6545a7c21838}]
2014-05-23 21:45    189952    ----a-w-    c:\program files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonTaskbarApp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 17:15]
.
2014-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-16 07:46]
.
2014-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-16 07:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-09-01 16:44    260776    ----a-w-    c:\users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-09-01 16:44    260776    ----a-w-    c:\users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-09-01 16:44    260776    ----a-w-    c:\users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    164760    ----a-w-    c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    164760    ----a-w-    c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    164760    ----a-w-    c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    164760    ----a-w-    c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    164760    ----a-w-    c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    164760    ----a-w-    c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    164760    ----a-w-    c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    164760    ----a-w-    c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-02-24 6975520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Amazon\AMAZON~2\AmazonExtIE64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://my.yahoo.com/?m=1
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Locate Spot on Map by GPS - c:\program files (x86)\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files (x86)\Opanda\IExif 2.3\IExifCom.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\hzi3cjgp.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - ExtSQL: !HIDDEN! 2009-06-25 03:10; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-AfterShot Pro - f:\corel\Corel AfterShot Pro\uninstall.exe
AddRemove-Astronomy 2005 Screensaver - c:\program files (x86)\Edible Entertainment
AddRemove-Picasa 3 - f:\google\Picasa3\Uninstall.exe
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - f:\spybot - search & destroy\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2014-10-23  23:59:56
ComboFix-quarantined-files.txt  2014-10-24 06:59
ComboFix2.txt  2014-10-23 16:08
ComboFix3.txt  2014-10-20 08:23
.
Pre-Run: 406,717,083,648 bytes free
Post-Run: 406,695,514,112 bytes free
.
- - End Of File - - E0E1CE6EB6D0C94E751DBB504FCCE3DD
5C616939100B85E558DA92B899A0FC36
 

[Naathim]

Nice. How is it?



Update outdated software

Staying always updated is crucial, not only for your operating system, but also for any third-party installed software.
Your logs clearly indicate that some of your software needs updating.

Updating Adobe manually

• Visit Adobe website.
• You will see a download option there for the newest Adobe Acrobat version.
• In the center part you will be prompted to install McAfee Security Scan Plus as a free program. This is foistware. Remember to leave the box for McAfee UNCHECKED.
• Click on Install, save the file to a convenient location, double-click it and follow the prompts.

Updating Mozilla Firefox manually

• Please open Firefox.
• Click the icon.
• Click Help and select About Firefox.
• Firefox will search for any updates and start downloading them automatically.
• When the updates will be ready you will be prompted to restart Firefox. Please do it.

Remember to keep those always updated.



Uninstall ComboFix

Please do not leave ComboFix on your machine installed. This is not a regular scanner and should be used only when told to do so by a malware expert.

• Press the + R on your keyboard at the same time.
• A Run window should appear in the lower left corner.
• Please type in (or paste) the following:
  

  ComboFix /uninstall

  and press Enter.

You will see a brief uninstallation window and a prompt confirming its removal.



Clean with DelFix

Please download DelFix by Xplode and save it to your desktop.

• Right-click on icon and select Run as Administrator to start the tool.
• Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
• Push Run.
• When finished, it will display a notepad report.

Include it for my review.
Please also manually reboot your machine after posting your logfile.

[TerryH]

# DelFix v10.8 - Logfile created 24/10/2014 at 00:46:37
# Updated 29/07/2014 by Xplode
# Username : Terry - TERRY-PC
# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Combofix
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\TDSSKiller.3.0.0.40_20.10.2014_11.30.59_log.txt
Deleted : C:\TDSSKiller.3.0.0.40_20.10.2014_11.36.49_log.txt
Deleted : C:\Users\Terry\Desktop\FRST64.exe
Deleted : C:\Users\Terry\Desktop\FSS.exe
Deleted : C:\Users\Terry\Desktop\SecurityCheck.exe
Deleted : C:\Users\Terry\Desktop\tdsskiller.exe
Deleted : C:\Users\Terry\Downloads\adwcleaner_4.000.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Cleaning system restore ...


New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 

[Naathim]

Subjest to no further problems, I think that you are ready to go

Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.

Recommended reading:

MUST READ - security tips: Computer Security - a short guide to staying safer online.

MUST READ - general maintenance: What to do if your Computer is running slowly?

Recommended additional software:

TFC - to clean unneeded temporary files.

Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.

Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.

McShield - to prevent infections spread by removable media.

CryptoPrevent - to secure yourself from very severe CryptoLocker infection.

Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.

My help is always free, but if you are happy with the help provided and wish to help my fight against malware, please consider making a donation.

All donations are to refund a new HDD to replace the old one, which recently passed away!

Now if you have any other questions, feel free to ask me. Otherwise simply acknowledge my recommendations and this topic will be closed.

Stay safe,

Naat

[TerryH]

I just rebooted as prescribed. The only hiccup I noticed this afternoon is IE 9 will not provide any saved history/urls on the address drop down bar. Believe me when I say I've tried everything in the options/content menu. I can reinstall 9 as I think that is as far as Vista will recognize. I use Firefox 75% of the time anyway. BTW, Firefox and Adobe were both up to date when I tried to update them. Is Java save to use or are there still exploits that use Java to infiltrate?

 

GMER.EXE was left on my desktop. It was only 371K, so I simply deleted it. 

 

I want to say thanks! I'm usually the one friends and neighbors goto for computer help including getting rid of baddies! It's nice to know someone has my back also. I will gladly toss a few bucks toward your new HDD.

[Naathim]

Due to its popularity Java is and always will be exploited. 
 
This set of instructions may help you with Internet Explorer.


Repair Internet Explorer with Tweaking.com

Please download Tweaking.com - Repair Internet Explorer and save the file to your desktop.

• Double-click the icon to unzip the tool - it should run automatically after that.
• Accept any prompts you will be presented (like UAC) to allow the tool to run.
• Close all other apps to make sure they won't interfere with the repairs.
• When the main console will appear, please press the big Start button.
• This repair can take some time. Be patient and let it run unhindered.
• When finished (a note about it should appear in the box on the left), you may close the app.
• Navigate to the Tweaking.com - Repair Internet Explorer directory on your desktop and access the Logs folder.

Search for the current date logfile in that folder. Please include it in your reply.

[TerryH]

OS: Windows Vista Home Premium
OS Architecture: 64-bit
OS Version: 6.0.6002
OS Service Pack: Service Pack 2
Computer Name: TERRY-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Terry
Current Profile SID: S-1-5-21-227674338-2978312964-2044416110-1000
Current Profile Classes: S-1-5-21-227674338-2978312964-2044416110-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Terry\AppData\Local
--------------------------------------------------------------------------------

Repair Internet Explorer
   Start (10/24/2014 1:46:28 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/24/2014 1:48:05 AM)

   Total Repair Time: 00:02:18
 

[Naathim]

Is IE still misbehaving?

[TerryH]

rebooted... no change.   

 

Hey, Im happy. Let's call it a done deal. I'm likely going to win7 or win10 soon anyway. Vista is an old tired barge now and so is IE9. 

 

I'm heading for bed!

 

Thanks so much for all you help!  You can officially close this thread.

[Naathim]

You are welcome & I'm glad that I could help!

 

Sleep well

Naat

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

[AdvancedSetup]

Topic reopened per user requst

[TerryH]

Hello Naat! I'm back!

 

Protect file shows a outgoing to a couple urls. Pretty sure this was leftover as I haven't used this machine much at all since we worked on it last.

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 10/27/2014 12:08:49 AM, SYSTEM, TERRY-PC, Scheduler, Malware Database, 2014.10.26.8, 2014.10.27.1,
Protection, 10/27/2014 12:08:49 AM, SYSTEM, TERRY-PC, Protection, Refresh, Starting,
Protection, 10/27/2014 12:08:49 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10/27/2014 12:08:49 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10/27/2014 12:08:56 AM, SYSTEM, TERRY-PC, Protection, Refresh, Success,
Protection, 10/27/2014 12:08:56 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Starting,
Protection, 10/27/2014 12:08:57 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Started,
Detection, 10/27/2014 12:08:58 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, IP, 5.45.67.219, 63606, Outbound, C:\Windows\SysWOW64\svchost.exe,
Detection, 10/27/2014 12:09:04 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, IP, 88.214.193.54, 63607, Outbound, C:\Windows\SysWOW64\svchost.exe,
Scan, 10/27/2014 2:24:58 AM, SYSTEM, TERRY-PC, Manual, Start:10/27/2014 2:16:05 AM, Duration:8 min 52 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Detection, 10/27/2014 2:25:17 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, IP, 88.214.193.54, 49195, Outbound, C:\Windows\SysWOW64\svchost.exe,
Update, 10/27/2014 4:23:49 AM, SYSTEM, TERRY-PC, Scheduler, Malware Database, 2014.10.27.1, 2014.10.27.2,
Protection, 10/27/2014 4:23:49 AM, SYSTEM, TERRY-PC, Protection, Refresh, Starting,
Protection, 10/27/2014 4:23:49 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10/27/2014 4:23:49 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10/27/2014 4:23:54 AM, SYSTEM, TERRY-PC, Protection, Refresh, Success,
Protection, 10/27/2014 4:23:54 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Starting,
Protection, 10/27/2014 4:23:54 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Started,
Detection, 10/27/2014 4:25:36 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, IP, 88.214.193.54, 50570, Outbound, C:\Windows\SysWOW64\svchost.exe,
Update, 10/27/2014 7:13:49 AM, SYSTEM, TERRY-PC, Scheduler, Malware Database, 2014.10.27.2, 2014.10.27.3,
Protection, 10/27/2014 7:13:50 AM, SYSTEM, TERRY-PC, Protection, Refresh, Starting,
Protection, 10/27/2014 7:13:50 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10/27/2014 7:13:50 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10/27/2014 7:13:54 AM, SYSTEM, TERRY-PC, Protection, Refresh, Success,
Protection, 10/27/2014 7:13:55 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Starting,
Protection, 10/27/2014 7:13:55 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Started,
Detection, 10/27/2014 7:14:06 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, IP, 88.214.193.54, 52542, Outbound, C:\Windows\SysWOW64\svchost.exe,
Update, 10/27/2014 10:08:50 AM, SYSTEM, TERRY-PC, Scheduler, Malware Database, 2014.10.27.3, 2014.10.27.4,
Protection, 10/27/2014 10:08:50 AM, SYSTEM, TERRY-PC, Protection, Refresh, Starting,
Protection, 10/27/2014 10:08:50 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10/27/2014 10:08:50 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10/27/2014 10:08:56 AM, SYSTEM, TERRY-PC, Protection, Refresh, Success,
Protection, 10/27/2014 10:08:56 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Starting,
Protection, 10/27/2014 10:08:56 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Started,
Detection, 10/27/2014 10:09:54 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, IP, 88.214.193.54, 56333, Outbound, C:\Windows\SysWOW64\svchost.exe,
Update, 10/27/2014 10:38:49 AM, SYSTEM, TERRY-PC, Scheduler, Malware Database, 2014.10.27.4, 2014.10.27.5,
Protection, 10/27/2014 10:38:49 AM, SYSTEM, TERRY-PC, Protection, Refresh, Starting,
Protection, 10/27/2014 10:38:49 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10/27/2014 10:38:49 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10/27/2014 10:38:55 AM, SYSTEM, TERRY-PC, Protection, Refresh, Success,
Protection, 10/27/2014 10:38:55 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Starting,
Protection, 10/27/2014 10:38:55 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Started,
Detection, 10/27/2014 10:39:29 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, IP, 5.149.250.194, 54115, Outbound, C:\Windows\SysWOW64\svchost.exe,
Detection, 10/27/2014 11:42:33 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, IP, 5.104.111.43, miljamarketing.com, 0, Outbound,

(end)

[TerryH]

Previously is was dllhost.exe  and now it appears C:\Windows\SysWOW64\svchost.exe is trying to force outbound.

[TerryH]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01
Ran by Terry (administrator) on TERRY-PC on 27-10-2014 12:23:59
Running from C:\Users\Terry\Desktop
Loaded Profile: Terry (Available profiles: Terry & Mcx1)
Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Users\Terry\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Dropbox, Inc.) C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE2.0\opwareSE2.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6975520 2009-02-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [OpwareSE2] => C:\Program Files (x86)\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [49152 2003-05-08] (ScanSoft, Inc.)
HKLM-x32\...\Run: [uVS11 Preload] => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [341232 2007-07-23] (InterVideo Digital Technology Corporation)
HKLM-x32\...\Run: [brStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3695416 2009-06-11] (brother)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [190808 2011-03-01] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [AmazonGSDownloaderTray] => C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-227674338-2978312964-2044416110-1000\...\Run: [iSUSPM] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-03-20] (Macrovision Corporation)
HKU\S-1-5-21-227674338-2978312964-2044416110-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-227674338-2978312964-2044416110-1000\...\Run: [Amazon Music] => C:\Users\Terry\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-05] ()
AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~2\AmazonExtIE64.dll => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [119616 2014-05-23] (Amazon Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~2\AmazonExtIE.dll => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE.dll [106304 2014-05-23] (Amazon Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/?m=1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Advertising Cookie Opt-out -> {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} -> C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Advertising Cookie Opt-out -> {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} -> C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name -> {A3BC75A2-1F87-4686-AA43-5347D756017C} ->  No File
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\hzi3cjgp.default
FF Homepage: hxxp://my.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> F:\Google\Picasa3\npPicasa3.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @movenetworks.com/Quantum Media Player -> C:\Users\Terry\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player -> C:\Users\Terry\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Terry\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Invenda Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Terry\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\hzi3cjgp.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-07-08]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-10-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-10-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-10-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-10-23]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-02]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-15]
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\Terry\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\Terry\AppData\Roaming\Move Networks [2010-03-08]
FF Extension: No Name - moveplayer@movenetworks.com [Not Found]
FF Extension: No Name - {23fcfd51-4958-4f00-80a3-ae97e717ed8b} [Not Found]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
S2 gupdate1c9ee9e3e003430; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 License Management Service ESD; C:\Program Files (x86)\Common Files\element5 Shared\Service\Licence Manager ESD.exe [69120 2010-01-08] (element5) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
S2 SBSDWSCService; F:\Spybot - Search & Destroy\SDWinSec.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Beep; No ImagePath
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
S3 MSI_DVD_010507; C:\Program Files\MSI\MSIWDev\DVDSYS64_100507.sys [28984 2010-05-10] (Your Corporation)
S3 MSI_MSIBIOS_010507; C:\Program Files\MSI\MSIWDev\msibios64_100507.sys [33592 2010-05-10] (Your Corporation)
S3 MSI_VGASYS_010507; C:\Program Files\MSI\MSIWDev\VGASYS64_100507.sys [14960 2010-05-10] () [File not signed]
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2010-02-24] (MediaMall Technologies, Inc.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2009-07-23] () [File not signed]
S3 UDXTTM6000; C:\Windows\System32\Drivers\UDXTTM6000.sys [366336 2008-03-02] ()
S3 UDXTTM6000HID; C:\Windows\System32\drivers\UDXTTM6000HID.sys [17920 2006-06-28] (DTV-DVB)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 12:23 - 2014-10-27 12:24 - 00021609 _____ () C:\Users\Terry\Desktop\FRST.txt
2014-10-27 12:23 - 2014-10-27 12:23 - 02113024 _____ (Farbar) C:\Users\Terry\Desktop\FRST64.exe
2014-10-27 11:48 - 2014-10-27 11:48 - 00005092 _____ () C:\Users\Terry\Desktop\mbam protection file.txt
2014-10-25 19:55 - 2014-10-25 19:55 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-10-25 19:51 - 2014-10-25 19:51 - 00070656 _____ () C:\Windows\system32\yxqjk.dll
2014-10-25 19:51 - 2014-10-25 19:51 - 00003856 _____ () C:\Windows\System32\Tasks\{3C2470AF-5CE7-3D2D-2C5B-9A6E35516A1A}
2014-10-25 19:51 - 2014-10-25 19:51 - 00000000 _____ () C:\Windows\system32\jqtqvi.dll
2014-10-24 15:46 - 2014-10-24 15:46 - 00001758 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-10-24 15:46 - 2014-10-24 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-24 15:46 - 2014-10-24 15:46 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-24 11:15 - 2014-10-24 11:15 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-24 11:15 - 2014-10-24 11:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-24 11:15 - 2014-10-24 11:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-24 11:15 - 2014-10-24 11:15 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-24 11:15 - 2014-10-24 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-24 00:46 - 2014-10-24 00:47 - 00000990 _____ () C:\DelFix.txt
2014-10-24 00:43 - 2014-10-24 00:43 - 00000000 ___SD () C:\ComboFix
2014-10-23 16:18 - 2014-10-23 16:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-23 12:12 - 2014-10-23 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-22 16:28 - 2014-10-27 10:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-22 16:28 - 2014-10-22 16:28 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-22 16:28 - 2014-10-22 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-22 16:28 - 2014-10-22 16:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-22 16:28 - 2014-10-22 16:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-22 16:28 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-22 16:28 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-22 16:28 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-22 16:17 - 2014-10-26 06:20 - 00000000 ____D () C:\Users\Terry\AppData\Local\CrashDumps
2014-10-22 14:18 - 2014-10-22 14:18 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-21 11:49 - 2014-10-21 11:49 - 00001009 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady 7.0.lnk
2014-10-21 11:49 - 2014-10-21 11:49 - 00001004 _____ () C:\Users\Terry\Desktop\Adobe Photoshop 7.0.lnk
2014-10-20 00:27 - 2014-10-20 01:22 - 00000000 ____D () C:\Windows\erdnt
2014-10-19 14:49 - 2014-10-27 12:24 - 00000000 ____D () C:\FRST
2014-10-19 13:38 - 2014-10-19 13:59 - 00000000 ____D () C:\AdwCleaner
2014-10-19 11:12 - 2014-10-19 11:25 - 00000000 ____D () C:\NPE
2014-10-19 11:09 - 2014-10-19 11:50 - 00000000 ____D () C:\Users\Terry\AppData\Local\NPE
2014-10-19 11:09 - 2014-10-19 11:09 - 00000000 ____D () C:\ProgramData\Norton
2014-10-19 10:33 - 2014-10-19 10:33 - 00000732 _____ () C:\Users\Terry\AppData\Local\d3d9caps64.dat
2014-10-19 02:19 - 2014-10-19 02:19 - 00000000 ____D () C:\Users\Terry\Documents\ProcAlyzer Dumps
2014-10-19 02:03 - 2014-10-20 00:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-19 01:50 - 2014-10-19 01:50 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-10-16 03:18 - 2014-09-27 16:41 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 03:18 - 2014-09-16 23:57 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 03:18 - 2014-09-16 09:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 03:14 - 2014-06-15 15:18 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 03:14 - 2014-06-15 15:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 03:14 - 2014-06-13 11:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 03:14 - 2014-06-13 11:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 03:14 - 2014-06-13 10:36 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 03:14 - 2014-06-13 10:36 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 03:13 - 2014-09-04 16:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-15 22:55 - 2014-09-19 17:09 - 17867776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 22:55 - 2014-09-19 16:55 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 22:55 - 2014-09-19 16:54 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 22:55 - 2014-09-19 16:50 - 01385472 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 22:55 - 2014-09-19 16:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 22:55 - 2014-09-19 16:48 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 22:55 - 2014-09-19 16:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-15 22:55 - 2014-09-19 16:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 22:55 - 2014-09-19 16:47 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 22:55 - 2014-09-19 16:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 22:55 - 2014-09-19 16:47 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 22:55 - 2014-09-19 16:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 22:55 - 2014-09-19 16:47 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 22:55 - 2014-09-19 16:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 22:55 - 2014-09-19 16:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 22:55 - 2014-09-19 16:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 22:55 - 2014-09-19 16:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 22:55 - 2014-09-19 16:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-15 22:55 - 2014-09-19 16:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-15 22:55 - 2014-09-19 16:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 22:55 - 2014-09-19 16:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-15 22:55 - 2014-09-19 15:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 22:55 - 2014-09-19 15:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 22:55 - 2014-09-19 15:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 22:55 - 2014-09-19 15:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 22:55 - 2014-09-19 15:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 22:55 - 2014-09-19 15:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 22:55 - 2014-09-19 15:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-15 22:55 - 2014-09-19 15:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 22:55 - 2014-09-19 15:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 22:55 - 2014-09-19 15:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 22:55 - 2014-09-19 15:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-15 22:55 - 2014-09-19 15:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 22:55 - 2014-09-19 15:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 22:55 - 2014-09-19 15:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-15 22:55 - 2014-09-19 15:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 22:55 - 2014-09-19 15:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 22:55 - 2014-09-19 15:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 22:55 - 2014-09-19 15:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 22:55 - 2014-09-19 15:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-15 22:55 - 2014-09-19 15:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-15 22:55 - 2014-09-19 15:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-02 14:23 - 2014-10-02 14:23 - 00094208 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2014-10-02 14:23 - 2014-10-02 14:23 - 00069632 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 12:20 - 2009-05-21 13:51 - 01837267 _____ () C:\Windows\WindowsUpdate.log
2014-10-27 12:16 - 2011-10-29 12:03 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-27 12:15 - 2012-04-05 09:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-27 11:51 - 2009-06-30 01:21 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-27 10:41 - 2006-11-02 08:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-27 10:41 - 2006-11-02 08:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-27 09:53 - 2009-06-22 23:21 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\Skype
2014-10-27 09:16 - 2014-04-15 09:56 - 00002413 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-27 00:51 - 2009-06-30 01:21 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-25 17:54 - 2014-08-23 00:13 - 00000000 ____D () C:\Users\Terry\AppData\Local\Adobe
2014-10-25 15:58 - 2014-09-01 23:43 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\KeePass
2014-10-24 17:23 - 2009-07-16 21:17 - 00000000 ____D () C:\Windows\Minidump
2014-10-24 17:22 - 2011-01-08 00:00 - 00000858 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-24 17:22 - 2010-04-08 17:28 - 00000000 ____D () C:\Program Files (x86)\CCleaner
2014-10-24 15:46 - 2009-06-03 12:16 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-24 11:14 - 2009-05-21 19:04 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-24 08:44 - 2014-09-01 22:02 - 00000000 ___RD () C:\Users\Terry\Dropbox
2014-10-24 08:44 - 2014-09-01 22:00 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\Dropbox
2014-10-24 08:41 - 2009-12-16 17:30 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-10-24 08:41 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-24 01:54 - 2006-11-02 08:42 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-24 01:48 - 2006-11-02 05:34 - 00000180 _____ () C:\Windows\win.ini
2014-10-24 00:52 - 2012-05-11 08:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-23 23:58 - 2006-11-02 05:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-23 12:12 - 2009-06-22 23:21 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-23 12:12 - 2009-06-22 23:21 - 00000000 ____D () C:\ProgramData\Skype
2014-10-22 14:01 - 2009-09-16 16:21 - 00000000 ____D () C:\TEMP
2014-10-22 14:00 - 2009-06-23 11:23 - 00002275 _____ () C:\Users\Public\Desktop\Jasc Paint Shop Pro 9.lnk
2014-10-22 14:00 - 2009-06-23 11:17 - 00000000 ____D () C:\Users\Terry\Documents\My PSP Files
2014-10-22 13:36 - 2006-11-02 08:21 - 00404736 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-21 16:11 - 2009-06-04 12:23 - 00001688 _____ () C:\Users\Public\Desktop\Hoyle Card Games 2003.lnk
2014-10-21 00:46 - 2009-06-30 01:21 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-21 00:46 - 2009-06-30 01:21 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 15:48 - 2010-02-09 16:48 - 00000426 _____ () C:\Windows\BRWMARK.INI
2014-10-20 15:04 - 2006-11-02 05:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-20 01:23 - 2006-11-02 06:33 - 00000000 __RHD () C:\Users\Default
2014-10-20 01:20 - 2009-06-02 17:22 - 00000000 ____D () C:\Users\Terry
2014-10-20 00:01 - 2009-12-11 10:25 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-16 03:13 - 2013-08-15 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 03:00 - 2006-11-02 05:35 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-04 09:58 - 2014-06-12 00:00 - 00001582 _____ () C:\Windows\System32\Tasks\Amazon Music Helper
2014-10-04 09:58 - 2014-06-12 00:00 - 00000927 _____ () C:\Users\Terry\Desktop\Amazon Music.lnk
2014-10-02 15:53 - 2009-10-02 14:07 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Terry\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjhbw5i.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-27 09:24

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01
Ran by Terry at 2014-10-27 12:24:41
Running from C:\Users\Terry\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

001 Joiner and Splitter Pro (HKLM-x32\...\001 Joiner and Splitter Pro2.0) (Version: 2.0 - Welltek Software)
7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version:  - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5 - Adobe Systems, Inc.)
Amazon 1Button App (HKLM-x32\...\{4D875057-4353-4B8F-93E5-8C3DC7F34EA9}) (Version: 1.0.8 - Amazon)
Amazon Games & Software Downloader (HKLM-x32\...\Amazon Games & Software Downloader_is1) (Version: 2.0.2.0 - Amazon)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoBase 4.5 (HKLM-x32\...\{C0BBE46D-5318-485A-8564-D8FA5576ECD4}) (Version:  - ArcSoft)
ArcSoft PhotoBase 4.5 (Shared Components) (HKLM-x32\...\Uninstaller_B27C5000_ArcSoft PhotoBase 4.5) (Version: 2.60.30 - element5)
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}) (Version:  - ArcSoft)
Astronomy 2005 Screensaver (HKLM-x32\...\Astronomy 2005 Screensaver) (Version:  - )
ATI AVIVO64 Codecs (Version: 10.10.0.40914 - ATI Technologies Inc.) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4040 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother HL-2170W (HKLM-x32\...\{689BA753-2D23-470F-8014-B1EC8D61EE95}) (Version: 1.00 - Brother)
CameraHelperMsi (x32 Version: 13.25.1010.0 - Logitech) Hidden
Canon ScanGear Starter (HKLM-x32\...\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}) (Version:  - )
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version:  - )
CarbonPoker (HKCU\...\CarbonPoker) (Version: 5.0 - )
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel AfterShot Pro (HKLM-x32\...\AfterShot Pro) (Version: 1.2.0.7 - Corel Corporation)
Darksiders (HKLM-x32\...\Steam App 50620) (Version:  - Vigil Games)
DarksidersInstaller (HKLM-x32\...\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}) (Version: 1.00.1000 - THQ)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
DigitalTV (HKLM-x32\...\{C19DBE5E-712E-4F02-8380-ECEDD951B374}) (Version: 2.64 - )
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.41 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Advertising Cookie Opt-out (HKLM\...\{A2E00B38-848D-4898-9109-BFA37C074DDC}) (Version: 1.0.1.0 - Google Inc)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
H&R Block California 2010 (HKLM-x32\...\{9FBDF580-E37F-4DEE-8F2E-75A8E8716AAD}) (Version: 1.10.4801 - HRB Technology, LLC.)
H&R Block California 2011 (HKLM-x32\...\{10894714-E82E-4371-9CF7-F58E352C76EA}) (Version: 1.11.5001 - HRB Technology, LLC.)
H&R Block California 2012 (HKLM-x32\...\{E040F1EC-82A9-4950-AAFE-55762AB59590}) (Version: 1.12.7501 - HRB Technology, LLC.)
H&R Block California 2013 (HKLM-x32\...\{FA9B4B45-B7F0-47A4-894B-19BBF8829FE2}) (Version: 1.13.6701 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2010 (HKLM-x32\...\{10964A8F-21C1-45EA-BC2D-F84B505C3848}) (Version: 10.04.6402 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2011 (HKLM-x32\...\{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}) (Version: 11.05.6901 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.05.7801 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.)
Hoyle Card Games 2003 (HKLM-x32\...\InstallShield_{9ABA26E1-843A-4A72-95AF-C72474E191F6}) (Version: 1.0.0.0 - Sierra)
Hoyle Card Games 2003 (x32 Version: 1.0.0.0 - Sierra) Hidden
iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
Intel® Network Connections 13.1.33.0 (HKLM\...\PROSetDX) (Version: 13.1.33.0 - Intel)
Intel® Network Connections 13.1.33.0 (Version: 13.1.33.0 - Intel) Hidden
InterVideo DeviceService (HKLM-x32\...\{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}) (Version: 1.0.0 - InterVideo)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B6.109 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0-B6.109 - InterVideo Inc.) Hidden
Jasc Animation Shop 3 (HKLM-x32\...\{7C4196CA-CA41-4F34-9C08-7724E7705D52}) (Version: 3.11 - Jasc Software Inc)
Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.01.0000 - Jasc Software Inc)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) Hidden
KeePass Password Safe 2.27 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.27 - Dominik Reichl)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
LWS VideoEffects (Version: 13.25.1005.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Manual CanoScan LiDE 500F (HKLM-x32\...\{B9C54C44-BB5A-4B03-8907-C01A9790195A}) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2000 Disc 2 (HKLM-x32\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2000 Small Business (HKLM-x32\...\{00030409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Move Media Player (HKCU\...\Move Media Player) (Version:  - Move Networks)
Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.8.0 - Nikon)
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
Octoshape Streaming Services (HKCU\...\Octoshape Streaming Services) (Version:  - )
OmniPage SE 2.0 (HKLM-x32\...\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}) (Version: 2.00.0004 - ScanSoft, Inc.)
Opanda IExif 2.3 (HKLM-x32\...\Opanda IExif_is1) (Version: 2.3 - Opanda Studio)
Opanda PowerExif 1.2 Professional Trial (HKLM-x32\...\Opanda PowerExif Professional Trial_is1) (Version: 1.2 - Opanda Studio)
PC Connectivity Solution (HKLM-x32\...\{AC599724-5755-48C1-ABE7-ABB857652930}) (Version: 8.15.0.0 - Nokia)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.15 - Nikon)
QuickBooks Pro (HKLM-x32\...\QuickBooks Pro) (Version:  - )
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5783 - Realtek Semiconductor Corp.)
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
SD Viewer for DSC (HKLM-x32\...\{5A8D3524-79DB-11D5-99D1-00010256D40E}) (Version:  - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.5.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (x32 Version: 3.0.5.0 - SmartSound Software Inc) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.5.2 - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stellarium 0.11.4 (HKLM\...\Stellarium_is1) (Version: 0.11.4 - Stellarium team)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
ubi.com (HKLM-x32\...\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}) (Version:  - )
Ulead VideoStudio 11 (HKLM-x32\...\InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}) (Version: 11.0.0.0000 - InterVideo Digital Technology Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VideoStudio (x32 Version: 11.0.0.0000 - InterVideo Digital Technology Corporation) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.8.2 - Nikon)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}) (Version: 8.0.0.35 - GRISOFT, s.r.o.)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Nokia pccsmcfd  (10/12/2007 6.85.4.0) (HKLM\...\BC15EA930074932BB2C4B4493C9FD4EA95087D1A) (Version: 10/12/2007 6.85.4.0 - Nokia)
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.3374 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Terry\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files (x86)\Intuit\QuickBooks Pro\qbw32.exe (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Terry\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

02-10-2014 07:42:00 Scheduled Checkpoint
03-10-2014 06:52:06 Scheduled Checkpoint
04-10-2014 07:31:36 Scheduled Checkpoint
05-10-2014 07:00:00 Scheduled Checkpoint
06-10-2014 07:17:43 Scheduled Checkpoint
09-10-2014 19:11:35 Scheduled Checkpoint
10-10-2014 07:54:05 Scheduled Checkpoint
11-10-2014 08:20:32 Scheduled Checkpoint
12-10-2014 07:32:45 Scheduled Checkpoint
13-10-2014 03:49:42 Scheduled Checkpoint
14-10-2014 07:00:01 Scheduled Checkpoint
15-10-2014 07:54:27 Scheduled Checkpoint
16-10-2014 07:00:02 Scheduled Checkpoint
16-10-2014 10:00:16 Windows Update
17-10-2014 07:55:10 Scheduled Checkpoint
17-10-2014 21:13:30 Scheduled Checkpoint
19-10-2014 18:39:30 Norton_Power_Eraser_20141019113930010
21-10-2014 03:49:19 Scheduled Checkpoint
21-10-2014 22:20:51 Scheduled Checkpoint
23-10-2014 02:08:51 Scheduled Checkpoint
23-10-2014 17:59:24 Scheduled Checkpoint
24-10-2014 08:26:19 Windows Update
24-10-2014 18:13:35 Installed Java 7 Update 71
25-10-2014 07:00:01 Scheduled Checkpoint
26-10-2014 07:00:02 Scheduled Checkpoint
27-10-2014 07:55:17 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:34 - 2014-10-20 01:21 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {059095CE-546D-42FA-BFB7-E33EEA86785D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {1FA0A7B4-ED60-4DD0-A86B-5B580DC734EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {25F37DCF-758A-4D40-8AD5-541C7606A708} - System32\Tasks\{3B5C56C1-C525-4A88-BC88-61EE6267BF86} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {2E1C7387-FAD5-4757-A8EF-9799FBD74745} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Terry => C:\Program Files\Windows Calendar\wincal.exe [2008-01-20] (Microsoft Corporation)
Task: {33E3A743-D36C-4DF9-ADF2-C23F213D301D} - System32\Tasks\{AE5D3469-07BF-4E7B-928B-3BF5CB113809} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {4221026F-393B-4E5D-A8EC-D65747B252B5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {4A15123C-E76F-4D82-B937-7D5243C98D4F} - System32\Tasks\{FE0E2BBA-4C80-4767-89A4-E9ACD7EC1BD1} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {6663F415-D2F8-44BB-895F-3767650B3BA3} - System32\Tasks\{3D2BD65F-DB2E-44BF-B7D4-B095FB17512A} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {73BE57F4-69BB-4A26-8063-8C62FDCE9650} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {74E73ABB-3C2E-4E70-81BE-A96408803B53} - System32\Tasks\{601D9548-9905-4246-9B31-F26759BF3791} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {7A74FA86-3C66-4D14-9015-F48ED6785C2E} - System32\Tasks\{6842AD54-94B6-4A61-9BE5-784DA11F3505} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {7D7FBBF4-4AD3-4CAC-AE0E-2A537530C66F} - System32\Tasks\{D196BA7A-04DD-48D5-9D85-E077ABA37980} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {804C1006-05E5-424D-880B-938CDC97893F} - System32\Tasks\{3C2470AF-5CE7-3D2D-2C5B-9A6E35516A1A} => C:\Windows\system32\yxqjk.dll [2014-10-25] ()
Task: {8A678B8E-11EB-4BD0-B154-4AC383C77F85} - System32\Tasks\{4E509FBC-8D20-48B3-BC84-70CD1F5B8430} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {8DF75516-4B1E-4AAE-9DD9-82CA55732D7F} - System32\Tasks\Amazon Music Helper => C:\Users\Terry\AppData\Local\Amazon Music\Amazon Music Helper.exe [2014-09-05] ()
Task: {91FF7E33-391D-4CD3-93EF-C90A2141CF12} - System32\Tasks\{794A5A98-576A-4AC6-B2F6-7A6AEBBE1CFB} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {936FDF1A-F2F1-4178-B434-D50A40DDA843} - System32\Tasks\{6E98BF58-8743-49B2-B308-4DE4611C776C} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {996EB13C-36C5-4711-911C-BA20B30DF07A} - System32\Tasks\{59E7C911-55A9-4C3E-B8D2-17DF1B71CBD7} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {9C62F2EB-3709-4238-9408-83463879928F} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {9C639299-8693-461C-9CB2-45D1A0FF2D8A} - System32\Tasks\{E503D6A6-1A96-49AB-A045-19E3A4F5DC74} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {C4CF95F9-568A-4311-81F4-7DF6A379CA76} - System32\Tasks\{DB0D0ADC-9968-4EAE-986D-62664CE01A59} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {CA62A84B-F5D8-494B-9526-C9C18D45A06A} - System32\Tasks\{945D3406-F7FA-4D61-96AA-8B434EE19EAD} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {DE5F040D-02BF-482C-936F-ADD968366CF5} - System32\Tasks\{DF5DE0A7-5C1B-4991-B5D0-CC2F00C6A55C} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {E09DB6C2-0533-4D35-8229-FBAC11C2A77D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {EE12B1A3-7823-4EC6-9089-AA4CC209033D} - System32\Tasks\{05E3AA6F-390E-4F95-B09F-B23A7A691C38} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {F6E17BA7-1D87-482D-B956-B9A9E9F2366C} - System32\Tasks\{23020DA5-E10F-49C1-9AE8-B4E2F5F23E7F} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {F83E7E02-FA8B-4B8D-9506-4010AD28F308} - System32\Tasks\{BEB37EE1-93B4-4734-8BA9-884601E030FD} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-31 14:47 - 2013-10-31 14:47 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2013-10-31 14:47 - 2013-10-31 14:47 - 00021320 _____ () C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreamsPS64.dll
2011-04-20 01:21 - 2013-03-28 18:07 - 00045056 _____ () C:\Windows\system32\atitmp64.dll
2014-06-11 23:59 - 2014-09-05 17:54 - 06281536 _____ () C:\Users\Terry\AppData\Local\Amazon Music\Amazon Music Helper.exe
2011-03-23 00:01 - 2011-03-23 00:01 - 01258840 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\UMVPLMute.dll
2011-03-22 23:57 - 2011-03-22 23:57 - 00219480 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\FxPreview.dll
2011-03-23 00:00 - 2011-03-23 00:00 - 01347928 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\MRSystem.dll
2011-03-22 23:59 - 2011-03-22 23:59 - 00133464 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\MapTrackData.dll
2011-03-22 23:59 - 2011-03-22 23:59 - 01321304 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\MMSystem.dll
2011-03-23 00:01 - 2011-03-23 00:01 - 00292696 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\VMSystem.dll
2014-10-24 08:43 - 2014-10-24 08:43 - 00043008 _____ () c:\users\terry\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjhbw5i.dll
2013-08-23 12:01 - 2013-08-23 12:01 - 25100288 _____ () C:\Users\Terry\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-05-07 19:35 - 2010-05-07 19:35 - 02143576 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2010-05-07 19:35 - 2010-05-07 19:35 - 07954776 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2010-05-07 19:36 - 2010-05-07 19:36 - 00340824 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2010-05-07 19:37 - 2010-05-07 19:37 - 00027480 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2010-05-07 19:37 - 2010-05-07 19:37 - 00126808 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2007-02-05 17:34 - 2007-02-05 17:34 - 00116248 _____ () C:\Program Files (x86)\Common Files\InterVideo\Common\Bin\MpgTsRdr.ax
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: DivXMediaServer => "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

========================= Accounts: ==========================

Administrator (S-1-5-21-227674338-2978312964-2044416110-500 - Administrator - Disabled)
Guest (S-1-5-21-227674338-2978312964-2044416110-501 - Limited - Disabled)
Mcx1 (S-1-5-21-227674338-2978312964-2044416110-1006 - Administrator - Enabled) => C:\Users\Mcx1
Terry (S-1-5-21-227674338-2978312964-2044416110-1000 - Administrator - Enabled) => C:\Users\Terry

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/27/2014 00:04:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module MSHTML.dll, version 9.0.8112.16584, time stamp 0x541cb3c5, exception code 0xc0000005, fault offset 0x002cadf6,
process id 0x1c77c, application start time 0xsvchost.exe0.

Error: (10/27/2014 00:19:13 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\2C6AC0E79A70BFC002B72685872D62B693C036C5> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (10/27/2014 00:19:13 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\2C6AC0E79A70BFC002B72685872D62B693C036C5> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (10/26/2014 10:09:57 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\A6E31B317CD733BFDECFCB796254724DFFC5E046> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (10/26/2014 10:09:57 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\A6E31B317CD733BFDECFCB796254724DFFC5E046> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (10/26/2014 10:07:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\A6E31B317CD733BFDECFCB796254724DFFC5E046> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (10/26/2014 10:07:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\A6E31B317CD733BFDECFCB796254724DFFC5E046> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (10/26/2014 09:27:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\E4050FD82514C431CAD79602C7F5FAD711100CD6> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (10/26/2014 09:27:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\E4050FD82514C431CAD79602C7F5FAD711100CD6> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (10/26/2014 09:19:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\93B577779CF0EC58FE9D4AE112B6FAD5A1312D9D> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)


System errors:
=============
Error: (10/27/2014 00:29:59 AM) (Source: Application Popup) (EventID: 1801) (User: )
Description: The hardware has reported an uncorrectable memory error.

Error: (10/26/2014 10:26:56 PM) (Source: Application Popup) (EventID: 1801) (User: )
Description: The hardware has reported an uncorrectable memory error.

Error: (10/26/2014 06:20:25 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWDescription%%5

Error: (10/26/2014 06:20:25 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5

Error: (10/26/2014 06:20:25 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWDescription%%5

Error: (10/26/2014 06:20:25 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5

Error: (10/26/2014 06:20:25 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWDelayedAutostart%%5

Error: (10/26/2014 06:20:25 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWDescription%%5

Error: (10/26/2014 06:20:25 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5

Error: (10/25/2014 09:12:24 PM) (Source: Application Popup) (EventID: 1801) (User: )
Description: The hardware has reported an uncorrectable memory error.


Microsoft Office Sessions:
=========================
Error: (10/27/2014 00:04:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.0.6001.1800047918b89MSHTML.dll9.0.8112.16584541cb3c5c0000005002cadf61c77c01cff21498c50470

Error: (10/27/2014 00:19:13 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\2C6AC0E79A70BFC002B72685872D62B693C036C5

Error: (10/27/2014 00:19:13 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\2C6AC0E79A70BFC002B72685872D62B693C036C5

Error: (10/26/2014 10:09:57 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\A6E31B317CD733BFDECFCB796254724DFFC5E046

Error: (10/26/2014 10:09:57 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\A6E31B317CD733BFDECFCB796254724DFFC5E046

Error: (10/26/2014 10:07:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\A6E31B317CD733BFDECFCB796254724DFFC5E046

Error: (10/26/2014 10:07:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\A6E31B317CD733BFDECFCB796254724DFFC5E046

Error: (10/26/2014 09:27:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\E4050FD82514C431CAD79602C7F5FAD711100CD6

Error: (10/26/2014 09:27:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\E4050FD82514C431CAD79602C7F5FAD711100CD6

Error: (10/26/2014 09:19:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\93B577779CF0EC58FE9D4AE112B6FAD5A1312D9D


CodeIntegrity Errors:
===================================
  Date: 2014-10-27 12:24:36.870
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-27 12:24:36.690
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-27 12:24:36.508
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-27 12:24:36.325
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-27 12:24:25.440
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-27 12:24:25.130
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-27 12:24:24.914
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-27 12:24:24.680
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-27 12:24:24.369
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-27 12:24:24.091
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 32%
Total physical RAM: 12278.26 MB
Available physical RAM: 8240.72 MB
Total Pagefile: 24695.54 MB
Available Pagefile: 20891.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:581.1 GB) (Free:384.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:8.53 GB) NTFS
Drive k: (Seagate Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:1792.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: B8000000)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=581.1 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

==================== End Of Log ============================

[TerryH]

This popped up just now...

[Naathim]

Welcome back terry
 
I think that I see the culprit. Please run the following.



Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
• Follow the prompts and let this process run uninterrupted.
• This scan can take a while, depending on your System specs.
• Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.



Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

• Right-click on icon and select Run as Administrator to start the tool.
• The program will begin to update the database (if internet connection is operational). Please wait a little bit.
• Follow the prompts and click Scan.
• When finished, please click Clean.
• Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.

Please include the contents of that file in your reply.

[TerryH]

FYI   I had uninstalled Java after getting that notice from AVG. I wasn't expecting your response so quickly. =)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows Vista Home Premium x64
Ran by Terry on Mon 10/27/2014 at 13:06:34.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"



~~~ FireFox

Emptied folder: C:\Users\Terry\AppData\Roaming\mozilla\firefox\profiles\hzi3cjgp.default\minidumps [18 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/27/2014 at 13:11:47.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v4.000 - Report created 19/10/2014 at 13:43:44
# DB v2014-10-19.11
# Updated 12/10/2014 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)
# Username : Terry - TERRY-PC
# Running from : C:\Users\Terry\Downloads\adwcleaner_4.000.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Users\Terry\AppData\Local\iac

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Tencent
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.0.1
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16584

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[hzi3cjgp.default] - Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
[hzi3cjgp.default] - Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
[hzi3cjgp.default] - Line Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bb74a7462-08b1-4fe5-b6e1-783ef6add9da%7D&mid=fa1675371fd24536d7111485b37f8b46-d71a4d90f952c80564167acbb96e95927db12403&ds=AVG&v=8.0.0.32&l[...]
# AdwCleaner v4.002 - Report created 27/10/2014 at 13:19:11
# DB v2014-10-26.6
# Updated 27/10/2014 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)
# Username : Terry - TERRY-PC
# Running from : C:\Users\Terry\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16584


-\\ Mozilla Firefox v33.0 (x86 en-US)


*************************

AdwCleaner[R0].txt - [6746 octets] - [19/10/2014 13:39:08]
AdwCleaner[R1].txt - [882 octets] - [19/10/2014 13:56:17]
AdwCleaner[s0].txt - [5724 octets] - [19/10/2014 13:43:44]
AdwCleaner[s1].txt - [935 octets] - [19/10/2014 13:59:58]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5843 octets] ##########
 

[Naathim]

Pretty amount of junk. Your machine was clean when here lately...

Where did you catch that?


Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;autoclean;process;services-list;systemspecs;startupall;skipfix-iedefaults;firefoxlook;chromelook;filesrcm;installedprogs;

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Don't forget to re-enable your switched-off protection software!