Need help removing Poweliks Trojan

TerryH · October 27, 2014

Mostly Facebook... wife was on Youtube briefly. Nothing else much.

Zoek.exe v5.0.0.0 Updated 26-10-2014
Tool run by Terry on Mon 10/27/2014 at 14:57:04.74.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Terry\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

10/27/2014 2:59:26 PM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Installed Programs ======================

001 Joiner and Splitter Pro
7-Zip 4.65
Acrobat.com
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Photoshop 7.0
Adobe Reader X (10.1.12)
Adobe Shockwave Player 11.5
Amazon 1Button App
Amazon Games & Software Downloader
Amazon Kindle
Amazon MP3 Downloader 1.0.17
Amazon Music
AMD APP SDK Runtime
AMD Catalyst Install Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoBase 4.5
ArcSoft PhotoBase 4.5 (Shared Components)
ArcSoft PhotoStudio 5.5
Astronomy 2005 Screensaver
ATI AVIVO64 Codecs
AVG 2014
Bonjour
Brother HL-2170W
CameraHelperMsi
Canon ScanGear Starter
CanoScan Toolbox Ver4.9
CarbonPoker
Catalyst Control Center - Branding
Catalyst Control Center
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Choice Guard
Compatibility Pack for the 2007 Office system
Corel AfterShot Pro
Darksiders
DarksidersInstaller
Dell Dock
Dell Edoc Viewer
DigitalTV
DivX Setup
Dropbox
erLT
Google Advertising Cookie Opt-out
Google Earth
Google Update Helper
H&R Block California 2010
H&R Block California 2011
H&R Block California 2012
H&R Block California 2013
H&R Block Deluxe + Efile + State 2010
H&R Block Deluxe + Efile + State 2011
H&R Block Deluxe + Efile + State 2012
H&R Block Deluxe + Efile + State 2013
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hoyle Card Games 2003
iCloud
Intel® Network Connections 13.1.33.0
InterVideo DeviceService
InterVideo WinDVD 8
Jasc Animation Shop 3
Jasc Paint Shop Pro 9
KeePass Password Safe 2.27
Logitech Vid HD
Logitech Webcam Software
Logitech Webcam Software Driver Package
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 2.0.3.1025
Manual CanoScan LiDE 500F
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Small Business
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft OneDrive
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Move Media Player
Mozilla Firefox 33.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nikon Message Center 2
Nikon Movie Editor
Octoshape add-in for Adobe Flash Player
Octoshape Streaming Services
Opanda IExif 2.3
Opanda PowerExif 1.2 Professional Trial
PC Connectivity Solution
Picasa 3
Picture Control Utility
Picture Control Utility x64
QuickBooks Pro
QuickTime 7
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SD Viewer for DSC
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Shockwave Director 10.2
Skype Click to Call
SkypeT 6.21
SmartSound Quicktracks Plugin
Spotify
Spybot - Search & Destroy
Steam
Stellarium 0.11.4
System Requirements Lab
ubi.com
Ulead VideoStudio 11
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.6195
VideoStudio
ViewNX 2
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
WinDirStat 1.1.2
Windows 7 Upgrade Advisor
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Encoder 9 Series

==== Running Processes ======================

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Users\Terry\AppData\Local\Amazon Music\Amazon Music Helper.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE2.0\opwareSE2.exe
C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\SysWow64\svchost.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Users\Terry\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Services (whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [AERTFilters] - Andrea RT Filters Service - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
R2 - [AMD External Events Utility] - AMD External Events Utility - C:\Windows\system32\atiesrxx.exe
R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - [AVGIDSAgent] - AVGIDSAgent - "C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe"
R2 - [avgwd] - AVG WatchDog - "C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe"
R2 - [bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - [Capture Device Service] - Capture Device Service - "C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe"
R2 - [DockLoginService] - Dock Login Service - C:\Program Files\Dell\DellDock\DockLogin.exe
R2 - [iviRegMgr] - IviRegMgr - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
R2 - [MBAMService] - MBAMService - "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
R2 - [slsvc] - Software Licensing - C:\Windows\system32\SLsvc.exe
R2 - [uMVPFSrv] - UMVPFSrv - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R3 - [WPFFontCache_v0400] - Windows Presentation Foundation Font Cache 4.0.0.0 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
R4 - [MBAMScheduler] - MBAMScheduler - "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate1c9ee9e3e003430] - Google Update Service (gupdate1c9ee9e3e003430) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [sBSDWSCService] - SBSD Security Center Service - F:\Spybot - Search & Destroy\SDWinSec.exe
S2 - [skype C2C Service] - Skype C2C Service - "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe"
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [Amazon Download Agent] - Amazon Download Agent - C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [DFSR] - DFS Replication - C:\Windows\system32\DFSR.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [gusvc] - Google Software Updater - "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
S3 - [iDriverT] - InstallDriver Table Manager - "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
S3 - [License Management Service ESD] - License Management Service ESD - "C:\Program Files (x86)\Common Files\element5 Shared\Service\Licence Manager ESD.exe"
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [sNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [steam Client Service] - Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
S3 - [stllssvr] - stllssvr - "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe"
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S4 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\Windows\syswow64\appdata deleted
C:\PROGRA~2\Yahoo! deleted
C:\Users\Terry\AppData\Roaming\Yahoo! deleted
C:\Users\Terry\AppData\Local\Microsoft_Research deleted
C:\Users\Terry\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy deleted
C:\Users\Terry\AppData\LocalLow\boost_interprocess deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
"C:\ProgramData\Rock Kit" deleted
"C:\ProgramData\Sample Delay" deleted
"C:\ProgramData\Sampler Instruments" deleted
"C:\ProgramData\Sci-Fi" deleted
"C:\ProgramData\Screen Saver" deleted
"C:\ProgramData\Spacious" deleted
"C:\ProgramData\Speech Enhancer" deleted
"C:\ProgramData\Standard" deleted
"C:\Users\Terry\AppData\Roaming\Samsung" deleted
"C:\PROGRA~2\Windows Portable Devices" deleted

==== System Specs ======================

Windows: Windows Vista Home Premium Edition (64-bit) Service Pack 2 (Build 6002)
Memory (RAM): 12279 MB
CPU Info: Intel® Core i7 CPU         920 @ 2.67GHz
CPU Speed: 2656.9 MHz
Sound Card: Speakers (Realtek High Definiti |
Realtek Digital Output(Optical) |
Realtek Digital Output (Realtek |
Speakers (PlayOn Virtual Audio |
Display Adapters: ATI Radeon HD 5700 Series | ATI Radeon HD 5700 Series | ATI Radeon HD 5700 Series | RDPDD Chained DD | RDP Encoder Mirror Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Intel® 82567LF-2 Gigabit Network Connection
CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVD+-RW GH30N
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 581.1GB | D: 15.0GB | K: 1863.0GB
Hard Disks - Free: C: 383.3GB | D: 8.5GB | K: 1792.5GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE | 12/21/09 | DELL   - 20091221
Time Zone: Pacific Standard Time
Motherboard *: Dell Inc. 0R849J
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: AVG AntiVirus 2014 On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: AVG AntiVirus 2014 disabled (Outdated)
Internet Explorer Version: 9.0.8112.16421
Mozilla Firefox version: 33.0 (x86 en-US)
Adobe Reader version: 10.1.12.15
Flash Player version: 15.0.0.152
Shockwave Player version: 11.5r600

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Terry\AppData\Local\Temp ====
2014-10-27 20:22:42   4E566FEA83FCEEAF2873702806B55006   43008   ----a-w-   C:\Users\Terry\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0wncd_.dll
2014-10-27 20:06:02   E0DC8C6BBC787B972A9A468648DBFD85   1008128   ----a-w-   C:\Users\Terry\AppData\Local\temp\jrt\libiconv2.dll
2014-10-27 20:06:02   D202BAA425176287017FFE1FB5D1B77C   103424   ----a-w-   C:\Users\Terry\AppData\Local\temp\jrt\libintl3.dll
2014-10-27 20:06:02   57CAC848FA14AE38F14F9441F8933282   140288   ----a-w-   C:\Users\Terry\AppData\Local\temp\jrt\pcre3.dll
2014-10-27 20:06:02   547C43567AB8C08EB30F6C6BACB479A3   79360   ----a-w-   C:\Users\Terry\AppData\Local\temp\jrt\regex2.dll
2014-10-27 20:06:02   2E0323A94915FAAB10A25F3BABF82584   157696   ----a-w-   C:\Users\Terry\AppData\Local\temp\jrt\erunt\ERUNT.EXE
2014-10-19 20:58:16   5C73E64374D9BA37AC5569D1F7DE5C9B   665682   ----a-w-   C:\Users\Terry\AppData\Local\temp\sqlite3.dll
====== Java Cache =====
2014-10-24 18:08:12   30810F09A3FCC03EC583120B033700BC   282329   ----a-w-   C:\Users\Terry\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\7e60542d-7794b051
2014-10-24 18:08:12   67911F367EC150BDC8F2CB46397F0925   845   ----a-w-   C:\Users\Terry\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\11dd5f3d-7a83e767
2014-10-24 18:08:12   67911F367EC150BDC8F2CB46397F0925   845   ----a-w-   C:\Users\Terry\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-491a9011
2014-10-24 18:08:12   62F5E0DEE3CD9B3C2FB029CE5E6619DB   437   ----a-w-   C:\Users\Terry\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-e2e4c8970372d2fb4193a7ef29d16f6c3f08527947fcb9208b3a0e48820369fd-6.0.lap
====== C:\Windows\SysWOW64 =====
2014-10-26 02:55:28   E61075854E3D77F8AA9A3F92EB5B5154   28   ----a-w-   C:\Windows\SysWOW64\u
2014-10-16 10:18:38   1EB8CA23B805D3F8DBDAC8CAE7979B8B   66560   ----a-w-   C:\Windows\SysWOW64\packager.dll
2014-10-16 10:14:38   8580484193CE0A0788830FBAB97CF13B   1131664   ----a-w-   C:\Windows\SysWOW64\dfshim.dll
2014-10-16 10:14:38   842DE20A6487D830A458DDB5E0363F13   156824   ----a-w-   C:\Windows\SysWOW64\mscorier.dll
2014-10-16 10:14:38   653DFC2662680AB61232E1531147558A   81560   ----a-w-   C:\Windows\SysWOW64\mscories.dll
2014-10-16 05:55:40   3252D4791357FEE6C2BAF0619C041317   1129472   ----a-w-   C:\Windows\SysWOW64\wininet.dll
2014-10-16 05:55:40   1DDFA163F4FA305DE1F81CD80DE53F87   1810432   ----a-w-   C:\Windows\SysWOW64\jscript9.dll
2014-10-16 05:55:39   EE05498252DED63A6998C2629FFEFB89   223232   ----a-w-   C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 05:55:39   E5C50FC8B9EDF1530EF230A687A5EB0B   421376   ----a-w-   C:\Windows\SysWOW64\vbscript.dll
2014-10-16 05:55:39   9B2FD5A84AA985B0393E0BF33391F4EF   73216   ----a-w-   C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 05:55:39   89FACA9614F1C949106106BEB23D1EC0   353792   ----a-w-   C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 05:55:39   7F2188097B1D46554A7D1A31C787C978   717824   ----a-w-   C:\Windows\SysWOW64\jscript.dll
2014-10-16 05:55:39   5B170AD076338C48CDC77ABA487DD6FC   176640   ----a-w-   C:\Windows\SysWOW64\ieui.dll
2014-10-16 05:55:39   10B238C056068548211288D5DCC109DD   2382848   ----a-w-   C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 05:55:38   3E7834CD2A543D58443BBE38FD74E8EB   12364288   ----a-w-   C:\Windows\SysWOW64\mshtml.dll
2014-10-16 05:55:35   09192845BF15D30A86E8AD012F232AEC   11776   ----a-w-   C:\Windows\SysWOW64\mshta.exe
2014-10-16 05:55:34   E8B3EE6038623D549264AE37BD3E0209   41472   ----a-w-   C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-16 05:55:34   D93F3F1134C9CBC81D6F7D470A29E557   607744   ----a-w-   C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 05:55:34   A6F7BBEFFD204C45BD732A261A52EED4   231936   ----a-w-   C:\Windows\SysWOW64\url.dll
2014-10-16 05:55:34   4037D4729F978F9677B4BD8E2D855BD7   1427968   ----a-w-   C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 05:55:34   29B990A63A3448A2AAC5FB9A441C8AF0   65536   ----a-w-   C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 05:55:34   1524E24AC57E375F3C42481A9ACEE038   1138688   ----a-w-   C:\Windows\SysWOW64\urlmon.dll
2014-10-16 05:55:34   12486BDE40B31322A239D150C595BAF4   142848   ----a-w-   C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 05:55:33   8163D88337C067C8B75BA80BEBC0B0CD   9739776   ----a-w-   C:\Windows\SysWOW64\ieframe.dll
2014-10-16 05:55:33   77742DDD19DB7503EEBF0A4A5A0AD6B1   1802752   ----a-w-   C:\Windows\SysWOW64\iertutil.dll
2014-10-16 05:55:32   90634CE0C5601BF19E93076052D2A3D6   10752   ----a-w-   C:\Windows\SysWOW64\msfeedssync.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-10-26 02:51:09   !HASH: COULD NOT OPEN FILE !!!!!   0   ----a-w-   C:\Windows\Sysnative\jqtqvi.dll
2014-10-26 02:51:07   008A0A048330F1F747E409B0B45F662F   70656   ----a-w-   C:\Windows\Sysnative\yxqjk.dll
2014-10-16 10:18:38   B09134E16155654EAFE1E0858FC3D2ED   76800   ----a-w-   C:\Windows\Sysnative\packager.dll
2014-10-16 10:18:19   DB74B249035729EECD26DE3614D79631   2782208   ----a-w-   C:\Windows\Sysnative\win32k.sys
2014-10-16 10:14:38   5083CC5456FE8A5D21ECF9E32ACC779F   1943696   ----a-w-   C:\Windows\Sysnative\dfshim.dll
2014-10-16 10:14:38   3A652CB60DF77E5FFE0FDAE5D5657678   73880   ----a-w-   C:\Windows\Sysnative\mscories.dll
2014-10-16 10:14:38   32FC4A0FB7855FC7EFCCB927DD264E8A   156312   ----a-w-   C:\Windows\Sysnative\mscorier.dll
2014-10-16 05:55:40   FCADC331234849A634FDD675EC53E614   2339328   ----a-w-   C:\Windows\Sysnative\jscript9.dll
2014-10-16 05:55:40   5BDB4A8E43DD489593D89C74396303A7   2382848   ----a-w-   C:\Windows\Sysnative\mshtml.tlb
2014-10-16 05:55:39   A2E24197853DF27F5799BDA2F6D5A904   1392128   ----a-w-   C:\Windows\Sysnative\wininet.dll
2014-10-16 05:55:39   7F131B38896C262E7F017A8728C865C6   282112   ----a-w-   C:\Windows\Sysnative\dxtrans.dll
2014-10-16 05:55:39   50ACB4D3CDA1D52A7754EF1A032637B5   86016   ----a-w-   C:\Windows\Sysnative\jsproxy.dll
2014-10-16 05:55:39   41CFDBD396E9C59A9E3A7AE9A3F031E4   248320   ----a-w-   C:\Windows\Sysnative\ieui.dll
2014-10-16 05:55:39   418294856D06AB3B614C2DC68E347D16   453120   ----a-w-   C:\Windows\Sysnative\dxtmsft.dll
2014-10-16 05:55:38   1E6A8641DD71576FC599358E89C1671D   96768   ----a-w-   C:\Windows\Sysnative\mshtmled.dll
2014-10-16 05:55:37   EEB1D09E04E1ECDEE3D5C09F834093BD   17867776   ----a-w-   C:\Windows\Sysnative\mshtml.dll
2014-10-16 05:55:37   405CDBA0F8228BB2621E483B2CCF6954   599040   ----a-w-   C:\Windows\Sysnative\vbscript.dll
2014-10-16 05:55:35   841BF62B1BE13F0627835F0D422A0E1E   12800   ----a-w-   C:\Windows\Sysnative\mshta.exe
2014-10-16 05:55:35   25BD1E4C1FC35AB587B7DFF6CA1CB5E3   816640   ----a-w-   C:\Windows\Sysnative\jscript.dll
2014-10-16 05:55:34   F0373E1FB095F8D862EBC88B578E5591   729088   ----a-w-   C:\Windows\Sysnative\msfeeds.dll
2014-10-16 05:55:34   C5B9C2E2C3C5D2ECD36ED2B741D38634   173056   ----a-w-   C:\Windows\Sysnative\ieUnatt.exe
2014-10-16 05:55:34   98D647ECA1FDFC39D183900FB49AE5B7   1385472   ----a-w-   C:\Windows\Sysnative\urlmon.dll
2014-10-16 05:55:34   618E42727445536E883EC33F9D1D718F   2157056   ----a-w-   C:\Windows\Sysnative\iertutil.dll
2014-10-16 05:55:34   2904684E5A4AC12241B52D9E03EB6AFC   55296   ----a-w-   C:\Windows\Sysnative\msfeedsbs.dll
2014-10-16 05:55:34   1347A50EBE04FD2F311B2B74F43DEEE7   1494016   ----a-w-   C:\Windows\Sysnative\inetcpl.cpl
2014-10-16 05:55:33   CA281A77593AF5B620482F60AB45119C   237056   ----a-w-   C:\Windows\Sysnative\url.dll
2014-10-16 05:55:33   419DC76DA915F8E4B5B418B707BF67D7   10920960   ----a-w-   C:\Windows\Sysnative\ieframe.dll
2014-10-16 05:55:32   8EF083BB82EAE20FF074B11727F7999C   11264   ----a-w-   C:\Windows\Sysnative\msfeedssync.exe
====== C:\Windows\Sysnative\drivers =====
2014-10-22 23:28:27   26C43960C99EE861A5D0EDC4DCF3B1C3   129752   ----a-w-   C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-10-22 23:28:06   D3311B31C470E7681B14D9B014CBF9ED   93400   ----a-w-   C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-10-22 23:28:06   852C80EA88A9D8844EF1485143E79E48   64216   ----a-w-   C:\Windows\Sysnative\drivers\mwac.sys
2014-10-22 23:28:06   5C3669B71657F22E67A1D4BD49D2CBE7   25816   ----a-w-   C:\Windows\Sysnative\drivers\mbam.sys
2014-10-16 10:13:54   1E34B436811CCA4A2783C0BC7A0BEB2E   198656   ----a-w-   C:\Windows\Sysnative\drivers\fastfat.sys
====== C:\Windows\Tasks ======
2014-10-26 02:51:07   799E5E75A388F615F54573EA2EF80D78   3856   ----a-w-   C:\Windows\Sysnative\Tasks\{3C2470AF-5CE7-3D2D-2C5B-9A6E35516A1A}
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-10-24 22:46:18   --------   d-----w-   C:\PROGRA~2\QuickTime
2014-10-23 19:12:08   --------   d-----w-   C:\PROGRA~2\COMMON~1\Skype
2014-10-22 21:18:20   --------   d-----w-   C:\PROGRA~2\ESET
======= C: =====
2014-10-24 07:46:37   CC756596FDA152D025DB3E4F975E830A   990   ----a-w-   C:\DelFix.txt
====== C:\Users\Terry\AppData\Roaming ======
2014-10-24 06:59:58   --------   d-----w-   C:\Users\Terry\AppData\Local\temp
2014-10-24 06:59:58   --------   d-----w-   C:\Users\Public\AppData\Local\temp
2014-10-24 06:59:58   --------   d-----w-   C:\Users\Mcx1\AppData\Local\temp
2014-10-24 06:59:58   --------   d-----w-   C:\Users\Default\AppData\Local\temp
2014-10-24 06:59:58   --------   d-----w-   C:\Users\Default User\AppData\Local\temp
2014-10-22 23:17:46   --------   d-----w-   C:\Users\Terry\AppData\Local\CrashDumps
2014-10-22 20:21:01   --------   d-----w-   C:\Windows\sysWoW64\config\systemprofile\AppData\Local\CrashDumps
2014-10-20 07:02:45   A10AE7DA4D820B8C914F36914360988B   394272   ----a-w-   C:\Windows\serviceprofiles\Localservice\AppData\Local\WPFFontCache_v0400-S-1-5-21-227674338-2978312964-2044416110-1000-8192.dat
2014-10-19 18:09:08   --------   d-----w-   C:\Users\Terry\AppData\Local\NPE
2014-10-19 17:33:18   DA6DE4E13513A5292020CD5B158CE49E   732   ----a-w-   C:\Users\Terry\AppData\Local\d3d9caps64.dat
====== C:\Users\Terry ======
2014-10-27 20:00:47   FF33D8CDF04B1D15F3808D49406BEA43   1998336   ----a-w-   C:\Users\Terry\Desktop\AdwCleaner.exe
2014-10-27 20:00:07   27A4F18F1BB9F05D71128BADD4DCD5C3   1706144   ----a-w-   C:\Users\Terry\Desktop\JRT.exe
2014-10-27 19:23:17   943C708E6C85202BB41BAAED958F2D07   2113024   ----a-w-   C:\Users\Terry\Desktop\FRST64.exe
2014-10-24 22:46:24   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-23 19:12:08   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-20 08:23:51   --------   d-----w-   C:\Users\Public\AppData
2014-10-19 08:50:09   075B0DA82E23780FA2DD7F2EA0464FD4   258   --sha-r-   C:\ProgramData\ntuser.pol

====== C: exe-files ==
2014-10-27 20:06:02   2E0323A94915FAAB10A25F3BABF82584   157696   ----a-w-   C:\Users\Terry\AppData\Local\temp\jrt\erunt\ERUNT.EXE
2014-10-27 20:00:47   FF33D8CDF04B1D15F3808D49406BEA43   1998336   ----a-w-   C:\Users\Terry\Desktop\AdwCleaner.exe
2014-10-27 20:00:07   27A4F18F1BB9F05D71128BADD4DCD5C3   1706144   ----a-w-   C:\Users\Terry\Desktop\JRT.exe
2014-10-27 19:23:17   943C708E6C85202BB41BAAED958F2D07   2113024   ----a-w-   C:\Users\Terry\Desktop\FRST64.exe
2014-10-24 08:45:55   E5F0D261C81B766E82BCBEBCF418C1CD   46048   ----a-w-   C:\Users\Terry\Desktop\Tweaking.com - Repair Internet Explorer\files\tweaking_rati.exe
2014-10-24 08:45:55   5CD85F8CCE8E593C4AF5E6DF23D5A34A   46048   ----a-w-   C:\Users\Terry\Desktop\Tweaking.com - Repair Internet Explorer\files\tweaking_ras.exe
2014-10-24 08:45:55   451AE03D3C92777F09840CA56F08AB62   454056   ----a-w-   C:\Users\Terry\Desktop\Tweaking.com - Repair Internet Explorer\files\SetACL_32.exe
2014-10-24 08:45:55   3E350EB5DF15C06DEC400A39DD1C6F29   559528   ----a-w-   C:\Users\Terry\Desktop\Tweaking.com - Repair Internet Explorer\files\SetACL_64.exe
2014-10-24 08:45:55   27EC7614F489A47B6B6BB310ABF54DE4   66528   ----a-w-   C:\Users\Terry\Desktop\Tweaking.com - Repair Internet Explorer\files\Tweaking_CleanMem.exe
2014-10-24 08:45:54   7605F8F3F4AC98E56A368E67AAEDAB59   1000416   ----a-w-   C:\Users\Terry\Desktop\Tweaking.com - Repair Internet Explorer\repair.exe
2014-10-22 21:18:20   E273331224005C5A8A504164373DE1DC   535304   ----a-w-   C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
2014-10-22 21:18:20   9E47522861242EE002D7F385C35D1322   2887824   ----a-w-   C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
2014-10-22 21:18:20   5B3DE7968D23B476AFB256D8014B25B9   333424   ----a-w-   C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
2014-10-22 21:18:20   47B06E473B78A792DF07D226E0537D63   119184   ----a-w-   C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
2014-10-22 21:18:20   3C3F35C91F230493B088B334E39D1F7A   358144   ----a-w-   C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2014-10-21 18:47:36   0104342D751C324107D8ACD6923710BF   15900672   ----a-w-   C:\Program Files (x86)\Adobe\Photoshop 7.0\Photoshop.exe
2014-10-21 07:46:51   821E577AB0B119278BD1940FEF224DDA   51080   ----atw-   C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateBroker.exe
2014-10-21 07:46:51   4067DC9EA0640485F1CF395427FD5E9B   51080   ----atw-   C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe
2014-10-21 07:46:49   27DC334376EE08A0962E6367E23D3CBA   880272   ----a-w-   C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateSetup.exe
2014-10-21 07:46:41   26E37D5EAC3F1CF66587183AB348168C   114568   ----atw-   C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateComRegisterShell64.exe
2014-10-21 07:46:40   976D5F35A058340DA2C160CEC4063C4B   230792   ----atw-   C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
2014-10-21 07:46:40   047556104954A72A2222FFF169166EEE   285064   ----atw-   C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
2014-10-21 07:46:38   51508F0C2476177E50C31B0BBFBF1BDB   107912   ----atw-   C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdate.exe
2014-10-21 07:46:37   27DC334376EE08A0962E6367E23D3CBA   880272   ----a-w-   C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.25.5\GoogleUpdateSetup.exe
=== C: other files ==
2014-10-27 20:06:01   F56A319979F631C141F5FF02DF87FDB1   43563   ----a-w-   C:\Users\Terry\AppData\Local\temp\jrt\prelim.bat
2014-10-27 20:06:01   DD1E4D974B1672ABD09EFFB225791C4A   1230   ----a-w-   C:\Users\Terry\AppData\Local\temp\jrt\TDL4.bat
2014-10-27 20:06:01   AD2F52DC72B10AF331692E4A4DD80DFC   18670   ----a-w-   C:\Users\Terry\AppData\Local\temp\jrt\medfos.bat
2014-10-27 20:06:01   AA0C656F898523BEDF2DA6923197BB80   1264   ----a-w-   C:\Users\Terry\AppData\Local\temp\jrt\surfvox.bat
2014-10-27 20:06:01   8E6020C14F982CF11B3FE7DBB0CB8EDE   24738   ----a-w-   C:\Users\Terry\AppData\Local\temp\jrt\searchlnk.bat
2014-10-27 20:06:01   86707BCE5CBB65D9B1C41E249B4423BA   152733   ----a-w-   C:\Users\Terry\AppData\Local\temp\jrt\firefox.bat
2014-10-27 20:06:01   83F691D8398F0E37E71E9355BF730DB9   719   ----a-w-   C:\Users\Terry\AppData\Local\temp\jrt\ev_clear.bat
2014-10-27 20:06:01   7F7A362CC9FBF3AD1D1E7C37DD825C0F   14957   ----a-w-   C:\Users\Terry\AppData\Local\temp\jrt\get.bat
2014-10-27 20:06:01   730313487A4CF7DCAA4039643F72A1BE   184027   ----a-w-   C:\Users\Terry\AppData\Local\temp\jrt\misc.bat
2014-10-27 20:06:01   4D80C7010E2CE44AB25FA25B013649E4   8085   ----a-w-   C:\Users\Terry\AppData\Local\temp\jrt\mws.bat
2014-10-27 20:06:01   38A0BDF322ACCC968B0A824C38D50157   29635   ----a-w-   C:\Users\Terry\AppData\Local\temp\jrt\ask.bat
2014-10-27 20:06:01   335DFF8F23E5EC02B5426362F0F8509B   31401   ----a-w-   C:\Users\Terry\AppData\Local\temp\jrt\iexplore.bat
2014-10-27 20:06:01   323C58D6693BEC9A6A37566F37D81B22   9469   ----a-w-   C:\Users\Terry\AppData\Local\temp\jrt\runvalues.bat
2014-10-27 20:06:01   0C4649A62845AB5D5DBCC4998477FF6D   1813   ----a-w-   C:\Users\Terry\AppData\Local\temp\jrt\delfolders.bat
2014-10-27 20:06:01   048407135C9B1FB6A355E256BD96160D   14192   ----a-w-   C:\Users\Terry\AppData\Local\temp\jrt\chrome.bat
2014-10-22 23:28:27   26C43960C99EE861A5D0EDC4DCF3B1C3   129752   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-22 23:28:06   D3311B31C470E7681B14D9B014CBF9ED   93400   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-22 23:28:06   852C80EA88A9D8844EF1485143E79E48   64216   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2014-10-22 23:28:06   5C3669B71657F22E67A1D4BD49D2CBE7   25816   ----a-w-   C:\Windows\System32\drivers\mbam.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-227674338-2978312964-2044416110-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"Amazon Music"="C:\Users\Terry\AppData\Local\Amazon Music\Amazon Music Helper.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpwareSE2"="C:\Program Files (x86)\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"UVS11 Preload"="C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe"
"BrStsWnd"="C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun"
"LWS"="C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"AmazonGSDownloaderTray"="C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe"
"Nikon Message Center 2"="C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY"
"KeePass 2 PreLoad"="C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe --preload"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"Amazon Music"="C:\Users\Terry\AppData\Local\Amazon Music\Amazon Music Helper.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~2\\Amazon\\AMAZON~2\\AmazonExtIE.dll"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~2\\Amazon\\AMAZON~2\\AmazonExtIE64.dll"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXMediaServer]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DivXMediaServer"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\DivX\\DivX Media Server\\DivXMediaServer.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DivXUpdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW"

==== Startup Folders ======================

2009-05-22 02:21:29   1835   ----a-w-   C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
2009-05-22 02:21:29   1835   ----a-w-   C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
2012-08-23 05:43:58   1835   ----a-w-   C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
2014-09-02 05:01:56   953   ----a-w-   C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2014-10-21 18:49:11   1194   ----a-w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/21/2014 12:46 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/21/2014 12:46 AM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Amazon Music Helper" [C:\Users\Terry\AppData\Local\Amazon Music\Amazon Music Helper.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files (x86)\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\{05E3AA6F-390E-4F95-B09F-B23A7A691C38}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar]
"C:\Windows\SysNative\tasks\{23020DA5-E10F-49C1-9AE8-B4E2F5F23E7F}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar]
"C:\Windows\SysNative\tasks\{3B5C56C1-C525-4A88-BC88-61EE6267BF86}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar]
"C:\Windows\SysNative\tasks\{3C2470AF-5CE7-3D2D-2C5B-9A6E35516A1A}" [C:\Windows\system32\regsvr32.exe]
"C:\Windows\SysNative\tasks\{3D2BD65F-DB2E-44BF-B7D4-B095FB17512A}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar]
"C:\Windows\SysNative\tasks\{4E509FBC-8D20-48B3-BC84-70CD1F5B8430}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar]
"C:\Windows\SysNative\tasks\{59E7C911-55A9-4C3E-B8D2-17DF1B71CBD7}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar]
"C:\Windows\SysNative\tasks\{601D9548-9905-4246-9B31-F26759BF3791}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar]
"C:\Windows\SysNative\tasks\{6842AD54-94B6-4A61-9BE5-784DA11F3505}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar]
"C:\Windows\SysNative\tasks\{6E98BF58-8743-49B2-B308-4DE4611C776C}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar]
"C:\Windows\SysNative\tasks\{794A5A98-576A-4AC6-B2F6-7A6AEBBE1CFB}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar]
"C:\Windows\SysNative\tasks\{945D3406-F7FA-4D61-96AA-8B434EE19EAD}" [C:\Program Files (x86)\Skype\Phone\Skype.exe]
"C:\Windows\SysNative\tasks\{AE5D3469-07BF-4E7B-928B-3BF5CB113809}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar]
"C:\Windows\SysNative\tasks\{BEB37EE1-93B4-4734-8BA9-884601E030FD}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar]
"C:\Windows\SysNative\tasks\{D196BA7A-04DD-48D5-9D85-E077ABA37980}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar]
"C:\Windows\SysNative\tasks\{DB0D0ADC-9968-4EAE-986D-62664CE01A59}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar]
"C:\Windows\SysNative\tasks\{DF5DE0A7-5C1B-4991-B5D0-CC2F00C6A55C}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar]
"C:\Windows\SysNative\tasks\{E503D6A6-1A96-49AB-A045-19E3A4F5DC74}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar]
"C:\Windows\SysNative\tasks\{FE0E2BBA-4C80-4767-89A4-E9ACD7EC1BD1}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5" [05/15/2013 12:22 AM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"moveplayer@movenetworks.com"="C:\Users\Terry\AppData\Roaming\Move Networks" [04/03/2010 09:51 AM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\hzi3cjgp.default
- Move Media Player - C:\Users\Terry\AppData\Roaming\Move Networks
- DivX Plus Web Player HTML5 lt;videogt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
- Undetermined - moveplayer@movenetworks.com
- Undetermined - {23fcfd51-4958-4f00-80a3-ae97e717ed8b}
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\hzi3cjgp.default
DFC9460CC37E5C414DC4680B10C19E7A   - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll -   Shockwave Flash
8DE1B0441B8445508A917594BC847976   - C:\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll -   AmazonMP3DownloaderPlugin
EC401349BFA64BD6232C746046AEC0B5   - C:\Users\Terry\AppData\Roaming\Mozilla\plugins\npoctoshape.dll -   Octoshape Streaming Services
E66E9C5D42AA085891A4F67E7B2CA4DF   - C:\Users\Terry\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll -   Move Streaming Media Player
EA85C911C213873A975A5988ED19A66B   - C:\Windows\SysWoW64\Adobe\Director\np32dsw.dll -   Shockwave for Director / Shockwave for Director
AB87EEFFD18F2BAAFC274E7075EA6C67   - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -   Windows Presentation Foundation / Windows Presentation Foundation

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[05/06/2013 01:12 AM]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://my.yahoo.com/?m=1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-227674338-2978312964-2044416110-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Terry\AppData\Local\temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01NGXY1J will be deleted at reboot
C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0DL6MGO1 will be deleted at reboot
C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\23L9IXM0 will be deleted at reboot
C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZRBFVVY will be deleted at reboot
C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3I38SC0 will be deleted at reboot
C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H5KRYLE1 will be deleted at reboot
C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IPO390FY will be deleted at reboot
C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQ3HIBH0 will be deleted at reboot
C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGI0428Q will be deleted at reboot
C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NWVJY3C6 will be deleted at reboot
C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OD81V6EM will be deleted at reboot
C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PL209ZU2 will be deleted at reboot
C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Terry\AppData\Local\Mozilla\Firefox\Profiles\hzi3cjgp.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=103 folders=23 2920782 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Mcx1\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\Terry\AppData\Local\temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Terry\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01NGXY1J" not found
"C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0DL6MGO1" not found
"C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\23L9IXM0" not found
"C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZRBFVVY" not found
"C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3I38SC0" not found
"C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H5KRYLE1" not found
"C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IPO390FY" not found
"C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQ3HIBH0" not found
"C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGI0428Q" not found
"C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NWVJY3C6" not found
"C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OD81V6EM" not found
"C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PL209ZU2" not found

==== EOF on Mon 10/27/2014 at 15:43:39.98 ======================

TerryH · October 28, 2014

This just showed up for the first time...... xmlka.com

mbam protection log

Malwarebytes Anti-Malware
www.malwarebytes.org

Update, 10/27/2014 12:08:49 AM, SYSTEM, TERRY-PC, Scheduler, Malware Database, 2014.10.26.8, 2014.10.27.1,
Protection, 10/27/2014 12:08:49 AM, SYSTEM, TERRY-PC, Protection, Refresh, Starting,
Protection, 10/27/2014 12:08:49 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10/27/2014 12:08:49 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10/27/2014 12:08:56 AM, SYSTEM, TERRY-PC, Protection, Refresh, Success,
Protection, 10/27/2014 12:08:56 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Starting,
Protection, 10/27/2014 12:08:57 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Started,
Detection, 10/27/2014 12:08:58 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, IP, 5.45.67.219, 63606, Outbound, C:\Windows\SysWOW64\svchost.exe,
Detection, 10/27/2014 12:09:04 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, IP, 88.214.193.54, 63607, Outbound, C:\Windows\SysWOW64\svchost.exe,
Scan, 10/27/2014 2:24:58 AM, SYSTEM, TERRY-PC, Manual, Start:10/27/2014 2:16:05 AM, Duration:8 min 52 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Detection, 10/27/2014 2:25:17 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, IP, 88.214.193.54, 49195, Outbound, C:\Windows\SysWOW64\svchost.exe,
Update, 10/27/2014 4:23:49 AM, SYSTEM, TERRY-PC, Scheduler, Malware Database, 2014.10.27.1, 2014.10.27.2,
Protection, 10/27/2014 4:23:49 AM, SYSTEM, TERRY-PC, Protection, Refresh, Starting,
Protection, 10/27/2014 4:23:49 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10/27/2014 4:23:49 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10/27/2014 4:23:54 AM, SYSTEM, TERRY-PC, Protection, Refresh, Success,
Protection, 10/27/2014 4:23:54 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Starting,
Protection, 10/27/2014 4:23:54 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Started,
Detection, 10/27/2014 4:25:36 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, IP, 88.214.193.54, 50570, Outbound, C:\Windows\SysWOW64\svchost.exe,
Update, 10/27/2014 7:13:49 AM, SYSTEM, TERRY-PC, Scheduler, Malware Database, 2014.10.27.2, 2014.10.27.3,
Protection, 10/27/2014 7:13:50 AM, SYSTEM, TERRY-PC, Protection, Refresh, Starting,
Protection, 10/27/2014 7:13:50 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10/27/2014 7:13:50 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10/27/2014 7:13:54 AM, SYSTEM, TERRY-PC, Protection, Refresh, Success,
Protection, 10/27/2014 7:13:55 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Starting,
Protection, 10/27/2014 7:13:55 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Started,
Detection, 10/27/2014 7:14:06 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, IP, 88.214.193.54, 52542, Outbound, C:\Windows\SysWOW64\svchost.exe,
Update, 10/27/2014 10:08:50 AM, SYSTEM, TERRY-PC, Scheduler, Malware Database, 2014.10.27.3, 2014.10.27.4,
Protection, 10/27/2014 10:08:50 AM, SYSTEM, TERRY-PC, Protection, Refresh, Starting,
Protection, 10/27/2014 10:08:50 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10/27/2014 10:08:50 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10/27/2014 10:08:56 AM, SYSTEM, TERRY-PC, Protection, Refresh, Success,
Protection, 10/27/2014 10:08:56 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Starting,
Protection, 10/27/2014 10:08:56 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Started,
Detection, 10/27/2014 10:09:54 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, IP, 88.214.193.54, 56333, Outbound, C:\Windows\SysWOW64\svchost.exe,
Update, 10/27/2014 10:38:49 AM, SYSTEM, TERRY-PC, Scheduler, Malware Database, 2014.10.27.4, 2014.10.27.5,
Protection, 10/27/2014 10:38:49 AM, SYSTEM, TERRY-PC, Protection, Refresh, Starting,
Protection, 10/27/2014 10:38:49 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10/27/2014 10:38:49 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10/27/2014 10:38:55 AM, SYSTEM, TERRY-PC, Protection, Refresh, Success,
Protection, 10/27/2014 10:38:55 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Starting,
Protection, 10/27/2014 10:38:55 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Started,
Detection, 10/27/2014 10:39:29 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, IP, 5.149.250.194, 54115, Outbound, C:\Windows\SysWOW64\svchost.exe,
Detection, 10/27/2014 11:42:33 AM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, IP, 5.104.111.43, miljamarketing.com, 0, Outbound,
Update, 10/27/2014 12:53:49 PM, SYSTEM, TERRY-PC, Scheduler, Malware Database, 2014.10.27.5, 2014.10.27.6,
Protection, 10/27/2014 12:53:49 PM, SYSTEM, TERRY-PC, Protection, Refresh, Starting,
Protection, 10/27/2014 12:53:49 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10/27/2014 12:53:49 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10/27/2014 12:53:56 PM, SYSTEM, TERRY-PC, Protection, Refresh, Success,
Protection, 10/27/2014 12:53:56 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Starting,
Protection, 10/27/2014 12:53:56 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Started,
Detection, 10/27/2014 12:59:15 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, IP, 5.149.250.194, 61021, Outbound, C:\Windows\SysWOW64\svchost.exe,
Protection, 10/27/2014 1:03:18 PM, SYSTEM, TERRY-PC, Protection, Malware Protection, Stopping,
Protection, 10/27/2014 1:03:18 PM, SYSTEM, TERRY-PC, Protection, Malware Protection, Stopped,
Protection, 10/27/2014 1:03:19 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10/27/2014 1:03:19 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10/27/2014 1:04:50 PM, SYSTEM, TERRY-PC, Protection, Malware Protection, Starting,
Protection, 10/27/2014 1:04:50 PM, SYSTEM, TERRY-PC, Protection, Malware Protection, Started,
Protection, 10/27/2014 1:04:51 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Starting,
Protection, 10/27/2014 1:04:51 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Started,
Protection, 10/27/2014 1:04:58 PM, SYSTEM, TERRY-PC, Protection, Malware Protection, Stopping,
Protection, 10/27/2014 1:04:58 PM, SYSTEM, TERRY-PC, Protection, Malware Protection, Stopped,
Protection, 10/27/2014 1:05:03 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10/27/2014 1:05:03 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10/27/2014 1:25:06 PM, SYSTEM, TERRY-PC, Protection, Malware Protection, Starting,
Protection, 10/27/2014 1:25:07 PM, SYSTEM, TERRY-PC, Protection, Malware Protection, Started,
Protection, 10/27/2014 1:25:07 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Starting,
Protection, 10/27/2014 1:25:26 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Started,
Update, 10/27/2014 1:48:51 PM, SYSTEM, TERRY-PC, Scheduler, Malware Database, 2014.10.27.6, 2014.10.27.7,
Protection, 10/27/2014 1:48:51 PM, SYSTEM, TERRY-PC, Protection, Refresh, Starting,
Protection, 10/27/2014 1:48:51 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10/27/2014 1:48:51 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10/27/2014 1:48:58 PM, SYSTEM, TERRY-PC, Protection, Refresh, Success,
Protection, 10/27/2014 1:48:58 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Starting,
Protection, 10/27/2014 1:48:58 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Started,
Detection, 10/27/2014 1:53:27 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, IP, 5.104.111.43, miljamarketing.com, 0, Outbound,
Detection, 10/27/2014 2:46:47 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, IP, 5.149.250.194, 50273, Outbound, C:\Windows\SysWOW64\svchost.exe,
Protection, 10/27/2014 2:56:29 PM, SYSTEM, TERRY-PC, Protection, Malware Protection, Stopping,
Protection, 10/27/2014 2:56:29 PM, SYSTEM, TERRY-PC, Protection, Malware Protection, Stopped,
Protection, 10/27/2014 2:56:32 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10/27/2014 2:56:32 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopped,
Update, 10/27/2014 3:03:49 PM, SYSTEM, TERRY-PC, Scheduler, Malware Database, 2014.10.27.7, 2014.10.27.8,
Protection, 10/27/2014 3:03:49 PM, SYSTEM, TERRY-PC, Protection, Refresh, Starting,
Protection, 10/27/2014 3:03:55 PM, SYSTEM, TERRY-PC, Protection, Refresh, Success,
Protection, 10/27/2014 4:01:51 PM, SYSTEM, TERRY-PC, Protection, Malware Protection, Starting,
Protection, 10/27/2014 4:01:51 PM, SYSTEM, TERRY-PC, Protection, Malware Protection, Started,
Protection, 10/27/2014 4:01:51 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Starting,
Protection, 10/27/2014 4:01:52 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Started,
Detection, 10/27/2014 4:15:55 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, IP, 5.149.250.194, 63979, Outbound, C:\Windows\SysWOW64\svchost.exe,
Update, 10/27/2014 4:18:50 PM, SYSTEM, TERRY-PC, Scheduler, Malware Database, 2014.10.27.8, 2014.10.27.9,
Protection, 10/27/2014 4:18:50 PM, SYSTEM, TERRY-PC, Protection, Refresh, Starting,
Protection, 10/27/2014 4:18:50 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10/27/2014 4:18:51 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10/27/2014 4:18:56 PM, SYSTEM, TERRY-PC, Protection, Refresh, Success,
Protection, 10/27/2014 4:18:56 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Starting,
Protection, 10/27/2014 4:18:56 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, Started,
Detection, 10/27/2014 4:19:19 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, IP, 5.149.250.194, 64498, Outbound, C:\Windows\SysWOW64\svchost.exe,
Scan, 10/27/2014 4:21:20 PM, SYSTEM, TERRY-PC, Manual, Start:10/27/2014 4:07:17 PM, Duration:14 min 2 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Detection, 10/27/2014 5:01:49 PM, SYSTEM, TERRY-PC, Protection, Malicious Website Protection, IP, 88.214.241.212, xmlka.com, 0, Outbound,

(end)

Naathim · October 28, 2014

OK, let's see how does it look after those fixes.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

TerryH · October 28, 2014

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01
Ran by Terry (administrator) on TERRY-PC on 28-10-2014 13:02:36
Running from C:\Users\Terry\Desktop
Loaded Profile: Terry (Available profiles: Terry & Mcx1)
Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Users\Terry\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE2.0\opwareSE2.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Dropbox, Inc.) C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6975520 2009-02-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [OpwareSE2] => C:\Program Files (x86)\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [49152 2003-05-08] (ScanSoft, Inc.)
HKLM-x32\...\Run: [uVS11 Preload] => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [341232 2007-07-23] (InterVideo Digital Technology Corporation)
HKLM-x32\...\Run: [brStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3695416 2009-06-11] (brother)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [190808 2011-03-01] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [AmazonGSDownloaderTray] => C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-227674338-2978312964-2044416110-1000\...\Run: [iSUSPM] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-03-20] (Macrovision Corporation)
HKU\S-1-5-21-227674338-2978312964-2044416110-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-227674338-2978312964-2044416110-1000\...\Run: [Amazon Music] => C:\Users\Terry\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-05] ()
HKU\S-1-5-21-227674338-2978312964-2044416110-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~2\AmazonExtIE64.dll => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [119616 2014-05-23] (Amazon Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~2\AmazonExtIE.dll => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE.dll [106304 2014-05-23] (Amazon Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Advertising Cookie Opt-out -> {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} -> C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Advertising Cookie Opt-out -> {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} -> C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\hzi3cjgp.default
FF Homepage: hxxp://my.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> F:\Google\Picasa3\npPicasa3.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @movenetworks.com/Quantum Media Player -> C:\Users\Terry\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player -> C:\Users\Terry\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Terry\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Invenda Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Terry\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\hzi3cjgp.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-07-08]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-10-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-10-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-10-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-10-23]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-02]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-15]
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\Terry\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\Terry\AppData\Roaming\Move Networks [2010-03-08]
FF Extension: No Name - moveplayer@movenetworks.com [Not Found]
FF Extension: No Name - {23fcfd51-4958-4f00-80a3-ae97e717ed8b} [Not Found]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
S2 gupdate1c9ee9e3e003430; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 License Management Service ESD; C:\Program Files (x86)\Common Files\element5 Shared\Service\Licence Manager ESD.exe [69120 2010-01-08] (element5) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
S2 SBSDWSCService; F:\Spybot - Search & Destroy\SDWinSec.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Beep; No ImagePath
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
S3 MSI_DVD_010507; C:\Program Files\MSI\MSIWDev\DVDSYS64_100507.sys [28984 2010-05-10] (Your Corporation)
S3 MSI_MSIBIOS_010507; C:\Program Files\MSI\MSIWDev\msibios64_100507.sys [33592 2010-05-10] (Your Corporation)
S3 MSI_VGASYS_010507; C:\Program Files\MSI\MSIWDev\VGASYS64_100507.sys [14960 2010-05-10] () [File not signed]
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2010-02-24] (MediaMall Technologies, Inc.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2009-07-23] () [File not signed]
S3 UDXTTM6000; C:\Windows\System32\Drivers\UDXTTM6000.sys [366336 2008-03-02] ()
S3 UDXTTM6000HID; C:\Windows\System32\drivers\UDXTTM6000HID.sys [17920 2006-06-28] (DTV-DVB)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 16:31 - 2014-10-27 16:31 - 00001060 _____ () C:\Users\Terry\Desktop\mbam.txt
2014-10-27 15:47 - 2014-10-27 15:47 - 00000000 __SHD () C:\Windows\SysWOW64\%APPDATA%
2014-10-27 15:19 - 2014-10-27 14:56 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-10-27 14:58 - 2014-10-27 15:43 - 00050330 _____ () C:\zoek-results.log
2014-10-27 14:57 - 2014-10-27 15:11 - 00000000 ____D () C:\zoek_backup
2014-10-27 14:55 - 2014-10-27 14:55 - 01290752 _____ () C:\Users\Terry\Desktop\zoek.exe
2014-10-27 13:21 - 2014-10-27 15:43 - 00000656 _____ () C:\Windows\PFRO.log
2014-10-27 13:11 - 2014-10-27 13:11 - 00001697 _____ () C:\Users\Terry\Desktop\JRT.txt
2014-10-27 13:06 - 2014-10-27 13:06 - 00000000 ____D () C:\Windows\ERUNT
2014-10-27 13:00 - 2014-10-27 13:00 - 01998336 _____ () C:\Users\Terry\Desktop\AdwCleaner.exe
2014-10-27 13:00 - 2014-10-27 13:00 - 01706144 _____ (Thisisu) C:\Users\Terry\Desktop\JRT.exe
2014-10-27 12:24 - 2014-10-27 12:27 - 00045521 _____ () C:\Users\Terry\Desktop\Addition.txt
2014-10-27 12:23 - 2014-10-28 13:02 - 00020815 _____ () C:\Users\Terry\Desktop\FRST.txt
2014-10-27 12:23 - 2014-10-27 12:23 - 02113024 _____ (Farbar) C:\Users\Terry\Desktop\FRST64.exe
2014-10-25 19:55 - 2014-10-25 19:55 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-10-25 19:51 - 2014-10-25 19:51 - 00003856 _____ () C:\Windows\System32\Tasks\{3C2470AF-5CE7-3D2D-2C5B-9A6E35516A1A}
2014-10-25 19:51 - 2014-10-25 19:51 - 00000000 _____ () C:\Windows\system32\jqtqvi.dll
2014-10-24 15:46 - 2014-10-24 15:46 - 00001758 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-10-24 15:46 - 2014-10-24 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-24 15:46 - 2014-10-24 15:46 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-24 00:46 - 2014-10-24 00:47 - 00000990 _____ () C:\DelFix.txt
2014-10-24 00:43 - 2014-10-24 00:43 - 00000000 ___SD () C:\ComboFix
2014-10-23 16:18 - 2014-10-23 16:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-23 12:12 - 2014-10-23 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-22 16:28 - 2014-10-28 12:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-22 16:28 - 2014-10-22 16:28 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-22 16:28 - 2014-10-22 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-22 16:28 - 2014-10-22 16:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-22 16:28 - 2014-10-22 16:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-22 16:28 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-22 16:28 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-22 16:28 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-22 16:17 - 2014-10-28 12:56 - 00000000 ____D () C:\Users\Terry\AppData\Local\CrashDumps
2014-10-22 14:18 - 2014-10-22 14:18 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-21 11:49 - 2014-10-21 11:49 - 00001009 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady 7.0.lnk
2014-10-21 11:49 - 2014-10-21 11:49 - 00001004 _____ () C:\Users\Terry\Desktop\Adobe Photoshop 7.0.lnk
2014-10-20 00:27 - 2014-10-20 01:22 - 00000000 ____D () C:\Windows\erdnt
2014-10-19 14:49 - 2014-10-28 13:02 - 00000000 ____D () C:\FRST
2014-10-19 13:38 - 2014-10-27 13:19 - 00000000 ____D () C:\AdwCleaner
2014-10-19 11:12 - 2014-10-19 11:25 - 00000000 ____D () C:\NPE
2014-10-19 11:09 - 2014-10-19 11:50 - 00000000 ____D () C:\Users\Terry\AppData\Local\NPE
2014-10-19 11:09 - 2014-10-19 11:09 - 00000000 ____D () C:\ProgramData\Norton
2014-10-19 10:33 - 2014-10-19 10:33 - 00000732 _____ () C:\Users\Terry\AppData\Local\d3d9caps64.dat
2014-10-19 02:19 - 2014-10-19 02:19 - 00000000 ____D () C:\Users\Terry\Documents\ProcAlyzer Dumps
2014-10-19 02:03 - 2014-10-20 00:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-19 01:50 - 2014-10-27 15:44 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-10-16 03:18 - 2014-09-27 16:41 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 03:18 - 2014-09-16 23:57 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 03:18 - 2014-09-16 09:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 03:14 - 2014-06-15 15:18 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 03:14 - 2014-06-15 15:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 03:14 - 2014-06-13 11:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 03:14 - 2014-06-13 11:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 03:14 - 2014-06-13 10:36 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 03:14 - 2014-06-13 10:36 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 03:13 - 2014-09-04 16:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-15 22:55 - 2014-09-19 17:09 - 17867776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 22:55 - 2014-09-19 16:55 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 22:55 - 2014-09-19 16:54 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 22:55 - 2014-09-19 16:50 - 01385472 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 22:55 - 2014-09-19 16:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 22:55 - 2014-09-19 16:48 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 22:55 - 2014-09-19 16:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-15 22:55 - 2014-09-19 16:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 22:55 - 2014-09-19 16:47 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 22:55 - 2014-09-19 16:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 22:55 - 2014-09-19 16:47 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 22:55 - 2014-09-19 16:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 22:55 - 2014-09-19 16:47 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 22:55 - 2014-09-19 16:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 22:55 - 2014-09-19 16:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 22:55 - 2014-09-19 16:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 22:55 - 2014-09-19 16:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 22:55 - 2014-09-19 16:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-15 22:55 - 2014-09-19 16:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-15 22:55 - 2014-09-19 16:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 22:55 - 2014-09-19 16:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-15 22:55 - 2014-09-19 15:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 22:55 - 2014-09-19 15:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 22:55 - 2014-09-19 15:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 22:55 - 2014-09-19 15:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 22:55 - 2014-09-19 15:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 22:55 - 2014-09-19 15:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 22:55 - 2014-09-19 15:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-15 22:55 - 2014-09-19 15:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 22:55 - 2014-09-19 15:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 22:55 - 2014-09-19 15:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 22:55 - 2014-09-19 15:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-15 22:55 - 2014-09-19 15:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 22:55 - 2014-09-19 15:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 22:55 - 2014-09-19 15:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-15 22:55 - 2014-09-19 15:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 22:55 - 2014-09-19 15:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 22:55 - 2014-09-19 15:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 22:55 - 2014-09-19 15:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 22:55 - 2014-09-19 15:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-15 22:55 - 2014-09-19 15:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-15 22:55 - 2014-09-19 15:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-02 14:23 - 2014-10-02 14:23 - 00094208 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2014-10-02 14:23 - 2014-10-02 14:23 - 00069632 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-28 12:59 - 2009-05-21 13:51 - 01888328 _____ () C:\Windows\WindowsUpdate.log
2014-10-28 12:57 - 2014-09-01 22:02 - 00000000 ___RD () C:\Users\Terry\Dropbox
2014-10-28 12:57 - 2014-09-01 22:00 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\Dropbox
2014-10-28 12:54 - 2009-06-30 01:21 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-28 12:54 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-28 12:54 - 2006-11-02 08:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-28 12:54 - 2006-11-02 08:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-28 12:53 - 2009-12-16 17:30 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-10-28 12:52 - 2006-11-02 08:42 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-28 12:51 - 2009-06-30 01:21 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-28 12:16 - 2011-10-29 12:03 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-28 12:15 - 2012-04-05 09:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-27 19:54 - 2014-09-01 23:43 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\KeePass
2014-10-27 15:11 - 2006-11-02 06:34 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-27 12:45 - 2009-05-21 19:04 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-27 09:53 - 2009-06-22 23:21 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\Skype
2014-10-27 09:16 - 2014-04-15 09:56 - 00002413 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-25 17:54 - 2014-08-23 00:13 - 00000000 ____D () C:\Users\Terry\AppData\Local\Adobe
2014-10-24 17:23 - 2009-07-16 21:17 - 00000000 ____D () C:\Windows\Minidump
2014-10-24 17:22 - 2011-01-08 00:00 - 00000858 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-24 17:22 - 2010-04-08 17:28 - 00000000 ____D () C:\Program Files (x86)\CCleaner
2014-10-24 15:46 - 2009-06-03 12:16 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-24 01:48 - 2006-11-02 05:34 - 00000180 _____ () C:\Windows\win.ini
2014-10-24 00:52 - 2012-05-11 08:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-23 23:58 - 2006-11-02 05:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-23 12:12 - 2009-06-22 23:21 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-23 12:12 - 2009-06-22 23:21 - 00000000 ____D () C:\ProgramData\Skype
2014-10-22 14:01 - 2009-09-16 16:21 - 00000000 ____D () C:\TEMP
2014-10-22 14:00 - 2009-06-23 11:23 - 00002275 _____ () C:\Users\Public\Desktop\Jasc Paint Shop Pro 9.lnk
2014-10-22 14:00 - 2009-06-23 11:17 - 00000000 ____D () C:\Users\Terry\Documents\My PSP Files
2014-10-22 13:36 - 2006-11-02 08:21 - 00404736 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-21 16:11 - 2009-06-04 12:23 - 00001688 _____ () C:\Users\Public\Desktop\Hoyle Card Games 2003.lnk
2014-10-21 00:46 - 2009-06-30 01:21 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-21 00:46 - 2009-06-30 01:21 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 15:48 - 2010-02-09 16:48 - 00000426 _____ () C:\Windows\BRWMARK.INI
2014-10-20 15:04 - 2006-11-02 05:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-20 01:23 - 2006-11-02 06:33 - 00000000 __RHD () C:\Users\Default
2014-10-20 01:20 - 2009-06-02 17:22 - 00000000 ____D () C:\Users\Terry
2014-10-20 00:01 - 2009-12-11 10:25 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-16 03:13 - 2013-08-15 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 03:00 - 2006-11-02 05:35 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-04 09:58 - 2014-06-12 00:00 - 00001582 _____ () C:\Windows\System32\Tasks\Amazon Music Helper
2014-10-04 09:58 - 2014-06-12 00:00 - 00000927 _____ () C:\Users\Terry\Desktop\Amazon Music.lnk
2014-10-02 15:53 - 2009-10-02 14:07 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Terry\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphyla6n.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-28 13:01

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01
Ran by Terry at 2014-10-28 13:03:20
Running from C:\Users\Terry\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

001 Joiner and Splitter Pro (HKLM-x32\...\001 Joiner and Splitter Pro2.0) (Version: 2.0 - Welltek Software)
7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version: - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5 - Adobe Systems, Inc.)
Amazon 1Button App (HKLM-x32\...\{4D875057-4353-4B8F-93E5-8C3DC7F34EA9}) (Version: 1.0.8 - Amazon)
Amazon Games & Software Downloader (HKLM-x32\...\Amazon Games & Software Downloader_is1) (Version: 2.0.2.0 - Amazon)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoBase 4.5 (HKLM-x32\...\{C0BBE46D-5318-485A-8564-D8FA5576ECD4}) (Version: - ArcSoft)
ArcSoft PhotoBase 4.5 (Shared Components) (HKLM-x32\...\Uninstaller_B27C5000_ArcSoft PhotoBase 4.5) (Version: 2.60.30 - element5)
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}) (Version: - ArcSoft)
Astronomy 2005 Screensaver (HKLM-x32\...\Astronomy 2005 Screensaver) (Version: - )
ATI AVIVO64 Codecs (Version: 10.10.0.40914 - ATI Technologies Inc.) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4040 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother HL-2170W (HKLM-x32\...\{689BA753-2D23-470F-8014-B1EC8D61EE95}) (Version: 1.00 - Brother)
CameraHelperMsi (x32 Version: 13.25.1010.0 - Logitech) Hidden
Canon ScanGear Starter (HKLM-x32\...\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}) (Version: - )
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - )
CarbonPoker (HKCU\...\CarbonPoker) (Version: 5.0 - )
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel AfterShot Pro (HKLM-x32\...\AfterShot Pro) (Version: 1.2.0.7 - Corel Corporation)
Darksiders (HKLM-x32\...\Steam App 50620) (Version: - Vigil Games)
DarksidersInstaller (HKLM-x32\...\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}) (Version: 1.00.1000 - THQ)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
DigitalTV (HKLM-x32\...\{C19DBE5E-712E-4F02-8380-ECEDD951B374}) (Version: 2.64 - )
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.41 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Google Advertising Cookie Opt-out (HKLM\...\{A2E00B38-848D-4898-9109-BFA37C074DDC}) (Version: 1.0.1.0 - Google Inc)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
H&R Block California 2010 (HKLM-x32\...\{9FBDF580-E37F-4DEE-8F2E-75A8E8716AAD}) (Version: 1.10.4801 - HRB Technology, LLC.)
H&R Block California 2011 (HKLM-x32\...\{10894714-E82E-4371-9CF7-F58E352C76EA}) (Version: 1.11.5001 - HRB Technology, LLC.)
H&R Block California 2012 (HKLM-x32\...\{E040F1EC-82A9-4950-AAFE-55762AB59590}) (Version: 1.12.7501 - HRB Technology, LLC.)
H&R Block California 2013 (HKLM-x32\...\{FA9B4B45-B7F0-47A4-894B-19BBF8829FE2}) (Version: 1.13.6701 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2010 (HKLM-x32\...\{10964A8F-21C1-45EA-BC2D-F84B505C3848}) (Version: 10.04.6402 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2011 (HKLM-x32\...\{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}) (Version: 11.05.6901 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.05.7801 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.)
Hoyle Card Games 2003 (HKLM-x32\...\InstallShield_{9ABA26E1-843A-4A72-95AF-C72474E191F6}) (Version: 1.0.0.0 - Sierra)
Hoyle Card Games 2003 (x32 Version: 1.0.0.0 - Sierra) Hidden
iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
Intel® Network Connections 13.1.33.0 (HKLM\...\PROSetDX) (Version: 13.1.33.0 - Intel)
Intel® Network Connections 13.1.33.0 (Version: 13.1.33.0 - Intel) Hidden
InterVideo DeviceService (HKLM-x32\...\{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}) (Version: 1.0.0 - InterVideo)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B6.109 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0-B6.109 - InterVideo Inc.) Hidden
Jasc Animation Shop 3 (HKLM-x32\...\{7C4196CA-CA41-4F34-9C08-7724E7705D52}) (Version: 3.11 - Jasc Software Inc)
Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.01.0000 - Jasc Software Inc)
KeePass Password Safe 2.27 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.27 - Dominik Reichl)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
LWS VideoEffects (Version: 13.25.1005.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Manual CanoScan LiDE 500F (HKLM-x32\...\{B9C54C44-BB5A-4B03-8907-C01A9790195A}) (Version: - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2000 Disc 2 (HKLM-x32\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2000 Small Business (HKLM-x32\...\{00030409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Move Media Player (HKCU\...\Move Media Player) (Version: - Move Networks)
Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.8.0 - Nikon)
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version: - )
Octoshape Streaming Services (HKCU\...\Octoshape Streaming Services) (Version: - )
OmniPage SE 2.0 (HKLM-x32\...\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}) (Version: 2.00.0004 - ScanSoft, Inc.)
Opanda IExif 2.3 (HKLM-x32\...\Opanda IExif_is1) (Version: 2.3 - Opanda Studio)
Opanda PowerExif 1.2 Professional Trial (HKLM-x32\...\Opanda PowerExif Professional Trial_is1) (Version: 1.2 - Opanda Studio)
PC Connectivity Solution (HKLM-x32\...\{AC599724-5755-48C1-ABE7-ABB857652930}) (Version: 8.15.0.0 - Nokia)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.15 - Nikon)
QuickBooks Pro (HKLM-x32\...\QuickBooks Pro) (Version: - )
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5783 - Realtek Semiconductor Corp.)
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
SD Viewer for DSC (HKLM-x32\...\{5A8D3524-79DB-11D5-99D1-00010256D40E}) (Version: - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.5.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (x32 Version: 3.0.5.0 - SmartSound Software Inc) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.5.2 - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stellarium 0.11.4 (HKLM\...\Stellarium_is1) (Version: 0.11.4 - Stellarium team)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version: - )
ubi.com (HKLM-x32\...\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}) (Version: - )
Ulead VideoStudio 11 (HKLM-x32\...\InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}) (Version: 11.0.0.0000 - InterVideo Digital Technology Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VideoStudio (x32 Version: 11.0.0.0000 - InterVideo Digital Technology Corporation) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.8.2 - Nikon)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}) (Version: 8.0.0.35 - GRISOFT, s.r.o.)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version: - )
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) (HKLM\...\BC15EA930074932BB2C4B4493C9FD4EA95087D1A) (Version: 10/12/2007 6.85.4.0 - Nokia)
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
Windows Media Encoder 9 Series (x32 Version: 9.00.3374 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Terry\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files (x86)\Intuit\QuickBooks Pro\qbw32.exe (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Terry\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-227674338-2978312964-2044416110-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

02-10-2014 07:42:00 Scheduled Checkpoint
03-10-2014 06:52:06 Scheduled Checkpoint
04-10-2014 07:31:36 Scheduled Checkpoint
05-10-2014 07:00:00 Scheduled Checkpoint
06-10-2014 07:17:43 Scheduled Checkpoint
09-10-2014 19:11:35 Scheduled Checkpoint
10-10-2014 07:54:05 Scheduled Checkpoint
11-10-2014 08:20:32 Scheduled Checkpoint
12-10-2014 07:32:45 Scheduled Checkpoint
13-10-2014 03:49:42 Scheduled Checkpoint
14-10-2014 07:00:01 Scheduled Checkpoint
15-10-2014 07:54:27 Scheduled Checkpoint
16-10-2014 07:00:02 Scheduled Checkpoint
16-10-2014 10:00:16 Windows Update
17-10-2014 07:55:10 Scheduled Checkpoint
17-10-2014 21:13:30 Scheduled Checkpoint
19-10-2014 18:39:30 Norton_Power_Eraser_20141019113930010
21-10-2014 03:49:19 Scheduled Checkpoint
21-10-2014 22:20:51 Scheduled Checkpoint
23-10-2014 02:08:51 Scheduled Checkpoint
23-10-2014 17:59:24 Scheduled Checkpoint
24-10-2014 08:26:19 Windows Update
24-10-2014 18:13:35 Installed Java 7 Update 71
25-10-2014 07:00:01 Scheduled Checkpoint
26-10-2014 07:00:02 Scheduled Checkpoint
27-10-2014 07:55:17 Scheduled Checkpoint
27-10-2014 19:44:45 Removed Java 7 Update 71
27-10-2014 21:58:57 zoek.exe restore point
28-10-2014 07:47:26 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:34 - 2014-10-20 01:21 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04BAE03B-AD15-4A16-A8C6-56B6C0616671} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Terry => C:\Program Files\Windows Calendar\wincal.exe [2008-01-20] (Microsoft Corporation)
Task: {059095CE-546D-42FA-BFB7-E33EEA86785D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {1FA0A7B4-ED60-4DD0-A86B-5B580DC734EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {25F37DCF-758A-4D40-8AD5-541C7606A708} - System32\Tasks\{3B5C56C1-C525-4A88-BC88-61EE6267BF86} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {33E3A743-D36C-4DF9-ADF2-C23F213D301D} - System32\Tasks\{AE5D3469-07BF-4E7B-928B-3BF5CB113809} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {4221026F-393B-4E5D-A8EC-D65747B252B5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {4A15123C-E76F-4D82-B937-7D5243C98D4F} - System32\Tasks\{FE0E2BBA-4C80-4767-89A4-E9ACD7EC1BD1} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {6663F415-D2F8-44BB-895F-3767650B3BA3} - System32\Tasks\{3D2BD65F-DB2E-44BF-B7D4-B095FB17512A} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {73BE57F4-69BB-4A26-8063-8C62FDCE9650} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {74E73ABB-3C2E-4E70-81BE-A96408803B53} - System32\Tasks\{601D9548-9905-4246-9B31-F26759BF3791} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {7A74FA86-3C66-4D14-9015-F48ED6785C2E} - System32\Tasks\{6842AD54-94B6-4A61-9BE5-784DA11F3505} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {7D7FBBF4-4AD3-4CAC-AE0E-2A537530C66F} - System32\Tasks\{D196BA7A-04DD-48D5-9D85-E077ABA37980} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {804C1006-05E5-424D-880B-938CDC97893F} - System32\Tasks\{3C2470AF-5CE7-3D2D-2C5B-9A6E35516A1A} => C:\Windows\system32\yxqjk.dll/s "C:\Windows\system32\yxqjk.dll"
Task: {8A678B8E-11EB-4BD0-B154-4AC383C77F85} - System32\Tasks\{4E509FBC-8D20-48B3-BC84-70CD1F5B8430} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {8DF75516-4B1E-4AAE-9DD9-82CA55732D7F} - System32\Tasks\Amazon Music Helper => C:\Users\Terry\AppData\Local\Amazon Music\Amazon Music Helper.exe [2014-09-05] ()
Task: {91FF7E33-391D-4CD3-93EF-C90A2141CF12} - System32\Tasks\{794A5A98-576A-4AC6-B2F6-7A6AEBBE1CFB} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {936FDF1A-F2F1-4178-B434-D50A40DDA843} - System32\Tasks\{6E98BF58-8743-49B2-B308-4DE4611C776C} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {996EB13C-36C5-4711-911C-BA20B30DF07A} - System32\Tasks\{59E7C911-55A9-4C3E-B8D2-17DF1B71CBD7} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {9C62F2EB-3709-4238-9408-83463879928F} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {9C639299-8693-461C-9CB2-45D1A0FF2D8A} - System32\Tasks\{E503D6A6-1A96-49AB-A045-19E3A4F5DC74} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {C4CF95F9-568A-4311-81F4-7DF6A379CA76} - System32\Tasks\{DB0D0ADC-9968-4EAE-986D-62664CE01A59} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {CA62A84B-F5D8-494B-9526-C9C18D45A06A} - System32\Tasks\{945D3406-F7FA-4D61-96AA-8B434EE19EAD} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {DE5F040D-02BF-482C-936F-ADD968366CF5} - System32\Tasks\{DF5DE0A7-5C1B-4991-B5D0-CC2F00C6A55C} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {E09DB6C2-0533-4D35-8229-FBAC11C2A77D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {EE12B1A3-7823-4EC6-9089-AA4CC209033D} - System32\Tasks\{05E3AA6F-390E-4F95-B09F-B23A7A691C38} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {F6E17BA7-1D87-482D-B956-B9A9E9F2366C} - System32\Tasks\{23020DA5-E10F-49C1-9AE8-B4E2F5F23E7F} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {F83E7E02-FA8B-4B8D-9506-4010AD28F308} - System32\Tasks\{BEB37EE1-93B4-4734-8BA9-884601E030FD} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-31 14:47 - 2013-10-31 14:47 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2011-04-20 01:21 - 2013-03-28 18:07 - 00045056 _____ () C:\Windows\system32\atitmp64.dll
2014-06-11 23:59 - 2014-09-05 17:54 - 06281536 _____ () C:\Users\Terry\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-05-07 19:35 - 2010-05-07 19:35 - 02143576 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2010-05-07 19:35 - 2010-05-07 19:35 - 07954776 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2010-05-07 19:36 - 2010-05-07 19:36 - 00340824 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2010-05-07 19:37 - 2010-05-07 19:37 - 00027480 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2010-05-07 19:37 - 2010-05-07 19:37 - 00126808 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2014-10-28 12:56 - 2014-10-28 12:56 - 00043008 _____ () c:\users\terry\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphyla6n.dll
2013-08-23 12:01 - 2013-08-23 12:01 - 25100288 _____ () C:\Users\Terry\AppData\Roaming\Dropbox\bin\libcef.dll
2007-02-05 17:34 - 2007-02-05 17:34 - 00116248 _____ () C:\Program Files (x86)\Common Files\InterVideo\Common\Bin\MpgTsRdr.ax

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: DivXMediaServer => "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

========================= Accounts: ==========================

Administrator (S-1-5-21-227674338-2978312964-2044416110-500 - Administrator - Disabled)
Guest (S-1-5-21-227674338-2978312964-2044416110-501 - Limited - Disabled)
Mcx1 (S-1-5-21-227674338-2978312964-2044416110-1006 - Administrator - Enabled) => C:\Users\Mcx1
Terry (S-1-5-21-227674338-2978312964-2044416110-1000 - Administrator - Enabled) => C:\Users\Terry

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/28/2014 00:58:43 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.

Error: (10/28/2014 00:56:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2014 00:55:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.1.711, time stamp 0x542b53ec, faulting module kernel32.dll, version 6.0.6002.18881, time stamp 0x51da3e00, exception code 0xc0000142, fault offset 0x0006f52f,
process id 0xe4c, application start time 0xmbam.exe0.

Error: (10/28/2014 00:47:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.1.711, time stamp 0x542b53ec, faulting module gdiplus.dll_unloaded, version 0.0.0.0, time stamp 0x535bd814, exception code 0xc0000005, fault offset 0x72b374b2,
process id 0x4828, application start time 0xmbam.exe0.

Error: (10/27/2014 07:53:32 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\48929E005E4E21C666CDF7CB9517DCBB1B7C1DF0> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (10/27/2014 07:53:32 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\48929E005E4E21C666CDF7CB9517DCBB1B7C1DF0> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (10/27/2014 06:11:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\A4F72B91A46697E2A2B407CE3867E27A461C74F1> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (10/27/2014 06:11:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\A4F72B91A46697E2A2B407CE3867E27A461C74F1> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (10/27/2014 06:11:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\A4F72B91A46697E2A2B407CE3867E27A461C74F1> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (10/27/2014 06:11:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\A4F72B91A46697E2A2B407CE3867E27A461C74F1> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

System errors:
=============
Error: (10/28/2014 00:59:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Modules Installer11200001Restart the service

Error: (10/28/2014 00:57:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
StarOpen

Error: (10/28/2014 00:57:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SBSD Security Center Service%%3

Error: (10/28/2014 00:54:08 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: The print spooler failed to share printer Brother HL-2170W series with shared resource name Brother HL-2170W series. Error 2114. The printer cannot be used by others on the network.

Error: (10/28/2014 00:54:08 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: The print spooler failed to share printer Canon Inkjet PIXMA iP5000 with shared resource name Canon Inkjet PIXMA iP5000. Error 2114. The printer cannot be used by others on the network.

Error: (10/28/2014 00:53:11 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/27/2014 03:44:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
StarOpen

Error: (10/27/2014 03:44:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SBSD Security Center Service%%3

Error: (10/27/2014 03:43:23 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: The print spooler failed to share printer Brother HL-2170W series with shared resource name Brother HL-2170W series. Error 2114. The printer cannot be used by others on the network.

Error: (10/27/2014 03:43:23 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: The print spooler failed to share printer Canon Inkjet PIXMA iP5000 with shared resource name Canon Inkjet PIXMA iP5000. Error 2114. The printer cannot be used by others on the network.

Microsoft Office Sessions:
=========================
Error: (10/28/2014 00:58:43 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.(NULL)(NULL)(NULL)(NULL)

Error: (10/28/2014 00:56:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2014 00:55:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.1.711542b53eckernel32.dll6.0.6002.1888151da3e00c00001420006f52fe4c01cff2e91ace4b9d

Error: (10/28/2014 00:47:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.1.711542b53ecgdiplus.dll_unloaded0.0.0.0535bd814c000000572b374b2482801cff243c58a935a

Error: (10/27/2014 07:53:32 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\48929E005E4E21C666CDF7CB9517DCBB1B7C1DF0

Error: (10/27/2014 07:53:32 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\48929E005E4E21C666CDF7CB9517DCBB1B7C1DF0

Error: (10/27/2014 06:11:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\A4F72B91A46697E2A2B407CE3867E27A461C74F1

Error: (10/27/2014 06:11:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\A4F72B91A46697E2A2B407CE3867E27A461C74F1

Error: (10/27/2014 06:11:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\A4F72B91A46697E2A2B407CE3867E27A461C74F1

Error: (10/27/2014 06:11:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\TERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HZI3CJGP.DEFAULT\CACHE2\ENTRIES\A4F72B91A46697E2A2B407CE3867E27A461C74F1

CodeIntegrity Errors:
===================================
Date: 2014-10-28 13:02:43.130
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-28 13:02:42.897
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-28 13:02:42.688
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-28 13:02:42.499
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-28 12:57:10.380
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-28 10:43:06.721
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-28 10:43:06.512
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-28 10:43:06.311
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-28 10:43:06.103
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-28 10:43:00.165
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 22%
Total physical RAM: 12278.26 MB
Available physical RAM: 9476.96 MB
Total Pagefile: 24481.55 MB
Available Pagefile: 21886.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:581.1 GB) (Free:378.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:8.53 GB) NTFS
Drive k: (Seagate Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:1792.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: B8000000)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=581.1 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.

==================== End Of Log ============================

AVG snagged this just before I ran Farbar. Malwarebytes is unstable too and closes. I got stuff embedded. No obvious reasons to be infected.

Naathim · October 29, 2014

Something is totally not right here. I am cleaning and new threads are arriving.

I need to grab some deeper scans.

Scan with Gmer

This type of scan often produces false positives. At any point do not take any action for any suspicious entries you may see there. Instead post the log to be analyzed.

Please download GMER by Gmer and save the file to your desktop.
It will come as a randomly named file (like a6ge38b4.exe) - that's absolutely normal.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

Right-click on randomly named icon and select Run as Administrator to start the tool.
It is very important that you do not use your computer while Gmer is running!
Gmer will open to the Rootkit/Malware tab and perform an automatic quick scan.
If you receive a warning about rootkit activity and are asked to fully scan your system click NO!

When the pre-scan is completed, please do the following:

Please check in the Quick scan box.
Please uncheck the IAT/EAT and Show All.
Click Scan.
If you see a rootkit warning window click OK.
When the scan is finished, Save the results to your desktop as gmer.log.

Please include the content of this file in your next reply.
Don't forget to re-enable previously switched-off protection software!

If you encounter any problems, try running GMER in Safe Mode.
If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning.

Scan with RogueKiller

Please download RogueKiller and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
Accept the Terms of use.
When the Scan button becomes available, please click it. RogueKiller will start a full scan.
Let this process run uninterrupted!.
When finished, a Report button will become available. Click it. You will be presented with a logfile.

Please include the content of this logfile in your next reply.

TerryH · October 29, 2014

Malwarebytes has not seen any outgoing since AVG deleted those trojan files. It's been almost 24 hours.

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-10-29 11:17:20
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD6400AAKS-75A7B2 rev.01.03B01 596.17GB
Running: oh1uy8jt.exe; Driver: C:\Users\Terry\AppData\Local\Temp\kgloipob.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe                                                                                                                                                                                                                            suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe                                                                                                                                                                                                                            suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe                                                                                                                                                                                                                            suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe                                                                                                                                                                                                                            suspicious modification

---- Threads - GMER 2.1 ----

Thread    C:\Windows\system32\SearchIndexer.exe [3416:4688]                                                                                                                                                                                                           000007fef1cb39f0
---- Processes - GMER 2.1 ----

Library   C:\Users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\amd64\SkyDriveShell64.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2228] (Microsoft OneDrive Shell Extension/Microsoft Corporation)(2014-09-01 16:44:15)                            000007fefa1b0000
Library   C:\Users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\amd64\MSVCP110.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2228] (Microsoft® C Runtime Library/Microsoft Corporation)(2014-09-01 16:44:18)                                         000007fef9970000
Library   C:\Users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\amd64\MSVCR110.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2228] (Microsoft® C Runtime Library/Microsoft Corporation)(2014-09-01 16:44:15)                                         000007fef98a0000
Library   C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2228] (Dropbox Shell Extension/Dropbox, Inc.)(2014-06-24 21:08:00)                                                                           000007fef9870000
Process   C:\Users\Terry\AppData\Local\Amazon Music\Amazon Music Helper.exe (*** suspicious ***) @ C:\Users\Terry\AppData\Local\Amazon Music\Amazon Music Helper.exe [2796](2014-06-12 06:59:55)                                                                      00000000010b0000
Process   C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe [3012] (Dropbox/Dropbox, Inc.)(2014-09-13 00:52:04)                                                                    0000000000400000
Library   C:\Users\Terry\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe [3012](2014-09-13 00:20:58)                                                                                       00000000041f0000
Library   c:\users\terry\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjdcrgs.dll (*** suspicious ***) @ C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe [3012](2014-10-29 17:00:56)                                         00000000040e0000
Library   C:\Users\Terry\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe [3012](2013-08-23 19:01:44)                                                                                             000000006b1b0000
Library   C:\Users\Terry\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe [3012] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42)                                                               0000000067510000
Library   C:\Users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\SkyDriveShell.dll (*** suspicious ***) @ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [5720] (Microsoft OneDrive Shell Extension/Microsoft Corporation)(2014-09-01 16:44:16) 00000000737c0000
Library   C:\Users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\MSVCP110.dll (*** suspicious ***) @ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [5720] (Microsoft® C Runtime Library/Microsoft Corporation)(2014-09-01 16:44:15)             0000000072940000
Library   C:\Users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\MSVCR110.dll (*** suspicious ***) @ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [5720] (Microsoft® C Runtime Library/Microsoft Corporation)(2014-09-01 16:44:15)             000000006ecb0000
Library   C:\Users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\Telemetry.dll (*** suspicious ***) @ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [5720] (Telemetry Library/Microsoft Corporation)(2014-09-01 16:44:15)                       000000006f620000
Library   C:\Users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\logging.dll (*** suspicious ***) @ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [5720] (Logging Library/Microsoft Corporation)(2014-09-01 16:44:15)                           0000000074cc0000
Library   C:\Users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (*** suspicious ***) @ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [5720] (Dropbox Shell Extension/Dropbox, Inc.)(2014-06-24 21:08:00)                                           0000000072910000

---- EOF - GMER 2.1 ----

RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Terry [Administrator]
Mode : Scan -- Date : 10/29/2014 14:22:59

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 33 ¤¤¤
[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A442\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Found
[Hj.RegVal] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A442\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Found
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD (\SystemRoot\system32\drivers\afd.sys) -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-227674338-2978312964-2044416110-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-227674338-2978312964-2044416110-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-227674338-2978312964-2044416110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-227674338-2978312964-2044416110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-227674338-2978312964-2044416110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-227674338-2978312964-2044416110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-227674338-2978312964-2044416110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-227674338-2978312964-2044416110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-227674338-2978312964-2044416110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-227674338-2978312964-2044416110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A442\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A442\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A442\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A442\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-227674338-2978312964-2044416110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-227674338-2978312964-2044416110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-227674338-2978312964-2044416110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-227674338-2978312964-2044416110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\1394BUS.SYS)

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] hzi3cjgp.default : user_pref("browser.startup.homepage", "http://my.yahoo.com/"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD6400AAKS-75A7B2 ATA Device +++++
--- User ---
[MBR] 62f6257a2c405e3bf5d5eba7b156ba49
[bSP] 8abefccd33de0d42deccd99166f8f0d0 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 145408 | Size: 15360 MB
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31602688 | Size: 595048 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Seagate Expansion Desk USB Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: TEAC USB   HS-CF Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: TEAC USB   HS-xD/SM USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: TEAC USB   HS-MS Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: TEAC USB   HS-SD Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

Naathim · October 30, 2014

Hi

Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Accept the disclaimer and agree if prompted to install Recovery Console.
Do not take any actions while ComboFix goes through your System - it may cause it to stall!
This scan may take some time!
When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
Don't forget to re-enable your previously switched-off protection software!

TerryH · October 30, 2014

ComboFix 14-10-29.01 - Terry 10/30/2014 12:09:47.1.8 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.12278.8689 [GMT -7:00]
Running from: c:\users\Terry\Desktop\ComboFix.exe
AV: AVG AntiVirus 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-28 to 2014-10-30 )))))))))))))))))))))))))))))))
.
.
2014-10-30 09:07 . 2014-10-30 09:07   75888   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{A011F925-34A0-4F0A-9E94-4EC79B7684DB}\offreg.dll
2014-10-30 00:17 . 2014-10-20 10:37   11627712   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{A011F925-34A0-4F0A-9E94-4EC79B7684DB}\mpengine.dll
2014-10-29 18:20 . 2014-10-29 21:18   37624   ----a-w-   c:\windows\system32\drivers\TrueSight.sys
2014-10-29 18:20 . 2014-10-29 18:20   --------   d-----w-   c:\programdata\RogueKiller
2014-10-27 22:47 . 2014-10-27 22:47   --------   d-sh--w-   c:\windows\SysWow64\%APPDATA%
2014-10-27 22:19 . 2014-10-27 21:56   24064   ----a-w-   c:\windows\zoek-delete.exe
2014-10-27 21:57 . 2014-10-27 22:11   --------   d-----w-   C:\zoek_backup
2014-10-27 20:06 . 2014-10-27 20:06   --------   d-----w-   c:\windows\ERUNT
2014-10-26 02:51 . 2014-10-26 02:51   0   ----a-w-   c:\windows\system32\jqtqvi.dll
2014-10-24 22:46 . 2014-10-24 22:46   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2014-10-24 22:46 . 2014-10-24 22:46   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2014-10-24 22:46 . 2014-10-24 22:46   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2014-10-24 22:46 . 2014-10-24 22:46   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2014-10-24 22:46 . 2014-10-24 22:46   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2014-10-24 22:46 . 2014-10-24 22:46   --------   d-----w-   c:\program files (x86)\QuickTime
2014-10-23 19:12 . 2014-10-23 19:12   --------   d-----w-   c:\program files (x86)\Common Files\Skype
2014-10-22 23:28 . 2014-10-30 16:38   129752   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-22 23:28 . 2014-10-22 23:28   --------   d-----w-   c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-22 23:28 . 2014-10-22 23:28   --------   d-----w-   c:\programdata\Malwarebytes
2014-10-22 23:28 . 2014-10-01 18:11   64216   ----a-w-   c:\windows\system32\drivers\mwac.sys
2014-10-22 23:28 . 2014-10-01 18:11   93400   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2014-10-22 23:28 . 2014-10-01 18:11   25816   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-10-22 23:17 . 2014-10-29 21:28   --------   d-----w-   c:\users\Terry\AppData\Local\CrashDumps
2014-10-22 21:18 . 2014-10-22 21:18   --------   d-----w-   c:\program files (x86)\ESET
2014-10-19 21:49 . 2014-10-28 20:06   --------   d-----w-   C:\FRST
2014-10-19 20:38 . 2014-10-27 20:19   --------   d-----w-   C:\AdwCleaner
2014-10-19 18:12 . 2014-10-19 18:25   --------   d-----w-   C:\NPE
2014-10-19 18:09 . 2014-10-19 18:50   --------   d-----w-   c:\users\Terry\AppData\Local\NPE
2014-10-19 18:09 . 2014-10-19 18:09   --------   d-----w-   c:\programdata\Norton
2014-10-19 09:03 . 2014-10-20 07:04   --------   d-----w-   c:\program files (x86)\Spybot - Search & Destroy 2
2014-10-16 10:18 . 2014-09-17 06:57   76800   ----a-w-   c:\windows\system32\packager.dll
2014-10-16 10:18 . 2014-09-16 16:56   66560   ----a-w-   c:\windows\SysWow64\packager.dll
2014-10-16 10:18 . 2014-09-27 23:41   2782208   ----a-w-   c:\windows\system32\win32k.sys
2014-10-16 10:14 . 2014-06-15 22:18   1131664   ----a-w-   c:\windows\SysWow64\dfshim.dll
2014-10-16 10:14 . 2014-06-15 22:18   1943696   ----a-w-   c:\windows\system32\dfshim.dll
2014-10-16 10:14 . 2014-06-13 18:22   81560   ----a-w-   c:\windows\SysWow64\mscories.dll
2014-10-16 10:14 . 2014-06-13 18:22   156824   ----a-w-   c:\windows\SysWow64\mscorier.dll
2014-10-16 10:14 . 2014-06-13 17:36   73880   ----a-w-   c:\windows\system32\mscories.dll
2014-10-16 10:14 . 2014-06-13 17:36   156312   ----a-w-   c:\windows\system32\mscorier.dll
2014-10-16 10:13 . 2014-09-04 23:38   198656   ----a-w-   c:\windows\system32\drivers\fastfat.sys
2014-10-02 21:23 . 2014-10-02 21:23   94208   ----a-w-   c:\windows\SysWow64\QuickTimeVR.qtx
2014-10-02 21:23 . 2014-10-02 21:23   69632   ----a-w-   c:\windows\SysWow64\QuickTime.qts
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-16 10:00 . 2006-11-02 12:35   103265616   ----a-w-   c:\windows\system32\mrt.exe
2014-10-02 22:53 . 2009-10-02 21:07   278152   ------w-   c:\windows\system32\MpSigStub.exe
2014-09-24 17:15 . 2012-04-05 16:05   701104   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-24 17:15 . 2011-05-20 05:10   71344   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-09 06:40 . 2014-09-24 07:18   2048   ----a-w-   c:\windows\system32\tzres.dll
2014-09-09 06:24 . 2014-09-24 07:18   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2014-08-23 01:05 . 2014-08-28 10:00   304128   ----a-w-   c:\windows\SysWow64\gdi32.dll
2014-08-23 00:42 . 2014-08-28 10:00   390144   ----a-w-   c:\windows\system32\gdi32.dll
2014-08-06 17:50 . 2014-08-06 17:50   123672   ----a-w-   c:\windows\system32\drivers\avgmfx64.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-09-01 16:44   233128   ----a-w-   c:\users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-09-01 16:44   233128   ----a-w-   c:\users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-09-01 16:44   233128   ----a-w-   c:\users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   131480   ----a-w-   c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   131480   ----a-w-   c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   131480   ----a-w-   c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   131480   ----a-w-   c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   131480   ----a-w-   c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   131480   ----a-w-   c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   131480   ----a-w-   c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   131480   ----a-w-   c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Amazon Music"="c:\users\Terry\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-09-06 6281536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"OpwareSE2"="c:\program files (x86)\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"UVS11 Preload"="c:\program files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 341232]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-06-11 3695416]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-29 642656]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-08-25 5188112]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2014-07-06 2117632]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
.
c:\users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-12 36414624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-3 113664]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Amazon\AMAZON~2\AmazonExtIE.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - TrueSight
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{981b174d-7733-4e7f-b89d-6545a7c21838}]
2014-05-23 21:45   189952   ----a-w-   c:\program files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonTaskbarApp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 17:15]
.
2014-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-16 07:46]
.
2014-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-16 07:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-09-01 16:44   260776   ----a-w-   c:\users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-09-01 16:44   260776   ----a-w-   c:\users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-09-01 16:44   260776   ----a-w-   c:\users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_3\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   164760   ----a-w-   c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   164760   ----a-w-   c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   164760   ----a-w-   c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   164760   ----a-w-   c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   164760   ----a-w-   c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   164760   ----a-w-   c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   164760   ----a-w-   c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   164760   ----a-w-   c:\users\Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-02-24 6975520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Amazon\AMAZON~2\AmazonExtIE64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Locate Spot on Map by GPS - c:\program files (x86)\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files (x86)\Opanda\IExif 2.3\IExifCom.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\hzi3cjgp.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - ExtSQL: !HIDDEN! 2009-06-25 03:10; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-AfterShot Pro - f:\corel\Corel AfterShot Pro\uninstall.exe
AddRemove-Astronomy 2005 Screensaver - c:\program files (x86)\Edible Entertainment
AddRemove-Picasa 3 - f:\google\Picasa3\Uninstall.exe
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - f:\spybot - search & destroy\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2014-10-30 12:26:52
ComboFix-quarantined-files.txt 2014-10-30 19:26
.
Pre-Run: 405,912,723,456 bytes free
Post-Run: 405,884,960,768 bytes free
.
- - End Of File - - 898A33BB0A4403EB9E74E8C057D3BB71
5C616939100B85E558DA92B899A0FC36

Naathim · October 30, 2014

Hi

That is all fine. Is there still something strange happening?

TerryH · October 30, 2014

It's been 2 days since Malwarebytes has detected any outgoing. Looks good..... right now.

Naathim · October 31, 2014

OK, let's clean my mess.

Clean with DelFix

Please download DelFix by Xplode and save it to your desktop.

Right-click on icon and select Run as Administrator to start the tool.
Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
Push Run.
When finished, it will display a notepad report.

Include it for my review.
Please also manually reboot your machine after posting your logfile.

TerryH · October 31, 2014

# DelFix v10.8 - Logfile created 31/10/2014 at 13:14:35
# Updated 29/07/2014 by Xplode
# Username : Terry - TERRY-PC
# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\Combofix
Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\zoek-results.log
Deleted : C:\Users\Terry\Desktop\Addition.txt
Deleted : C:\Users\Terry\Desktop\AdwCleaner.exe
Deleted : C:\Users\Terry\Desktop\ComboFix.exe
Deleted : C:\Users\Terry\Desktop\FRST.txt
Deleted : C:\Users\Terry\Desktop\FRST64.exe
Deleted : C:\Users\Terry\Desktop\JRT.exe
Deleted : C:\Users\Terry\Desktop\JRT.txt
Deleted : C:\Users\Terry\Desktop\RKreport_SCN_10292014_142259.log
Deleted : C:\Users\Terry\Desktop\RogueKillerX64.exe
Deleted : C:\Users\Terry\Desktop\zoek.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Cleaning system restore ...

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

Naathim · November 1, 2014

You are ready to go

Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.

Recommended reading:

MUST READ - security tips: Computer Security - a short guide to staying safer online.

MUST READ - general maintenance: What to do if your Computer is running slowly?

Recommended additional software:

TFC - to clean unneeded temporary files.

Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.

Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.

McShield - to prevent infections spread by removable media.

CryptoPrevent - to secure yourself from very severe CryptoLocker infection.

Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.

My help is always free, but if you are happy with the help provided and wish to help my fight against malware, please consider making a donation.

All donations are to refund a new HDD to replace the old one, which recently passed away!

Now if you have any other questions, feel free to ask me. Otherwise simply acknowledge my recommendations and this topic will be closed.

Stay safe,

Naat

TerryH · November 1, 2014

Thanks Naat...... again!

Naathim · November 1, 2014

You are welcome!

AdvancedSetup · November 1, 2014

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Need help removing Poweliks Trojan

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information