Help with multiple dll.host.exe (COM Surrogate) malware

[Geordie]

Hi--

 

I'm having a problem some process/app spawning multiple COM Surrogates (dllhost.exe).  I have attached the application log from the most recent scan, as well as the result of the Farbar utility run on Windows 7 64-bit.

Addition.txt

FRST.txt

mbam_application_log.txt

[LiquidTension]

Hello Geordie, welcome to Malwarebytes' Malware Removal forum!

My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. 

General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================

Please read through the points below to ensure this process moves as quickly and efficiently as possible.

• Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
• Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
• Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
• Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.
• If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
• Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
• Ensure you are following this topic. Click  at the top of the page.

======================================================
 
Due to the nature of one of the infections present on your machine, I must ensure you are aware of the following. Please read the warning below, let me know what you think and how you wish to proceed. 
 

BACKDOOR WARNING
 
------------------------------

One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.

If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).

Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following article for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Whilst the identified infection(s) can be removed, there is no way to guarantee the trustworthiness of your computer unless you reformat your Hard Drive and reinstall your Operating System. This is due to the nature of the infection, which allows the attacker remote control over the machine. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat/reinstall. Please read the following articles for more information.

• When should I re-format? How should I reinstall?
• Help: I Got Hacked. Now What Do I Do?
• Where to draw the line? When to recommend a format and reinstall?

You now have the choice between cleaning the infection(s) present or reformatting your computer. Ultimately, this decision is personal, and down to you and what you're most comfortable with. Please let me know how you wish to proceed, and if you have any questions.

[Geordie]

Adam, thanks for your attention. By all means, feel free to call me Geordie. I'd like to move forward with attempting to clean the infection present.

[LiquidTension]

Hi Geordie, 
 
Please work your way through the following. 
 
STEP 1
 ComboFix

• Note: Please read through these instructions before running ComboFix. 
• Please download ComboFix and save the file to your Desktop. << Important!
• Temporarily disable your anti-virus software. For instructions, please refer to the following link.
• Right-Click ComboFix.exe and select  Run as administrator to run the programme.
• Follow the prompts. 
   
• Allow ComboFix to complete it's removal routine (please refer to Important Notes:).
• Upon completion, a log (ComboFix.txt) will be created in the root directory (C:\). Copy the contents of the log and paste in your next reply.
• Re-enable your anti-virus software.
   

Important Notes:

• Do NOT mouse click ComboFix's window whilst it is running. This may cause the programme to stall.
• Do NOT use your computer whilst ComboFix is running.
• Your Desktop/taskbar may disappear whilst ComboFix is running; this is normal.
   
• If you get the message Illegal operation attempted on registry key that has been marked for deletion please reboot your computer.
• ComboFix will disconnect your machine from the Internet as soon as it starts.
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If you are unable to access the Internet after running ComboFix, please reboot your computer. 
   

STEP 2
 TDSSKiller Scan

• Please download TDSSKiller and save the file to your Desktop.
• Right-Click TDSSKiller.exe and select  Run as administrator to run the programme.
• Click Change parameters. Place a checkmark next to:
  • Loaded Modules
  • Detect TDLFS file system
  • Verify file digital signatures
• Note: If you receive the following message: Extended Monitoring Driver is required, click Reboot now, and continue from here following the reboot.
• ​Click Start Scan. Do not use the computer during the scan.
• If objects are found, change the action to skip.
• Click Continue and close the window.
• A log will be created and saved to the root directory (usually C:\). Attach the log in your next reply.
   

STEP 3
 Farbar Recovery Scan Tool (FRST) Scan

• Right-Click FRST64.exe and select  Run as administrator to run the programme.
• Click Yes to the disclaimer.
• Ensure the Addition.txt box is checked.
• Click the Scan button and let the programme run.
• Upon completion, click OK, then OK on the Addition.txt pop up screen.
• Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
   

======================================================
 
STEP 4
 Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• ComboFix.txt
• TDSSKiller log (attached)
• FRST.txt
• Addition.txt

[Geordie]

***********************

* Results of ComboFix *

***********************

 

ComboFix 14-10-29.01 - Geordie 10/29/2014   6:05.1.8 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16334.12609 [GMT -4:00]

Running from: c:\users\Geordie\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\users\Geordie\AppData\Local\assembly\tmp

c:\windows\msdownld.tmp

.

.

CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.

You should verify if current CLSID data is correct: 

.

HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}

    (Default)    REG_SZ    Thumbnail Cache Class Factory for Out of Proc Server

    AppID    REG_SZ    {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}

.

HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32

    (Default)    REG_SZ    c:\windows\system32\thumbcache.dll

    ThreadingModel    REG_SZ    Apartment

.

.

(((((((((((((((((((((((((   Files Created from 2014-09-28 to 2014-10-29  )))))))))))))))))))))))))))))))

.

.

2014-10-29 11:08 . 2014-10-29 11:08 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-10-29 09:58 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE2D3653-842A-4077-893F-358BC4B35019}\mpengine.dll

2014-10-29 09:04 . 2014-10-29 09:04 5 ----a-w- c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp

2014-10-29 00:17 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-10-28 11:11 . 2014-10-28 11:12 -------- d-----w- C:\FRST

2014-10-27 10:47 . 2014-10-28 22:45 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-10-27 10:46 . 2014-10-01 15:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-10-27 10:46 . 2014-10-01 15:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-10-27 10:46 . 2014-10-01 15:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-10-27 10:46 . 2014-10-27 10:46 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware

2014-10-27 10:46 . 2014-10-27 10:46 -------- d-----w- c:\programdata\Malwarebytes

2014-10-19 15:02 . 2014-10-19 15:02 -------- d-----w- c:\programdata\PuzzlesByJoe

2014-10-18 12:24 . 2014-10-18 12:24 -------- d-----w- c:\program files (x86)\Clutter IV - Minigame Madness Tour

2014-10-15 05:04 . 2014-10-10 02:05 276480 ----a-w- c:\windows\system32\generaltel.dll

2014-10-15 05:03 . 2014-07-17 02:07 235520 ----a-w- c:\windows\system32\winsta.dll

2014-10-05 14:19 . 2014-10-05 14:19 -------- d-----w- c:\users\Geordie\AppData\Local\Robot Entertainment

2014-10-01 12:02 . 2014-09-17 14:06 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{548593B9-9605-4B17-8FA4-DE39BEFDBC05}\gapaengine.dll

2014-10-01 01:14 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll

2014-10-01 01:14 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-10-26 21:33 . 2012-09-10 17:14 103265616 ----a-w- c:\windows\system32\MRT.exe

2014-10-04 19:18 . 2014-09-14 12:03 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2014-10-04 16:13 . 2014-09-14 11:55 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2014-09-24 10:14 . 2012-09-11 13:56 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-09-24 10:14 . 2012-09-11 13:56 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-09-22 06:42 . 2012-09-10 16:27 278152 ------w- c:\windows\system32\MpSigStub.exe

2014-09-17 14:06 . 2012-10-17 21:17 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2014-09-09 22:11 . 2014-09-24 10:50 2048 ----a-w- c:\windows\system32\tzres.dll

2014-09-09 21:47 . 2014-09-24 10:50 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2014-08-23 02:07 . 2014-08-28 00:57 404480 ----a-w- c:\windows\system32\gdi32.dll

2014-08-23 01:45 . 2014-08-28 00:57 311808 ----a-w- c:\windows\SysWow64\gdi32.dll

2014-08-15 10:23 . 2013-03-26 10:45 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2014-08-15 10:23 . 2013-03-26 10:45 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2014-08-15 10:23 . 2013-03-26 10:45 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2014-08-15 10:23 . 2013-03-26 10:45 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2014-08-01 11:53 . 2014-09-10 00:57 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll

2014-08-01 11:35 . 2014-09-10 00:57 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\Geordie\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\Geordie\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]

@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\Geordie\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]

@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\Geordie\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\Geordie\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]

@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\Geordie\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\Geordie\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]

@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\Geordie\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-10-21 1938624]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"pcreg"="c:\program files\pcmax\service.exe" [2014-05-29 79088]

"Amazon Music"="c:\users\Geordie\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-09-06 6281536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-03-21 312376]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"pcreg"="c:\program files\pcmax\service.exe" [2014-05-29 79088]

.

c:\users\Geordie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Geordie\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-12 36414624]

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]

Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2012-1-28 41051]

NpptoR.lnk - c:\program files (x86)\NppToR\NppToR.exe -startup [2012-9-29 866304]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 pcmaxservice;pcmaxservice Service;c:\program files\pcmax\pcmax.exe;c:\program files\pcmax\pcmax.exe [x]

R2 System guard;System guard; [x]

R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 MySQL55;MySQL55;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL55;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL55 [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 SzCCID;USB SmartCard Reader Driver;c:\windows\system32\DRIVERS\SzCCID.sys;c:\windows\SYSNATIVE\DRIVERS\SzCCID.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys;c:\windows\SYSNATIVE\DRIVERS\virtualnet.sys [x]

R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys;c:\windows\SYSNATIVE\DRIVERS\vfilter.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]

S2 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [x]

S2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]

S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [x]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe;c:\program files\ShrewSoft\VPN Client\iked.exe [x]

S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [x]

S2 NVWMI;NVIDIA WMI Provider;c:\windows\system32\nvwmi64.exe;c:\windows\SYSNATIVE\nvwmi64.exe [x]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]

S3 btwampfl;btwampfl;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]

S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]

S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - PROCEXP152

.

Contents of the 'Scheduled Tasks' folder

.

2014-10-29 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-11 10:14]

.

2014-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1596962602-1384948956-1992376746-1000Core1cf8c5fd31612a1.job

- c:\users\Geordie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-26 02:08]

.

2014-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1596962602-1384948956-1992376746-1000Core1cfea473d50965b.job

- c:\users\Geordie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-26 02:08]

.

2014-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1596962602-1384948956-1992376746-1000UA.job

- c:\users\Geordie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-26 02:08]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\Geordie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\Geordie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]

@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\Geordie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]

@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\Geordie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\Geordie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]

@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\Geordie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\Geordie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]

@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\Geordie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-04 1128448]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"pcreg"="c:\program files\pcmax\service.exe" [2014-05-29 79088]

"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-09-05 2722080]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.bing.com/search?pc=COSP&ptag=AA07624EB759D4009A9F&form=CONMHP&conlogo=CT3210127

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{19DFD73B-C2E0-4BEE-BB84-639274D33A93}: NameServer = 192.168.0.12,192.168.0.15

TCP: Interfaces\{33E9AC6F-2473-427C-A9EF-8ED6F08E5EDC}: NameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-ShieldSoft - c:\users\Geordie\AppData\Roaming\ShieldSoft\UI\bin\shieldui.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL55]

"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL55"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1596962602-1384948956-1992376746-1000\Software\SecuROM\License information*]

"datasecu"=hex:49,74,97,10,7e,8f,36,1c,a6,02,53,6d,f1,d2,b3,2e,57,af,66,e2,88,

   19,e6,e8,f8,bb,78,2a,ec,07,f3,a2,ee,45,ad,5a,94,dc,99,08,45,f4,e1,92,a8,10,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.15"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-10-29  07:10:37

ComboFix-quarantined-files.txt  2014-10-29 11:10

.

Pre-Run: 444,370,997,248 bytes free

Post-Run: 480,808,259,584 bytes free

.

- - End Of File - - D8E663214A0AD6A194281646D3B82DB8

 

*******************

* FRST.txt (FRST) *

*******************

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-10-2014 01

Ran by Geordie (administrator) on EXEC-2 on 29-10-2014 14:41:51

Running from C:\Users\Geordie\Desktop

Loaded Profile: Geordie (Available profiles: Geordie)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe

(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe

(Apache Software Foundation) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe

(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

() C:\Users\Geordie\AppData\Local\Amazon Music\Amazon Music Helper.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe

() C:\Program Files\ShrewSoft\VPN Client\iked.exe

() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe

() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

() C:\Program Files\pcmax\pcmax.exe

(Apache Software Foundation) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Apache Software Foundation) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

() C:\Program Files (x86)\NppToR\NppToR.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

(Dropbox, Inc.) C:\Users\Geordie\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-04] (IDT, Inc.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)

HKLM\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)

HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2722080 2013-09-05] ()

HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [312376 2011-03-21] (Hewlett-Packard Company)

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)

HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()

HKLM\...\Policies\Explorer: [HideSCAHealth] 1

HKU\S-1-5-21-1596962602-1384948956-1992376746-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1938624 2014-10-21] (Valve Corporation)

HKU\S-1-5-21-1596962602-1384948956-1992376746-1000\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()

HKU\S-1-5-21-1596962602-1384948956-1992376746-1000\...\Run: [Amazon Music] => C:\Users\Geordie\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-05] ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk

ShortcutTarget: Monitor Apache Servers.lnk -> C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe (Apache Software Foundation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NpptoR.lnk

ShortcutTarget: NpptoR.lnk -> C:\Program Files (x86)\NppToR\NppToR.exe ()

Startup: C:\Users\Geordie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Geordie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Geordie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/search?pc=COSP&ptag=AA07624EB759D4009A9F&form=CONMHP&conlogo=CT3210127

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7F1DD6632290CD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{19DFD73B-C2E0-4BEE-BB84-639274D33A93}: [NameServer] 192.168.0.12,192.168.0.15

Tcpip\..\Interfaces\{33E9AC6F-2473-427C-A9EF-8ED6F08E5EDC}: [NameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Geordie\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Geordie\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Profile: C:\Users\Geordie\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Geordie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]

CHR Extension: (YouTube) - C:\Users\Geordie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-25]

CHR Extension: (Google Search) - C:\Users\Geordie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-25]

CHR Extension: (Google Wallet) - C:\Users\Geordie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]

CHR Extension: (Gmail) - C:\Users\Geordie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-25]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Apache2.2; C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [20549 2012-01-28] (Apache Software Foundation) [File not signed]

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)

R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [293944 2011-03-21] (Hewlett-Packard Company)

R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] ()

R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] ()

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

S3 MySQL55; C:\ProgramData\MySQL\MySQL Server 5.5\my.ini [9511 2012-09-29] () [File not signed]

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 NVWMI; C:\Windows\system32\nvwmi64.exe [1290016 2013-09-05] (NVIDIA Corporation)

R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]

R2 pcmaxservice; C:\Program Files\pcmax\pcmax.exe [241344 2014-05-29] ()

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-05] (Microsoft Corporation)

S2 System guard; No ImagePath

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)

S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]

R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26712 2011-02-09] (JMicron Technology Corp.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()

S3 SzCCID; C:\Windows\System32\DRIVERS\SzCCID.sys [40448 2011-01-13] (Generic)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-29 14:41 - 2014-10-29 14:42 - 00016464 _____ () C:\Users\Geordie\Desktop\FRST.txt

2014-10-29 14:41 - 2014-10-29 14:41 - 00000000 ____D () C:\Users\Geordie\Desktop\FRST-OlderVersion

2014-10-29 14:19 - 2014-10-29 14:19 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Geordie\Desktop\tdsskiller.exe

2014-10-29 14:18 - 2014-10-29 14:18 - 00027818 _____ () C:\Users\Geordie\Desktop\results.txt

2014-10-29 14:16 - 2014-10-29 14:23 - 00000201 _____ () C:\Users\Geordie\Desktop\Help with multiple dll.host.exe (COM Surrogate) malware - Malware Removal Help - Malwarebytes Forum.url

2014-10-29 07:10 - 2014-10-29 07:10 - 00027741 _____ () C:\ComboFix.txt

2014-10-29 06:04 - 2014-10-29 07:10 - 00000000 ____D () C:\Qoobox

2014-10-29 06:04 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-10-29 06:04 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-10-29 06:04 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-10-29 06:04 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-10-29 06:04 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-10-29 06:04 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe

2014-10-29 06:04 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe

2014-10-29 06:04 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe

2014-10-29 06:03 - 2014-10-29 07:09 - 00000000 ____D () C:\Windows\erdnt

2014-10-29 06:00 - 2014-10-29 06:01 - 05591672 ____R (Swearware) C:\Users\Geordie\Desktop\ComboFix.exe

2014-10-29 05:04 - 2014-10-29 05:04 - 00015014 _____ () C:\Windows\DPINST.LOG

2014-10-29 05:04 - 2014-10-29 05:04 - 00000005 _____ () C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp

2014-10-28 18:16 - 2014-10-28 18:28 - 01159168 _____ () C:\Users\Geordie\Desktop\south.indd

2014-10-28 07:11 - 2014-10-29 14:41 - 00000000 ____D () C:\FRST

2014-10-28 07:11 - 2014-10-28 07:12 - 00054033 _____ () C:\Users\Geordie\Downloads\Addition.txt

2014-10-28 07:11 - 2014-10-28 07:12 - 00039423 _____ () C:\Users\Geordie\Downloads\FRST.txt

2014-10-28 07:10 - 2014-10-29 14:41 - 02113536 _____ (Farbar) C:\Users\Geordie\Desktop\FRST64.exe

2014-10-27 06:57 - 2014-10-27 06:57 - 00000000 ____D () C:\Users\Geordie\Desktop\ProcessExplorer

2014-10-27 06:56 - 2014-10-27 06:56 - 01188194 _____ () C:\Users\Geordie\Downloads\ProcessExplorer.zip

2014-10-27 06:47 - 2014-10-28 18:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-27 06:46 - 2014-10-27 06:46 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-10-27 06:46 - 2014-10-27 06:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-27 06:46 - 2014-10-27 06:46 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-10-27 06:46 - 2014-10-27 06:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-27 06:46 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-10-27 06:46 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-10-27 06:46 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-10-27 06:45 - 2014-10-27 06:45 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Geordie\Downloads\mbam-setup-2.0.3.1025.exe

2014-10-27 06:45 - 2014-10-27 06:45 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Geordie\Downloads\mbam-setup-2.0.3.1025 (1).exe

2014-10-25 17:07 - 2014-10-25 17:07 - 01044480 _____ () C:\Users\Geordie\Desktop\midatlantic.indd

2014-10-19 11:02 - 2014-10-19 11:02 - 00001280 _____ () C:\Users\Public\Desktop\More Great Games.lnk

2014-10-19 11:02 - 2014-10-19 11:02 - 00000000 ____D () C:\ProgramData\PuzzlesByJoe

2014-10-18 08:24 - 2014-10-18 08:24 - 00002121 _____ () C:\Users\Public\Desktop\Play Clutter IV - Minigame Madness Tour.lnk

2014-10-18 08:24 - 2014-10-18 08:24 - 00000000 ____D () C:\Users\Geordie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Clutter IV - Minigame Madness Tour

2014-10-18 08:24 - 2014-10-18 08:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clutter IV - Minigame Madness Tour

2014-10-18 08:24 - 2014-10-18 08:24 - 00000000 ____D () C:\Program Files (x86)\Clutter IV - Minigame Madness Tour

2014-10-17 16:16 - 2014-10-17 16:16 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1596962602-1384948956-1992376746-1000Core1cfea473d50965b.job

2014-10-15 01:05 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-10-15 01:05 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2014-10-15 01:05 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2014-10-15 01:05 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2014-10-15 01:05 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2014-10-15 01:05 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2014-10-15 01:05 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

2014-10-15 01:05 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

2014-10-15 01:05 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

2014-10-15 01:05 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

2014-10-15 01:05 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

2014-10-15 01:05 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls

2014-10-15 01:05 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

2014-10-15 01:05 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-10-15 01:05 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll

2014-10-15 01:05 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll

2014-10-15 01:05 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-10-15 01:05 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll

2014-10-15 01:05 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-10-15 01:04 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-10-15 01:04 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-10-15 01:04 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-10-15 01:04 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-10-15 01:04 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-10-15 01:04 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-10-15 01:04 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-10-15 01:04 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-10-15 01:04 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-10-15 01:04 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-10-15 01:04 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-10-15 01:04 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-10-15 01:04 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-10-15 01:04 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-10-15 01:04 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-10-15 01:04 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-10-15 01:04 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-10-15 01:04 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-10-15 01:04 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-10-15 01:04 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-10-15 01:04 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-10-15 01:04 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-10-15 01:04 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-10-15 01:04 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-10-15 01:04 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-10-15 01:04 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-10-15 01:04 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-10-15 01:04 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-10-15 01:04 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-10-15 01:04 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-10-15 01:04 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-10-15 01:04 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-10-15 01:04 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-10-15 01:04 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-10-15 01:04 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-10-15 01:04 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-10-15 01:04 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-10-15 01:04 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-10-15 01:04 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-10-15 01:04 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-10-15 01:04 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-10-15 01:04 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-10-15 01:04 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-10-15 01:04 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-10-15 01:04 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-10-15 01:04 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-10-15 01:04 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-10-15 01:04 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-10-15 01:04 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-10-15 01:04 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-10-15 01:04 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-10-15 01:04 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-10-15 01:04 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-10-15 01:04 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-10-15 01:04 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-10-15 01:04 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-10-15 01:04 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-10-15 01:04 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-10-15 01:04 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-10-15 01:04 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-10-15 01:04 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-10-15 01:04 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2014-10-15 01:04 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll

2014-10-15 01:04 - 2014-08-28 22:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-10-15 01:03 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-10-15 01:03 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

2014-10-15 01:03 - 2014-09-04 22:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-10-15 01:03 - 2014-09-04 21:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-10-15 01:03 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-10-15 01:03 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-10-15 01:03 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2014-10-15 01:03 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2014-10-15 01:03 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-10-15 01:03 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-10-15 01:03 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll

2014-10-15 01:03 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-10-15 01:03 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-10-15 01:03 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2014-10-15 01:03 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2014-10-10 20:25 - 2014-10-10 20:25 - 00000000 ____D () C:\Users\Geordie\Documents\EA Games

2014-10-05 10:19 - 2014-10-05 10:19 - 00000000 ____D () C:\Users\Geordie\AppData\Local\Robot Entertainment

2014-09-30 21:14 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2014-09-30 21:14 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-29 14:29 - 2009-07-14 00:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-29 14:29 - 2009-07-14 00:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-29 14:25 - 2012-09-10 14:15 - 01523176 _____ () C:\Windows\WindowsUpdate.log

2014-10-29 14:23 - 2013-01-13 19:28 - 00000000 ___RD () C:\Users\Geordie\Dropbox

2014-10-29 14:23 - 2013-01-13 19:26 - 00000000 ____D () C:\Users\Geordie\AppData\Roaming\Dropbox

2014-10-29 14:23 - 2012-09-12 05:47 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-10-29 14:22 - 2014-06-08 01:00 - 00004395 _____ () C:\Windows\setupact.log

2014-10-29 14:22 - 2012-09-10 12:06 - 00112088 _____ () C:\Users\Geordie\AppData\Local\GDIPFONTCACHEV1.DAT

2014-10-29 14:22 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-29 14:22 - 2009-07-14 00:45 - 04978720 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-10-29 14:21 - 2014-06-19 05:35 - 00024528 _____ () C:\Windows\PFRO.log

2014-10-29 14:21 - 2012-09-10 12:06 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-10-29 14:15 - 2012-09-25 22:08 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1596962602-1384948956-1992376746-1000UA.job

2014-10-29 14:14 - 2012-10-17 17:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-10-29 07:10 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default

2014-10-29 07:08 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini

2014-10-29 05:06 - 2013-12-15 10:28 - 00000000 ____D () C:\Program Files (x86)\HTC

2014-10-29 05:05 - 2013-12-15 10:30 - 00000000 ____D () C:\Users\Geordie\AppData\Roaming\HTC

2014-10-29 05:05 - 2013-12-15 10:29 - 00000000 ____D () C:\ProgramData\HTC

2014-10-29 05:04 - 2013-12-15 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC

2014-10-29 04:59 - 2012-10-02 19:01 - 00000000 ____D () C:\ProgramData\TEMP

2014-10-29 04:59 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-10-29 04:49 - 2012-09-12 05:25 - 00000000 ____D () C:\Users\Geordie\Documents\Outlook Files

2014-10-28 20:10 - 2014-09-01 18:24 - 00000000 ____D () C:\Program Files (x86)\Doras Carnival 2 - At the Boardwalk

2014-10-28 05:46 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\Offline Web Pages

2014-10-27 21:56 - 2009-07-14 01:13 - 00787446 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-10-27 21:38 - 2012-09-10 15:09 - 00000000 ____D () C:\Windows\Panther

2014-10-27 21:37 - 2014-06-08 19:45 - 00000000 ____D () C:\temp

2014-10-26 19:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache

2014-10-26 18:25 - 2014-06-18 06:43 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-10-26 18:09 - 2012-09-11 09:07 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-10-26 17:33 - 2013-10-14 20:51 - 00000000 ____D () C:\Windows\system32\MRT

2014-10-26 17:33 - 2012-09-10 13:14 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-10-25 16:53 - 2014-06-20 02:00 - 00000000 ____D () C:\Users\Geordie\AppData\Local\Adobe

2014-10-25 16:23 - 2014-09-05 16:06 - 00001870 _____ () C:\Users\Geordie\Desktop\UniFi.lnk

2014-10-25 16:23 - 2014-03-05 11:04 - 00001882 _____ () C:\Users\Public\Desktop\VPN Access Manager.lnk

2014-10-22 19:16 - 2012-10-06 05:46 - 00000000 ____D () C:\Users\Geordie\Documents\My Games

2014-10-19 11:02 - 2013-03-10 15:07 - 00000000 ____D () C:\Users\Geordie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2014-10-19 11:01 - 2013-07-09 20:34 - 00000000 ____D () C:\BigFishCache

2014-10-17 16:16 - 2014-06-20 04:15 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1596962602-1384948956-1992376746-1000Core1cf8c5fd31612a1.job

2014-10-11 21:28 - 2014-07-04 09:22 - 00324153 _____ () C:\Windows\DirectX.log

2014-10-10 20:53 - 2013-07-17 18:45 - 00000000 ____D () C:\Users\Geordie\Documents\SavedGames

2014-10-04 15:18 - 2014-09-14 08:03 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr

2014-10-04 12:13 - 2014-09-14 07:55 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0

2014-09-29 05:55 - 2014-09-28 08:18 - 00000000 ____D () C:\Users\Geordie\AppData\Roaming\ShieldSoft

 

Files to move or delete:

====================

C:\ProgramData\Shrew Soft VPN.dat

 

 

Some content of TEMP:

====================

C:\Users\Geordie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9fdzu4.dll

C:\Users\Geordie\AppData\Local\Temp\{780DF91B-1625-4B2D-A071-EC41C074EFAD}.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-10-26 19:12

 

==================== End Of Log ============================

 

TDSSKiller.3.0.0.41_29.10.2014_14.22.52_log.txt

TDSSKiller.3.0.0.41_29.10.2014_14.19.55_log.txt

[Geordie]

 

***********************

* Addition.txt (FRST) *

***********************

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2014 01

Ran by Geordie at 2014-10-29 14:42:39

Running from C:\Users\Geordie\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

1000 Amps (HKLM-x32\...\Steam App 205690) (Version:  - Brandon Brizzi)

7 Grand Steps 0.9.9.04 (HKLM-x32\...\7 Grand Steps_is1) (Version:  - )

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)

Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)

Adobe Creative Suite 5 Design Premium (HKLM-x32\...\{A1BC7068-C1BA-410F-8B9A-DB807C803DE2}) (Version: 5.0 - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)

Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)

Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version:  - Ensemble Studios)

Airline Tycoon 2 (HKLM-x32\...\Steam App 201490) (Version:  - b-Alive)

Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.16.0 - Alcor Micro Corp.)

Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.16.0 - Alcor Micro Corp.) Hidden

Amazing Pyramids (HKLM-x32\...\BFG-Amazing Pyramids) (Version:  - )

Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)

Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)

Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.0.0 - Amazon Services LLC)

Amazon Music Importer (x32 Version: 3.0.0 - Amazon Services LLC) Hidden

Anodyne (HKLM-x32\...\Steam App 234900) (Version:  - Sean Hogan and Jonathan Kittaka)

Apache HTTP Server 2.2.22 (HKLM-x32\...\{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}) (Version: 2.2.22 - Apache Software Foundation)

Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)

BattleShip (HKLM-x32\...\BattleShip) (Version:  - )

Betrayer Demo (HKLM-x32\...\Steam App 300650) (Version:  - Blackpowder Games)

Beyond Divinity (HKLM-x32\...\Steam App 219760) (Version:  - Larian Studios)

Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )

Bookworm Adventures Deluxe (HKLM-x32\...\Steam App 3470) (Version:  - PopCap)

Bridge Constructor (HKLM-x32\...\Steam App 250460) (Version:  - )

Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)

Brorsoft Video Converter Ver 1.4.0.5345 (HKLM-x32\...\{3231B80A-455C-497a-8425-3E44C006D76C}_is1) (Version:  - )

Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden

Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden

Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden

Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden

Check vs. Mate (HKLM-x32\...\Steam App 211070) (Version:  - Targem Games)

Clutter IV: Minigame Madness Tour (HKLM-x32\...\BFG-Clutter IV - Minigame Madness Tour) (Version:  - )

Crazy Machines 2 (HKLM-x32\...\Steam App 18400) (Version:  - Fakt Software)

Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version:  - Paradox Development Studio)

CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)

Dark Manor: A Hidden Object Mystery (HKLM-x32\...\BFG-Dark Manor - A Hidden Object Mystery) (Version:  - )

Deadfall Adventures (HKLM-x32\...\Steam App 231330) (Version:  - The Farm 51)

Desperados - Wanted Dead or Alive (HKLM-x32\...\Steam App 260730) (Version:  - Spellbound)

Doras Carnival 2: At the Boardwalk (HKLM-x32\...\BFG-Doras Carnival 2 - At the Boardwalk) (Version:  - )

Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)

DUNGEONS - Steam Special Edition (HKLM-x32\...\Steam App 57650) (Version:  - Realmforge Studios)

Eador. Masters of the Broken World (HKLM-x32\...\Steam App 232050) (Version:  - Snowbird Games)

Eets (HKLM-x32\...\Steam App 6100) (Version:  - Klei Entertainment)

Elven Legacy (HKLM-x32\...\Steam App 25850) (Version:  - 1C:InoCo)

Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)

Fallout 3 (HKLM-x32\...\Steam App 22300) (Version:  - Bethesda Softworks)

FEZ (HKLM-x32\...\Steam App 224760) (Version:  - Polytron Corporation)

ffdshow v1.1.3800 [2011-03-28] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3800.0 - )

FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)

Gemini Rue (HKLM-x32\...\Steam App 80310) (Version:  - Joshua Neurnberger)

Giana Sisters: Twisted Dreams (HKLM-x32\...\Steam App 223220) (Version:  - Black Forest Games)

Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)

Grotesque Tactics: Evil Heroes (HKLM-x32\...\Steam App 46450) (Version:  - Headup Games)

Hero Academy (HKLM-x32\...\Steam App 209270) (Version:  - Robot Entertainment)

HP 3D DriveGuard (HKLM\...\{50928788-ED14-4B45-97FF-EC3C4EC7BBC1}) (Version: 4.1.7.1 - Hewlett-Packard Company)

HP HotKey Support (HKLM\...\{E6F19F75-2802-4E60-B04B-B7151BBEE53F}) (Version: 4.0.14.1 - Hewlett-Packard Company)

HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)

ibb & obb (HKLM-x32\...\Steam App 95400) (Version:  - Sparpweed)

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6328.0 - IDT)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)

IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)

iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)

Jack Keane 2 - The Fire Within (HKLM-x32\...\Steam App 236970) (Version:  - Deck 13)

Jack Lumber (HKLM-x32\...\Steam App 220900) (Version:  - Owlchemy Labs)

Japanese Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)

Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)

JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.21.00 - JMicron Technology Corp.)

JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.58.0 - JMicron Technology Corp.)

Jo's Dream Organic Coffee 2 (HKLM-x32\...\BFG-Jo's Dream Organic Coffee 2) (Version:  - )

Kairo (HKLM-x32\...\Steam App 233230) (Version:  - Richard Perrin)

Kingdom Rush (HKLM-x32\...\Steam App 246420) (Version:  - Ironhide Game Studio)

Lexica (HKLM-x32\...\Steam App 306680) (Version:  - d3t)

Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Mechanic Escape (HKLM-x32\...\Steam App 268240) (Version:  - Slak Games)

Medieval Defenders (HKLM-x32\...\BFG-Medieval Defenders) (Version:  - )

Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)

Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)

Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)

Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)

Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)

Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)

Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)

Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)

Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual Studio Express 2013 for Windows Desktop - ENU (HKLM-x32\...\{bec3d87e-1d6d-4b15-8383-29068c86b888}) (Version: 12.0.21005.13 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

Mount & Blade (HKLM-x32\...\Steam App 22100) (Version:  - Paradox Interactive)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)

My Game Long Name (HKLM\...\UDK-3f315ef8-3ecb-4b68-bcc5-5f440547dce6) (Version:  - Epic Games, Inc.)

MySQL Connector C 6.0.2 (HKLM\...\{5B6A2A7C-658E-4661-A254-3C36F5B63943}) (Version: 6.0.2 - Sun Microsystems)

MySQL Connector C++ 1.1.0 (HKLM\...\{3C481CDB-34E8-4CEF-B487-4C9C60530CFC}) (Version: 1.1.0 - Oracle and/or its affiliates)

MySQL Connector J (HKLM-x32\...\{0505C47B-6CBC-4DF5-9628-769566240F88}) (Version: 5.1.20.0 - Oracle Corporation)

MySQL Connector Net 6.5.4 (HKLM-x32\...\{92E19B5A-1985-49BF-9022-9CF4AD652C72}) (Version: 6.5.4 - Oracle)

MySQL Connector/ODBC 5.1 (HKLM\...\{BB2211D1-A5B5-4AEF-B0E6-DD7874ABF8EE}) (Version: 5.1.11 - Oracle Corporation)

MySQL Documents 5.5 (HKLM-x32\...\{0293D4CF-0EDF-41E1-805C-C298460000AE}) (Version: 5.5.28 - Oracle Corporation)

MySQL Examples and Samples 5.5 (HKLM-x32\...\{962A23F0-3466-492F-AC73-CCB86A1767ED}) (Version: 5.5.28 - Oracle Corporation)

MySQL For Excel 1.0.7 (HKLM-x32\...\{675B4BA3-C365-4428-9D75-A4D13ACD94E8}) (Version: 1.0.7 - Oracle)

MySQL Installer (HKLM-x32\...\{4AF4E59D-9D6A-4091-AFF2-342F6B3984FE}) (Version: 1.1.4.0 - Oracle Corporation)

MySQL Notifier 1.0.3 (HKLM-x32\...\{5681C7AB-E29D-4EE9-B0F0-809A28ECECFC}) (Version: 1.0.3 - Oracle)

MySQL Server 5.5 (HKLM\...\{5CA882E6-4BF0-4E55-B290-6C4EAD6E586E}) (Version: 5.5.28 - Oracle Corporation)

MySQL Workbench 5.2 CE (HKLM-x32\...\{C9276FF9-14E7-4889-9D10-E4329E154B21}) (Version: 5.2.43 - Oracle Corporation)

Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.2 - Notepad++ Team)

NVIDIA 3D Vision Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)

NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)

NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation)

NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)

NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)

NVIDIA WMI 2.14.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.14.0 - NVIDIA Corporation)

OpenAL (HKLM-x32\...\OpenAL) (Version:  - )

Overlord (HKLM-x32\...\Steam App 11450) (Version:  - CodeMasters)

Patrician IV: Steam Special Edition (HKLM-x32\...\Steam App 57620) (Version:  - Gaming Minds Studios)

PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden

Peggle Deluxe (HKLM-x32\...\Steam App 3480) (Version:  - PopCap)

Peggle Extreme (HKLM-x32\...\Steam App 3483) (Version:  - PopCap Games, Inc.)

Peggle Nights (HKLM-x32\...\Steam App 3540) (Version:  - PopCap Games, Inc.)

Pinball FX2 (HKLM-x32\...\Steam App 226980) (Version:  - Zen Studios)

Poker Night at the Inventory (HKLM-x32\...\Steam App 31280) (Version:  - Telltale Games)

Pole Position 2012 (HKLM-x32\...\Steam App 210150) (Version:  - Destrax Games)

Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)

Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)

Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)

R for Windows 2.15.1 (HKLM\...\R for Windows 2.15.1_is1) (Version: 2.15.1 - R Core Team)

ReignMaker (HKLM-x32\...\Steam App 286200) (Version:  - Frogdice, Inc)

Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)

Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden

Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)

Sang-Froid - Tales of Werewolves (HKLM-x32\...\Steam App 227220) (Version:  - Artifice Studio)

Scrabble (HKLM-x32\...\BFG-Scrabble) (Version:  - )

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version:  - )

Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)

Solar 2 (HKLM-x32\...\Steam App 97000) (Version:  - Murudai)

Spirits (HKLM-x32\...\Steam App 210170) (Version:  - Spaces of Play)

SpongeBob SquarePants Typing (HKLM-x32\...\BFG-SpongeBob SquarePants Typing) (Version:  - )

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)

SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)

Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden

Teslagrad (HKLM-x32\...\Steam App 249590) (Version:  - Rain Games)

The Banner Saga (HKLM-x32\...\Steam App 237990) (Version:  - Stoic)

The Bard's Tale (HKLM-x32\...\Steam App 41900) (Version:  - inXile Entertainment)

The Bridge (HKLM-x32\...\Steam App 204240) (Version:  - Ty Taylor and Mario Castañeda)

The Dark Eye: Chains of Satinav (HKLM-x32\...\Steam App 203830) (Version:  - Daedalic Entertainment)

The Darkness II (HKLM-x32\...\Steam App 67370) (Version:  - Digital Extremes)

The Raven - Legacy of a Master Thief (HKLM-x32\...\Steam App 233370) (Version:  - KING Art)

The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )

Trine 2 (HKLM-x32\...\Steam App 35720) (Version:  - Frozenbyte)

Tropico 4 (HKLM-x32\...\Steam App 57690) (Version:  - Haemimont Games)

Ubiquiti UniFi (remove only) (HKLM-x32\...\Ubiquiti UniFi) (Version:  - )

Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)

Uplay (HKLM-x32\...\Uplay) (Version: 4.2 - Ubisoft)

Validity Fingerprint Sensor Driver (HKLM\...\{61D3AB5C-02B5-47FC-906A-C49A0954C7C6}) (Version: 4.3.126.0 - Validity Sensors, Inc.)

VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)

War in a Box: Paper Tanks (HKLM-x32\...\BFG-War in a Box - Paper Tanks) (Version:  - )

Weird Worlds: Return to Infinite Space (HKLM-x32\...\Steam App 226120) (Version:  - )

Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-1596962602-1384948956-1992376746-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Geordie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1596962602-1384948956-1992376746-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Geordie\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1596962602-1384948956-1992376746-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Geordie\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-1596962602-1384948956-1992376746-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Geordie\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-1596962602-1384948956-1992376746-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Geordie\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1596962602-1384948956-1992376746-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Geordie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1596962602-1384948956-1992376746-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Geordie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1596962602-1384948956-1992376746-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Geordie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1596962602-1384948956-1992376746-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Geordie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1596962602-1384948956-1992376746-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Geordie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1596962602-1384948956-1992376746-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Geordie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1596962602-1384948956-1992376746-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Geordie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1596962602-1384948956-1992376746-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Geordie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1596962602-1384948956-1992376746-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Geordie\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

 

==================== Restore Points  =========================

 

29-10-2014 09:03:30 Removed HTC Driver Installer.

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 22:34 - 2014-10-29 07:08 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {1823BB83-E09C-4355-9125-06F6AA977845} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1596962602-1384948956-1992376746-1000UA => C:\Users\Geordie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-25] (Google Inc.)

Task: {5E9EE26D-5955-4D34-B60A-76527CB1D3E7} - System32\Tasks\AdobeAAMUpdater-1.0-Exec-2-Geordie => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)

Task: {673E6C84-1384-453B-AA50-F24D9D66F77C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)

Task: {6BBA634F-D1CF-4B16-93AE-9EF8B079CB06} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {B6032C76-EEFE-43DE-84E2-919935A60E97} - System32\Tasks\Amazon Music Helper => C:\Users\Geordie\AppData\Local\Amazon Music\Amazon Music Helper.exe [2014-09-05] ()

Task: {C4F6D03C-127C-4C38-A309-AF0DFFAD1D1E} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe [2014-05-29] () <==== ATTENTION

Task: {D0BA7226-7F48-42C1-BF42-90F0C395D28E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {E3A1F44D-6576-4348-8B4F-A4D2CBEDA4EE} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {F34EF01E-9C61-47B6-AE56-4F89AFB5F4B1} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {F75909E0-0170-47CE-A4F7-8530FACBE7FF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1596962602-1384948956-1992376746-1000Core1cf8c5fd31612a1.job => C:\Users\Geordie\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1596962602-1384948956-1992376746-1000Core1cfea473d50965b.job => C:\Users\Geordie\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1596962602-1384948956-1992376746-1000UA.job => C:\Users\Geordie\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-09-14 08:48 - 2013-08-29 18:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2012-11-02 06:53 - 2012-10-04 19:49 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll

2012-06-18 11:24 - 2012-06-18 11:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll

2014-06-30 18:24 - 2014-09-05 20:54 - 06281536 _____ () C:\Users\Geordie\AppData\Local\Amazon Music\Amazon Music Helper.exe

2013-07-01 04:21 - 2013-07-01 04:21 - 01127736 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe

2013-06-30 19:16 - 2013-06-30 19:16 - 00628224 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll

2013-06-30 19:15 - 2013-06-30 19:15 - 00022016 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll

2013-06-30 19:15 - 2013-06-30 19:15 - 00018432 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll

2013-06-30 19:16 - 2013-06-30 19:16 - 00039936 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll

2013-06-30 19:16 - 2013-06-30 19:16 - 00013312 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll

2013-06-30 19:16 - 2013-06-30 19:16 - 00116736 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll

2013-06-30 19:17 - 2013-06-30 19:17 - 00029184 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll

2013-06-30 19:17 - 2013-06-30 19:17 - 00017920 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll

2013-06-30 19:17 - 2013-06-30 19:17 - 00035840 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll

2013-07-01 04:21 - 2013-07-01 04:21 - 00810808 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe

2013-10-17 16:27 - 2013-10-17 16:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

2014-05-29 07:16 - 2014-05-29 07:16 - 00241344 _____ () C:\Program Files\pcmax\pcmax.exe

2012-09-29 08:38 - 2012-09-29 08:38 - 00866304 ____R () C:\Program Files (x86)\NppToR\NppToR.exe

2014-08-29 04:39 - 2014-08-21 14:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll

2014-08-29 04:39 - 2014-08-21 14:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll

2014-08-29 04:39 - 2014-08-21 14:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll

2013-03-12 17:10 - 2014-10-01 19:16 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2014-05-22 06:27 - 2014-10-21 15:22 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll

2014-08-29 04:39 - 2014-08-21 14:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll

2014-08-29 04:39 - 2014-08-21 14:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll

2012-09-12 05:47 - 2014-10-21 15:22 - 00682176 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2014-10-29 14:23 - 2014-10-29 14:23 - 00043008 _____ () c:\users\geordie\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9fdzu4.dll

2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Geordie\AppData\Roaming\Dropbox\bin\libcef.dll

2012-09-12 05:47 - 2014-09-04 19:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2012-09-10 11:53 - 2011-01-12 21:56 - 00058880 ____R () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:07C99568

AlternateDataStreams: C:\ProgramData\TEMP:0915A718

AlternateDataStreams: C:\ProgramData\TEMP:0ADCCF52

AlternateDataStreams: C:\ProgramData\TEMP:0AF6266B

AlternateDataStreams: C:\ProgramData\TEMP:0BCD47A5

AlternateDataStreams: C:\ProgramData\TEMP:10E0E83D

AlternateDataStreams: C:\ProgramData\TEMP:114BD271

AlternateDataStreams: C:\ProgramData\TEMP:14362DF8

AlternateDataStreams: C:\ProgramData\TEMP:1663E41B

AlternateDataStreams: C:\ProgramData\TEMP:18345E10

AlternateDataStreams: C:\ProgramData\TEMP:1DB77A89

AlternateDataStreams: C:\ProgramData\TEMP:2313511A

AlternateDataStreams: C:\ProgramData\TEMP:2487D1DA

AlternateDataStreams: C:\ProgramData\TEMP:275A38F6

AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F

AlternateDataStreams: C:\ProgramData\TEMP:2F7C40B6

AlternateDataStreams: C:\ProgramData\TEMP:32AA69ED

AlternateDataStreams: C:\ProgramData\TEMP:349E5B74

AlternateDataStreams: C:\ProgramData\TEMP:395F6776

AlternateDataStreams: C:\ProgramData\TEMP:3ADE134E

AlternateDataStreams: C:\ProgramData\TEMP:45A64DE6

AlternateDataStreams: C:\ProgramData\TEMP:49B217F7

AlternateDataStreams: C:\ProgramData\TEMP:4B325725

AlternateDataStreams: C:\ProgramData\TEMP:4BDE2F32

AlternateDataStreams: C:\ProgramData\TEMP:4BEE39B0

AlternateDataStreams: C:\ProgramData\TEMP:4C3504B5

AlternateDataStreams: C:\ProgramData\TEMP:4D28BE4D

AlternateDataStreams: C:\ProgramData\TEMP:4E79C4F8

AlternateDataStreams: C:\ProgramData\TEMP:5080697C

AlternateDataStreams: C:\ProgramData\TEMP:54531C7D

AlternateDataStreams: C:\ProgramData\TEMP:554B3BF6

AlternateDataStreams: C:\ProgramData\TEMP:57173DB4

AlternateDataStreams: C:\ProgramData\TEMP:583FE1DA

AlternateDataStreams: C:\ProgramData\TEMP:5CFE25D5

AlternateDataStreams: C:\ProgramData\TEMP:5D10C56A

AlternateDataStreams: C:\ProgramData\TEMP:5DB4FD98

AlternateDataStreams: C:\ProgramData\TEMP:61C53F55

AlternateDataStreams: C:\ProgramData\TEMP:61C6B926

AlternateDataStreams: C:\ProgramData\TEMP:6641B59F

AlternateDataStreams: C:\ProgramData\TEMP:67842DB7

AlternateDataStreams: C:\ProgramData\TEMP:6A6D4AF4

AlternateDataStreams: C:\ProgramData\TEMP:6A9EDD31

AlternateDataStreams: C:\ProgramData\TEMP:6AF6BB0E

AlternateDataStreams: C:\ProgramData\TEMP:6E6A4F42

AlternateDataStreams: C:\ProgramData\TEMP:6E90EDD7

AlternateDataStreams: C:\ProgramData\TEMP:757A3049

AlternateDataStreams: C:\ProgramData\TEMP:76682252

AlternateDataStreams: C:\ProgramData\TEMP:79C6A9CE

AlternateDataStreams: C:\ProgramData\TEMP:7A632F57

AlternateDataStreams: C:\ProgramData\TEMP:7B8AF9AA

AlternateDataStreams: C:\ProgramData\TEMP:7FA0D639

AlternateDataStreams: C:\ProgramData\TEMP:80A7A4A5

AlternateDataStreams: C:\ProgramData\TEMP:86A7B7DD

AlternateDataStreams: C:\ProgramData\TEMP:8967C154

AlternateDataStreams: C:\ProgramData\TEMP:8B69E3C3

AlternateDataStreams: C:\ProgramData\TEMP:8FC568E1

AlternateDataStreams: C:\ProgramData\TEMP:92CA7E75

AlternateDataStreams: C:\ProgramData\TEMP:993185CB

AlternateDataStreams: C:\ProgramData\TEMP:9D91E651

AlternateDataStreams: C:\ProgramData\TEMP:A6A65B80

AlternateDataStreams: C:\ProgramData\TEMP:ACCEFF0E

AlternateDataStreams: C:\ProgramData\TEMP:ACCFA538

AlternateDataStreams: C:\ProgramData\TEMP:B790962B

AlternateDataStreams: C:\ProgramData\TEMP:BB718C46

AlternateDataStreams: C:\ProgramData\TEMP:BDDA21B6

AlternateDataStreams: C:\ProgramData\TEMP:BEAA72E0

AlternateDataStreams: C:\ProgramData\TEMP:C3899C0B

AlternateDataStreams: C:\ProgramData\TEMP:C45094A1

AlternateDataStreams: C:\ProgramData\TEMP:C695B256

AlternateDataStreams: C:\ProgramData\TEMP:C8E3A625

AlternateDataStreams: C:\ProgramData\TEMP:C900B47A

AlternateDataStreams: C:\ProgramData\TEMP:C9BC8592

AlternateDataStreams: C:\ProgramData\TEMP:CA400C1B

AlternateDataStreams: C:\ProgramData\TEMP:CAB0171A

AlternateDataStreams: C:\ProgramData\TEMP:CC7382F6

AlternateDataStreams: C:\ProgramData\TEMP:CE506F23

AlternateDataStreams: C:\ProgramData\TEMP:CE707633

AlternateDataStreams: C:\ProgramData\TEMP:CF391C0F

AlternateDataStreams: C:\ProgramData\TEMP:D254266B

AlternateDataStreams: C:\ProgramData\TEMP:D61EB62D

AlternateDataStreams: C:\ProgramData\TEMP:DAB09BDB

AlternateDataStreams: C:\ProgramData\TEMP:DE2B4CCA

AlternateDataStreams: C:\ProgramData\TEMP:DE3ABE3D

AlternateDataStreams: C:\ProgramData\TEMP:DF7A2D3E

AlternateDataStreams: C:\ProgramData\TEMP:E2295807

AlternateDataStreams: C:\ProgramData\TEMP:E4FD113F

AlternateDataStreams: C:\ProgramData\TEMP:E94FA418

AlternateDataStreams: C:\ProgramData\TEMP:EB5BDBB0

AlternateDataStreams: C:\ProgramData\TEMP:ED6B6C83

AlternateDataStreams: C:\ProgramData\TEMP:EE69D7DF

AlternateDataStreams: C:\ProgramData\TEMP:F18C0087

AlternateDataStreams: C:\ProgramData\TEMP:F4362715

AlternateDataStreams: C:\ProgramData\TEMP:F52DB269

AlternateDataStreams: C:\ProgramData\TEMP:F53B274A

AlternateDataStreams: C:\ProgramData\TEMP:F6910DB1

AlternateDataStreams: C:\ProgramData\TEMP:F6CDA594

AlternateDataStreams: C:\ProgramData\TEMP:FBA79096

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\17659182.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\17659182.sys => ""="Driver"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-1596962602-1384948956-1992376746-500 - Administrator - Disabled)

Geordie (S-1-5-21-1596962602-1384948956-1992376746-1000 - Administrator - Enabled) => C:\Users\Geordie

Guest (S-1-5-21-1596962602-1384948956-1992376746-501 - Administrator - Disabled)

HomeGroupUser$ (S-1-5-21-1596962602-1384948956-1992376746-1002 - Administrator - Enabled)

 

==================== Faulty Device Manager Devices =============

 

Name: Shrew Soft Virtual Adapter

Description: Shrew Soft Virtual Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Shrew Soft

Service: vnet

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (10/29/2014 04:46:46 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program OUTLOOK.EXE version 14.0.7113.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 9eb0

 

Start Time: 01cff2fe04d32cf9

 

Termination Time: 15

 

Application Path: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

 

Report Id: 146faf6c-5f48-11e4-919d-402cf4da5dc0

 

Error: (10/29/2014 02:54:04 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7

Faulting module name: jscript9.dll, version: 11.0.9600.17344, time stamp: 0x541b85e6

Exception code: 0xc0000005

Fault offset: 0x00127417

Faulting process id: 0xa0c4

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

 

Error: (10/29/2014 00:08:44 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7

Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22

Exception code: 0xc00000fd

Fault offset: 0x00094765

Faulting process id: 0xa390

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

 

Error: (10/28/2014 11:52:52 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7

Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22

Exception code: 0xc00000fd

Fault offset: 0x00094fbf

Faulting process id: 0x6b44

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

 

Error: (10/28/2014 11:44:08 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7

Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22

Exception code: 0xc00000fd

Fault offset: 0x003fbc2a

Faulting process id: 0x7fcc

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

 

Error: (10/28/2014 11:43:24 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7

Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22

Exception code: 0xc00000fd

Fault offset: 0x00094fc3

Faulting process id: 0x8c68

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

 

Error: (10/28/2014 10:26:59 PM) (Source: SideBySide) (EventID: 63) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.

 

Error: (10/28/2014 07:01:52 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7

Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22

Exception code: 0xc00000fd

Fault offset: 0x00094765

Faulting process id: 0xaddc

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

 

Error: (10/28/2014 05:14:54 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7

Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22

Exception code: 0xc00000fd

Fault offset: 0x00095c91

Faulting process id: 0x63f0

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

 

Error: (10/28/2014 03:35:08 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7

Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22

Exception code: 0xc00000fd

Fault offset: 0x00095c91

Faulting process id: 0x7700

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

 

 

System errors:

=============

Error: (10/29/2014 02:23:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 

%%-2147467259

 

Error: (10/29/2014 02:23:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Function Discovery Resource Publication service terminated with the following error: 

%%-2147467259

 

Error: (10/29/2014 02:22:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The System guard service failed to start due to the following error: 

%%3

 

Error: (10/29/2014 07:08:39 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (10/29/2014 07:06:48 AM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

Error: (10/29/2014 06:34:29 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (10/29/2014 06:01:27 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

 

Error: (10/29/2014 05:54:29 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: The following fatal alert was generated: 40. The internal error state is 252.

 

Error: (10/29/2014 05:54:29 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: The following fatal alert was generated: 40. The internal error state is 252.

 

Error: (10/29/2014 05:53:24 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: The following fatal alert was generated: 40. The internal error state is 252.

 

 

Microsoft Office Sessions:

=========================

Error: (10/29/2014 04:46:46 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: OUTLOOK.EXE14.0.7113.50009eb001cff2fe04d32cf915C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE146faf6c-5f48-11e4-919d-402cf4da5dc0

 

Error: (10/29/2014 02:54:04 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe11.0.9600.173444a5bc6b7jscript9.dll11.0.9600.17344541b85e6c000000500127417a0c401cff344928a777cC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\jscript9.dll5e2a1f5e-5f38-11e4-919d-402cf4da5dc0

 

Error: (10/29/2014 00:08:44 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00094765a39001cff32df1e41d6dC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll45764e2f-5f21-11e4-919d-402cf4da5dc0

 

Error: (10/28/2014 11:52:52 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00094fbf6b4401cff32b78c8f1ffC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll0df2d2d6-5f1f-11e4-919d-402cf4da5dc0

 

Error: (10/28/2014 11:44:08 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd003fbc2a7fcc01cff32a82cc0394C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dlld59671fe-5f1d-11e4-919d-402cf4da5dc0

 

Error: (10/28/2014 11:43:24 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00094fc38c6801cff32a1531b80cC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dllbb6aab69-5f1d-11e4-919d-402cf4da5dc0

 

Error: (10/28/2014 10:26:59 PM) (Source: SideBySide) (EventID: 63) (User: )

Description: assemblyIdentityprocessorArchitecturex64c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dllc:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll9

 

Error: (10/28/2014 07:01:52 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00094765addc01cff302462658aaC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll67490f35-5ef6-11e4-919d-402cf4da5dc0

 

Error: (10/28/2014 05:14:54 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00095c9163f001cff2f3d0da3dc7C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll75cc384b-5ee7-11e4-919d-402cf4da5dc0

 

Error: (10/28/2014 03:35:08 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00095c91770001cff2e613b2cfe2C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll85b4a04d-5ed9-11e4-919d-402cf4da5dc0

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-10-29 07:06:48.408

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-10-29 07:06:48.314

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i7-2860QM CPU @ 2.50GHz

Percentage of memory in use: 16%

Total physical RAM: 16334.36 MB

Available physical RAM: 13709.02 MB

Total Pagefile: 32666.89 MB

Available Pagefile: 29852.74 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:698.54 GB) (Free:443.08 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 037064DD)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

[LiquidTension]

Sorry for the delay, Geordie. 
Please do the following. 
 
 Farbar Recovery Scan Tool (FRST) Script

• Press the Windows Key  + r on your keyboard at the same time. Type Notepad and click OK.
• Copy the entire contents of the codebox below and paste into the Notepad document.
  

  start() C:\Program Files\pcmax\pcmax.exeC:\Program Files\pcmaxHKLM\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()HKU\S-1-5-21-1596962602-1384948956-1992376746-1000\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()R2 pcmaxservice; C:\Program Files\pcmax\pcmax.exe [241344 2014-05-29] ()C:\Users\Geordie\AppData\Local\Temp\{780DF91B-1625-4B2D-A071-EC41C074EFAD}.exeAlternateDataStreams: C:\ProgramData\TEMP:07C99568AlternateDataStreams: C:\ProgramData\TEMP:0915A718AlternateDataStreams: C:\ProgramData\TEMP:0ADCCF52AlternateDataStreams: C:\ProgramData\TEMP:0AF6266BAlternateDataStreams: C:\ProgramData\TEMP:0BCD47A5AlternateDataStreams: C:\ProgramData\TEMP:10E0E83DAlternateDataStreams: C:\ProgramData\TEMP:114BD271AlternateDataStreams: C:\ProgramData\TEMP:14362DF8AlternateDataStreams: C:\ProgramData\TEMP:1663E41BAlternateDataStreams: C:\ProgramData\TEMP:18345E10AlternateDataStreams: C:\ProgramData\TEMP:1DB77A89AlternateDataStreams: C:\ProgramData\TEMP:2313511AAlternateDataStreams: C:\ProgramData\TEMP:2487D1DAAlternateDataStreams: C:\ProgramData\TEMP:275A38F6AlternateDataStreams: C:\ProgramData\TEMP:2CB9631FAlternateDataStreams: C:\ProgramData\TEMP:2F7C40B6AlternateDataStreams: C:\ProgramData\TEMP:32AA69EDAlternateDataStreams: C:\ProgramData\TEMP:349E5B74AlternateDataStreams: C:\ProgramData\TEMP:395F6776AlternateDataStreams: C:\ProgramData\TEMP:3ADE134EAlternateDataStreams: C:\ProgramData\TEMP:45A64DE6AlternateDataStreams: C:\ProgramData\TEMP:49B217F7AlternateDataStreams: C:\ProgramData\TEMP:4B325725AlternateDataStreams: C:\ProgramData\TEMP:4BDE2F32AlternateDataStreams: C:\ProgramData\TEMP:4BEE39B0AlternateDataStreams: C:\ProgramData\TEMP:4C3504B5AlternateDataStreams: C:\ProgramData\TEMP:4D28BE4DAlternateDataStreams: C:\ProgramData\TEMP:4E79C4F8AlternateDataStreams: C:\ProgramData\TEMP:5080697CAlternateDataStreams: C:\ProgramData\TEMP:54531C7DAlternateDataStreams: C:\ProgramData\TEMP:554B3BF6AlternateDataStreams: C:\ProgramData\TEMP:57173DB4AlternateDataStreams: C:\ProgramData\TEMP:583FE1DAAlternateDataStreams: C:\ProgramData\TEMP:5CFE25D5AlternateDataStreams: C:\ProgramData\TEMP:5D10C56AAlternateDataStreams: C:\ProgramData\TEMP:5DB4FD98AlternateDataStreams: C:\ProgramData\TEMP:61C53F55AlternateDataStreams: C:\ProgramData\TEMP:61C6B926AlternateDataStreams: C:\ProgramData\TEMP:6641B59FAlternateDataStreams: C:\ProgramData\TEMP:67842DB7AlternateDataStreams: C:\ProgramData\TEMP:6A6D4AF4AlternateDataStreams: C:\ProgramData\TEMP:6A9EDD31AlternateDataStreams: C:\ProgramData\TEMP:6AF6BB0EAlternateDataStreams: C:\ProgramData\TEMP:6E6A4F42AlternateDataStreams: C:\ProgramData\TEMP:6E90EDD7AlternateDataStreams: C:\ProgramData\TEMP:757A3049AlternateDataStreams: C:\ProgramData\TEMP:76682252AlternateDataStreams: C:\ProgramData\TEMP:79C6A9CEAlternateDataStreams: C:\ProgramData\TEMP:7A632F57AlternateDataStreams: C:\ProgramData\TEMP:7B8AF9AAAlternateDataStreams: C:\ProgramData\TEMP:7FA0D639AlternateDataStreams: C:\ProgramData\TEMP:80A7A4A5AlternateDataStreams: C:\ProgramData\TEMP:86A7B7DDAlternateDataStreams: C:\ProgramData\TEMP:8967C154AlternateDataStreams: C:\ProgramData\TEMP:8B69E3C3AlternateDataStreams: C:\ProgramData\TEMP:8FC568E1AlternateDataStreams: C:\ProgramData\TEMP:92CA7E75AlternateDataStreams: C:\ProgramData\TEMP:993185CBAlternateDataStreams: C:\ProgramData\TEMP:9D91E651AlternateDataStreams: C:\ProgramData\TEMP:A6A65B80AlternateDataStreams: C:\ProgramData\TEMP:ACCEFF0EAlternateDataStreams: C:\ProgramData\TEMP:ACCFA538AlternateDataStreams: C:\ProgramData\TEMP:B790962BAlternateDataStreams: C:\ProgramData\TEMP:BB718C46AlternateDataStreams: C:\ProgramData\TEMP:BDDA21B6AlternateDataStreams: C:\ProgramData\TEMP:BEAA72E0AlternateDataStreams: C:\ProgramData\TEMP:C3899C0BAlternateDataStreams: C:\ProgramData\TEMP:C45094A1AlternateDataStreams: C:\ProgramData\TEMP:C695B256AlternateDataStreams: C:\ProgramData\TEMP:C8E3A625AlternateDataStreams: C:\ProgramData\TEMP:C900B47AAlternateDataStreams: C:\ProgramData\TEMP:C9BC8592AlternateDataStreams: C:\ProgramData\TEMP:CA400C1BAlternateDataStreams: C:\ProgramData\TEMP:CAB0171AAlternateDataStreams: C:\ProgramData\TEMP:CC7382F6AlternateDataStreams: C:\ProgramData\TEMP:CE506F23AlternateDataStreams: C:\ProgramData\TEMP:CE707633AlternateDataStreams: C:\ProgramData\TEMP:CF391C0FAlternateDataStreams: C:\ProgramData\TEMP:D254266BAlternateDataStreams: C:\ProgramData\TEMP:D61EB62DAlternateDataStreams: C:\ProgramData\TEMP:DAB09BDBAlternateDataStreams: C:\ProgramData\TEMP:DE2B4CCAAlternateDataStreams: C:\ProgramData\TEMP:DE3ABE3DAlternateDataStreams: C:\ProgramData\TEMP:DF7A2D3EAlternateDataStreams: C:\ProgramData\TEMP:E2295807AlternateDataStreams: C:\ProgramData\TEMP:E4FD113FAlternateDataStreams: C:\ProgramData\TEMP:E94FA418AlternateDataStreams: C:\ProgramData\TEMP:EB5BDBB0AlternateDataStreams: C:\ProgramData\TEMP:ED6B6C83AlternateDataStreams: C:\ProgramData\TEMP:EE69D7DFAlternateDataStreams: C:\ProgramData\TEMP:F18C0087AlternateDataStreams: C:\ProgramData\TEMP:F4362715AlternateDataStreams: C:\ProgramData\TEMP:F52DB269AlternateDataStreams: C:\ProgramData\TEMP:F53B274AAlternateDataStreams: C:\ProgramData\TEMP:F6910DB1AlternateDataStreams: C:\ProgramData\TEMP:F6CDA594AlternateDataStreams: C:\ProgramData\TEMP:FBA79096Task: {C4F6D03C-127C-4C38-A309-AF0DFFAD1D1E} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe [2014-05-29] () <==== ATTENTIONHKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\17659182.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\17659182.sys => ""="Driver"CMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end

• Click File, Save As and type fixlist.txt as the File Name. 
• Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

• Right-Click FRST64.exe and select  Run as administrator to run the programme.
• Click Fix.
• A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

[Geordie]

No need for apology--I appreciate your help.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-10-2014 01

Ran by Geordie at 2014-10-29 21:28:28 Run:1

Running from C:\Users\Geordie\Desktop

Loaded Profile: Geordie (Available profiles: Geordie)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

() C:\Program Files\pcmax\pcmax.exe

C:\Program Files\pcmax

HKLM\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()

HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()

HKU\S-1-5-21-1596962602-1384948956-1992376746-1000\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()

R2 pcmaxservice; C:\Program Files\pcmax\pcmax.exe [241344 2014-05-29] ()

C:\Users\Geordie\AppData\Local\Temp\{780DF91B-1625-4B2D-A071-EC41C074EFAD}.exe

AlternateDataStreams: C:\ProgramData\TEMP:07C99568

AlternateDataStreams: C:\ProgramData\TEMP:0915A718

AlternateDataStreams: C:\ProgramData\TEMP:0ADCCF52

AlternateDataStreams: C:\ProgramData\TEMP:0AF6266B

AlternateDataStreams: C:\ProgramData\TEMP:0BCD47A5

AlternateDataStreams: C:\ProgramData\TEMP:10E0E83D

AlternateDataStreams: C:\ProgramData\TEMP:114BD271

AlternateDataStreams: C:\ProgramData\TEMP:14362DF8

AlternateDataStreams: C:\ProgramData\TEMP:1663E41B

AlternateDataStreams: C:\ProgramData\TEMP:18345E10

AlternateDataStreams: C:\ProgramData\TEMP:1DB77A89

AlternateDataStreams: C:\ProgramData\TEMP:2313511A

AlternateDataStreams: C:\ProgramData\TEMP:2487D1DA

AlternateDataStreams: C:\ProgramData\TEMP:275A38F6

AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F

AlternateDataStreams: C:\ProgramData\TEMP:2F7C40B6

AlternateDataStreams: C:\ProgramData\TEMP:32AA69ED

AlternateDataStreams: C:\ProgramData\TEMP:349E5B74

AlternateDataStreams: C:\ProgramData\TEMP:395F6776

AlternateDataStreams: C:\ProgramData\TEMP:3ADE134E

AlternateDataStreams: C:\ProgramData\TEMP:45A64DE6

AlternateDataStreams: C:\ProgramData\TEMP:49B217F7

AlternateDataStreams: C:\ProgramData\TEMP:4B325725

AlternateDataStreams: C:\ProgramData\TEMP:4BDE2F32

AlternateDataStreams: C:\ProgramData\TEMP:4BEE39B0

AlternateDataStreams: C:\ProgramData\TEMP:4C3504B5

AlternateDataStreams: C:\ProgramData\TEMP:4D28BE4D

AlternateDataStreams: C:\ProgramData\TEMP:4E79C4F8

AlternateDataStreams: C:\ProgramData\TEMP:5080697C

AlternateDataStreams: C:\ProgramData\TEMP:54531C7D

AlternateDataStreams: C:\ProgramData\TEMP:554B3BF6

AlternateDataStreams: C:\ProgramData\TEMP:57173DB4

AlternateDataStreams: C:\ProgramData\TEMP:583FE1DA

AlternateDataStreams: C:\ProgramData\TEMP:5CFE25D5

AlternateDataStreams: C:\ProgramData\TEMP:5D10C56A

AlternateDataStreams: C:\ProgramData\TEMP:5DB4FD98

AlternateDataStreams: C:\ProgramData\TEMP:61C53F55

AlternateDataStreams: C:\ProgramData\TEMP:61C6B926

AlternateDataStreams: C:\ProgramData\TEMP:6641B59F

AlternateDataStreams: C:\ProgramData\TEMP:67842DB7

AlternateDataStreams: C:\ProgramData\TEMP:6A6D4AF4

AlternateDataStreams: C:\ProgramData\TEMP:6A9EDD31

AlternateDataStreams: C:\ProgramData\TEMP:6AF6BB0E

AlternateDataStreams: C:\ProgramData\TEMP:6E6A4F42

AlternateDataStreams: C:\ProgramData\TEMP:6E90EDD7

AlternateDataStreams: C:\ProgramData\TEMP:757A3049

AlternateDataStreams: C:\ProgramData\TEMP:76682252

AlternateDataStreams: C:\ProgramData\TEMP:79C6A9CE

AlternateDataStreams: C:\ProgramData\TEMP:7A632F57

AlternateDataStreams: C:\ProgramData\TEMP:7B8AF9AA

AlternateDataStreams: C:\ProgramData\TEMP:7FA0D639

AlternateDataStreams: C:\ProgramData\TEMP:80A7A4A5

AlternateDataStreams: C:\ProgramData\TEMP:86A7B7DD

AlternateDataStreams: C:\ProgramData\TEMP:8967C154

AlternateDataStreams: C:\ProgramData\TEMP:8B69E3C3

AlternateDataStreams: C:\ProgramData\TEMP:8FC568E1

AlternateDataStreams: C:\ProgramData\TEMP:92CA7E75

AlternateDataStreams: C:\ProgramData\TEMP:993185CB

AlternateDataStreams: C:\ProgramData\TEMP:9D91E651

AlternateDataStreams: C:\ProgramData\TEMP:A6A65B80

AlternateDataStreams: C:\ProgramData\TEMP:ACCEFF0E

AlternateDataStreams: C:\ProgramData\TEMP:ACCFA538

AlternateDataStreams: C:\ProgramData\TEMP:B790962B

AlternateDataStreams: C:\ProgramData\TEMP:BB718C46

AlternateDataStreams: C:\ProgramData\TEMP:BDDA21B6

AlternateDataStreams: C:\ProgramData\TEMP:BEAA72E0

AlternateDataStreams: C:\ProgramData\TEMP:C3899C0B

AlternateDataStreams: C:\ProgramData\TEMP:C45094A1

AlternateDataStreams: C:\ProgramData\TEMP:C695B256

AlternateDataStreams: C:\ProgramData\TEMP:C8E3A625

AlternateDataStreams: C:\ProgramData\TEMP:C900B47A

AlternateDataStreams: C:\ProgramData\TEMP:C9BC8592

AlternateDataStreams: C:\ProgramData\TEMP:CA400C1B

AlternateDataStreams: C:\ProgramData\TEMP:CAB0171A

AlternateDataStreams: C:\ProgramData\TEMP:CC7382F6

AlternateDataStreams: C:\ProgramData\TEMP:CE506F23

AlternateDataStreams: C:\ProgramData\TEMP:CE707633

AlternateDataStreams: C:\ProgramData\TEMP:CF391C0F

AlternateDataStreams: C:\ProgramData\TEMP:D254266B

AlternateDataStreams: C:\ProgramData\TEMP:D61EB62D

AlternateDataStreams: C:\ProgramData\TEMP:DAB09BDB

AlternateDataStreams: C:\ProgramData\TEMP:DE2B4CCA

AlternateDataStreams: C:\ProgramData\TEMP:DE3ABE3D

AlternateDataStreams: C:\ProgramData\TEMP:DF7A2D3E

AlternateDataStreams: C:\ProgramData\TEMP:E2295807

AlternateDataStreams: C:\ProgramData\TEMP:E4FD113F

AlternateDataStreams: C:\ProgramData\TEMP:E94FA418

AlternateDataStreams: C:\ProgramData\TEMP:EB5BDBB0

AlternateDataStreams: C:\ProgramData\TEMP:ED6B6C83

AlternateDataStreams: C:\ProgramData\TEMP:EE69D7DF

AlternateDataStreams: C:\ProgramData\TEMP:F18C0087

AlternateDataStreams: C:\ProgramData\TEMP:F4362715

AlternateDataStreams: C:\ProgramData\TEMP:F52DB269

AlternateDataStreams: C:\ProgramData\TEMP:F53B274A

AlternateDataStreams: C:\ProgramData\TEMP:F6910DB1

AlternateDataStreams: C:\ProgramData\TEMP:F6CDA594

AlternateDataStreams: C:\ProgramData\TEMP:FBA79096

Task: {C4F6D03C-127C-4C38-A309-AF0DFFAD1D1E} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe [2014-05-29] () <==== ATTENTION

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\17659182.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\17659182.sys => ""="Driver"

CMD: ipconfig /flushdns

CMD: netsh winsock reset all

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

EmptyTemp:

end

*****************

 

[2832] C:\Program Files\pcmax\pcmax.exe => Process closed successfully.

C:\Program Files\pcmax => Moved successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\pcreg => value deleted successfully.

HKU\S-1-5-21-1596962602-1384948956-1992376746-1000\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg => value deleted successfully.

pcmaxservice => Service deleted successfully.

C:\Users\Geordie\AppData\Local\Temp\{780DF91B-1625-4B2D-A071-EC41C074EFAD}.exe => Moved successfully.

C:\ProgramData\TEMP => ":07C99568" ADS removed successfully.

C:\ProgramData\TEMP => ":0915A718" ADS removed successfully.

C:\ProgramData\TEMP => ":0ADCCF52" ADS removed successfully.

C:\ProgramData\TEMP => ":0AF6266B" ADS removed successfully.

C:\ProgramData\TEMP => ":0BCD47A5" ADS removed successfully.

C:\ProgramData\TEMP => ":10E0E83D" ADS removed successfully.

C:\ProgramData\TEMP => ":114BD271" ADS removed successfully.

C:\ProgramData\TEMP => ":14362DF8" ADS removed successfully.

C:\ProgramData\TEMP => ":1663E41B" ADS removed successfully.

C:\ProgramData\TEMP => ":18345E10" ADS removed successfully.

C:\ProgramData\TEMP => ":1DB77A89" ADS removed successfully.

C:\ProgramData\TEMP => ":2313511A" ADS removed successfully.

C:\ProgramData\TEMP => ":2487D1DA" ADS removed successfully.

C:\ProgramData\TEMP => ":275A38F6" ADS removed successfully.

C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.

C:\ProgramData\TEMP => ":2F7C40B6" ADS removed successfully.

C:\ProgramData\TEMP => ":32AA69ED" ADS removed successfully.

C:\ProgramData\TEMP => ":349E5B74" ADS removed successfully.

C:\ProgramData\TEMP => ":395F6776" ADS removed successfully.

C:\ProgramData\TEMP => ":3ADE134E" ADS removed successfully.

C:\ProgramData\TEMP => ":45A64DE6" ADS removed successfully.

C:\ProgramData\TEMP => ":49B217F7" ADS removed successfully.

C:\ProgramData\TEMP => ":4B325725" ADS removed successfully.

C:\ProgramData\TEMP => ":4BDE2F32" ADS removed successfully.

C:\ProgramData\TEMP => ":4BEE39B0" ADS removed successfully.

C:\ProgramData\TEMP => ":4C3504B5" ADS removed successfully.

C:\ProgramData\TEMP => ":4D28BE4D" ADS removed successfully.

C:\ProgramData\TEMP => ":4E79C4F8" ADS removed successfully.

C:\ProgramData\TEMP => ":5080697C" ADS removed successfully.

C:\ProgramData\TEMP => ":54531C7D" ADS removed successfully.

C:\ProgramData\TEMP => ":554B3BF6" ADS removed successfully.

C:\ProgramData\TEMP => ":57173DB4" ADS removed successfully.

C:\ProgramData\TEMP => ":583FE1DA" ADS removed successfully.

C:\ProgramData\TEMP => ":5CFE25D5" ADS removed successfully.

C:\ProgramData\TEMP => ":5D10C56A" ADS removed successfully.

C:\ProgramData\TEMP => ":5DB4FD98" ADS removed successfully.

C:\ProgramData\TEMP => ":61C53F55" ADS removed successfully.

C:\ProgramData\TEMP => ":61C6B926" ADS removed successfully.

C:\ProgramData\TEMP => ":6641B59F" ADS removed successfully.

C:\ProgramData\TEMP => ":67842DB7" ADS removed successfully.

C:\ProgramData\TEMP => ":6A6D4AF4" ADS removed successfully.

C:\ProgramData\TEMP => ":6A9EDD31" ADS removed successfully.

C:\ProgramData\TEMP => ":6AF6BB0E" ADS removed successfully.

C:\ProgramData\TEMP => ":6E6A4F42" ADS removed successfully.

C:\ProgramData\TEMP => ":6E90EDD7" ADS removed successfully.

C:\ProgramData\TEMP => ":757A3049" ADS removed successfully.

C:\ProgramData\TEMP => ":76682252" ADS removed successfully.

C:\ProgramData\TEMP => ":79C6A9CE" ADS removed successfully.

C:\ProgramData\TEMP => ":7A632F57" ADS removed successfully.

C:\ProgramData\TEMP => ":7B8AF9AA" ADS removed successfully.

C:\ProgramData\TEMP => ":7FA0D639" ADS removed successfully.

C:\ProgramData\TEMP => ":80A7A4A5" ADS removed successfully.

C:\ProgramData\TEMP => ":86A7B7DD" ADS removed successfully.

C:\ProgramData\TEMP => ":8967C154" ADS removed successfully.

C:\ProgramData\TEMP => ":8B69E3C3" ADS removed successfully.

C:\ProgramData\TEMP => ":8FC568E1" ADS removed successfully.

C:\ProgramData\TEMP => ":92CA7E75" ADS removed successfully.

C:\ProgramData\TEMP => ":993185CB" ADS removed successfully.

C:\ProgramData\TEMP => ":9D91E651" ADS removed successfully.

C:\ProgramData\TEMP => ":A6A65B80" ADS removed successfully.

C:\ProgramData\TEMP => ":ACCEFF0E" ADS removed successfully.

C:\ProgramData\TEMP => ":ACCFA538" ADS removed successfully.

C:\ProgramData\TEMP => ":B790962B" ADS removed successfully.

C:\ProgramData\TEMP => ":BB718C46" ADS removed successfully.

C:\ProgramData\TEMP => ":BDDA21B6" ADS removed successfully.

C:\ProgramData\TEMP => ":BEAA72E0" ADS removed successfully.

C:\ProgramData\TEMP => ":C3899C0B" ADS removed successfully.

C:\ProgramData\TEMP => ":C45094A1" ADS removed successfully.

C:\ProgramData\TEMP => ":C695B256" ADS removed successfully.

C:\ProgramData\TEMP => ":C8E3A625" ADS removed successfully.

C:\ProgramData\TEMP => ":C900B47A" ADS removed successfully.

C:\ProgramData\TEMP => ":C9BC8592" ADS removed successfully.

C:\ProgramData\TEMP => ":CA400C1B" ADS removed successfully.

C:\ProgramData\TEMP => ":CAB0171A" ADS removed successfully.

C:\ProgramData\TEMP => ":CC7382F6" ADS removed successfully.

C:\ProgramData\TEMP => ":CE506F23" ADS removed successfully.

C:\ProgramData\TEMP => ":CE707633" ADS removed successfully.

C:\ProgramData\TEMP => ":CF391C0F" ADS removed successfully.

C:\ProgramData\TEMP => ":D254266B" ADS removed successfully.

C:\ProgramData\TEMP => ":D61EB62D" ADS removed successfully.

C:\ProgramData\TEMP => ":DAB09BDB" ADS removed successfully.

C:\ProgramData\TEMP => ":DE2B4CCA" ADS removed successfully.

C:\ProgramData\TEMP => ":DE3ABE3D" ADS removed successfully.

C:\ProgramData\TEMP => ":DF7A2D3E" ADS removed successfully.

C:\ProgramData\TEMP => ":E2295807" ADS removed successfully.

C:\ProgramData\TEMP => ":E4FD113F" ADS removed successfully.

C:\ProgramData\TEMP => ":E94FA418" ADS removed successfully.

C:\ProgramData\TEMP => ":EB5BDBB0" ADS removed successfully.

C:\ProgramData\TEMP => ":ED6B6C83" ADS removed successfully.

C:\ProgramData\TEMP => ":EE69D7DF" ADS removed successfully.

C:\ProgramData\TEMP => ":F18C0087" ADS removed successfully.

C:\ProgramData\TEMP => ":F4362715" ADS removed successfully.

C:\ProgramData\TEMP => ":F52DB269" ADS removed successfully.

C:\ProgramData\TEMP => ":F53B274A" ADS removed successfully.

C:\ProgramData\TEMP => ":F6910DB1" ADS removed successfully.

C:\ProgramData\TEMP => ":F6CDA594" ADS removed successfully.

C:\ProgramData\TEMP => ":FBA79096" ADS removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C4F6D03C-127C-4C38-A309-AF0DFFAD1D1E}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4F6D03C-127C-4C38-A309-AF0DFFAD1D1E}" => Key deleted successfully.

C:\Windows\System32\Tasks\pcreg => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg" => Key deleted successfully.

"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\17659182.sys" => Key deleted successfully.

"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\17659182.sys" => Key deleted successfully.

 

=========  ipconfig /flushdns =========

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========= End of CMD: =========

 

 

=========  netsh winsock reset all =========

 

 

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

 

 

========= End of CMD: =========

 

 

=========  netsh int ipv4 reset =========

 

Reseting Global, OK!

Reseting Interface, OK!

Reseting Unicast Address, OK!

Reseting Route, OK!

Reseting Subinterface, OK!

Restart the computer to complete this action.

 

 

========= End of CMD: =========

 

 

=========  netsh int ipv6 reset =========

 

Reseting Global, OK!

Reseting Interface, OK!

Reseting Subinterface, OK!

Restart the computer to complete this action.

 

 

========= End of CMD: =========

 

EmptyTemp: => Removed 479.8 MB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

[LiquidTension]

Hi Geordie, 
 
Please provide an update on your computer after completing the steps below. Are there any outstanding issues?
 
STEP 1
 AdwCleaner

• Please download AdwCleaner and save the file to your Desktop.
• Right-Click AdwCleaner.exe and select  Run as administrator to run the programme.
• Follow the prompts. 
• Click Scan. 
• Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
• Ensure anything you know to be legitimate does not have a checkmark, and click Clean. 
• Follow the prompts and allow your computer to reboot. 
• After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 2
 Junkware Removal Tool (JRT)

• Please download Junkware Removal Tool and save the file to your Desktop.
• Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
• Temporarily disable your anti-virus software. For instructions, please refer to the following link.
• Right-Click JRT.exe and select  Run as administrator to run the programme.
• Follow the prompts and allow the scan to run uninterrupted. 
• Upon completion, a log (JRT.txt) will open on your desktop.
• Re-enable your anti-virus software.
• Copy the contents of JRT.txt and paste in your next reply.
   

======================================================

STEP 3
 Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• AdwCleaner[s0].txt
• JRT.txt
• Are there any outstanding issues?

[Geordie]

# AdwCleaner v3.311 - Report created 30/10/2014 at 05:36:50

# Updated 30/09/2014 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

# Username : Geordie - EXEC-2

# Running from : C:\Users\Geordie\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\AlawarEntertainment

Folder Deleted : C:\Program Files (x86)\Bench

Folder Deleted : C:\Users\Geordie\AppData\Roaming\quickclick

Folder Deleted : C:\Users\Geordie\AppData\Roaming\AlawarEntertainment

Folder Deleted : C:\Users\Geordie\Documents\PC Speed Maximizer

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKLM\SOFTWARE\AdvertisingSupport

Key Deleted : HKLM\SOFTWARE\PIP

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17344

 

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

 

-\\ Google Chrome v

 

[ File : C:\Users\Geordie\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [1485 octets] - [30/10/2014 05:33:23]

AdwCleaner[s0].txt - [1293 octets] - [30/10/2014 05:36:50]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1353 octets] ##########

[Geordie]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.3.3 (10.21.2014:1)

OS: Windows 7 Professional x64

Ran by Geordie on Thu 10/30/2014 at  5:43:32.96

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 10/30/2014 at  5:45:31.98

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Geordie]

Adam, there are no outstanding issues that I can determine.  Is there anything else to do?

[LiquidTension]

Hi Geordie, 
 
Lets check for remnants, and confirm your machine appears free of malware. 
 
STEP 1
 Malwarebytes Anti-Malware (MBAM)

• Open Malwarebytes Anti-Malware and click Update Now.
• Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
• Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
• Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
• If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
• Upon completion of the scan (or after the reboot), click the History tab.
• Click Application Logs and double-click the Scan Log.
• Click Copy to Clipboard and paste the log in your next reply. 
   

STEP 2
 ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

• Please download ESET Online Scan and save the file to your Desktop.
• Temporarily disable your anti-virus software. For instructions, please refer to the following link.
• Double-click esetsmartinstaller_enu.exe to run the programme. 
• Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
• Agree to the Terms of Use once more and click Start. Allow components to download.
• Place a checkmark next to Enable detection of potentially unwanted applications.
• Click Hide advanced settings. Place a checkmark next to:
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• Ensure Remove found threats is unchecked.
• Click Start.
• Wait for the scan to finish. Please be patient as this can take some time.
• Upon completion, click . If no threats were found, skip the next two bullet points. 
• Click  and save the file to your Desktop, naming it something such as "MyEsetScan".
• Push the Back button.
• Place a checkmark next to  and click .
• Re-enable your anti-virus software.
• Copy the contents of the log and paste in your next reply.
   

======================================================
 
STEP 3
 Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• MBAM Scan log
• ESET Online Scan log

[Geordie]

****************

* MBAM log *

****************

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 10/30/2014

Scan Time: 6:28:16 PM

Logfile: 

Administrator: Yes

 

Version: 2.00.3.1025

Malware Database: v2014.10.30.13

Rootkit Database: v2014.10.22.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Geordie

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 339111

Time Elapsed: 14 min, 3 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

****************

* ESET log *

***************

C:\FRST\Quarantine\C\Program Files\pcmax\pcmax.exe a variant of Win32/Conduit.SearchProtect.O potentially unwanted application

C:\FRST\Quarantine\C\Program Files\pcmax\service.exe Win32/Conduit.SearchProtect.T potentially unwanted application

C:\temp\launcher.exe Win32/Conduit.SearchProtect.M potentially unwanted application

C:\temp\white.exe Win32/Conduit.SearchProtect.M potentially unwanted application

C:\temp\white2.exe Win32/Conduit.SearchProtect.M potentially unwanted application

C:\Users\Geordie\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application

[LiquidTension]

Looks good. 

We need to update your vulnerable software to reduce the risk of reinfection.

 

STEP 1
 Farbar Recovery Scan Tool (FRST) Script

• Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.
• Copy the entire contents of the codebox below and paste into the Notepad document.
  

  startC:\temp\launcher.exeC:\temp\white.exe C:\temp\white2.exe C:\Users\Geordie\Downloads\CuteWriter.exeEmptyTemp:end

• Click File, Save As and type fixlist.txt as the File Name. 
• Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

• Right-Click FRST64.exe and select Run as administrator to run the programme.
• Click Fix.
• A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
   

STEP 2
 Update Outdated Software
Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

•  Adobe Air
•  Adobe Reader (uncheck the "Optional Offer")
•  Adobe Shockwave Player
•  Java (watch out for "Optional Offers" or bundled software)
•  Follow these instructions to check for and download the latest Windows Updates.
   

STEP 3
 Remove Outdated Software

• Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
• Search for the following programmes, right-click and click Uninstall one at a time.
• Note: The programmes below may not be present. If this is the case, please skip to the next step.
  • Adobe Reader X (10.1.9)
  • Adobe Shockwave Player 11.6
  • Java 7 Update 55 
• Follow the prompts, and reboot if necessary.
   

STEP 4
 Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser.
For information on Java vulnerabilities, please read the following article (point #7).

• Click the Windows Start Button  and type Java Control Panel (or javacpl) in the search bar. 
• Click on the Java Control Panel. Once opened, click the Security tab.
• Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
• Click Apply. When the Windows User Account Control (UAC) appears, allow permissions to make the changes. 
• Click OK in the Java Plug-in confirmation window.
• Restart your browser(s) for changes to take effect.
• More information can be found here and here.
   

STEP 5
 Security Check

• Please download SecurityCheck and save the file to your Desktop.
• Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
• A log (checkup.txt) will automatically open on your Desktop.
• Copy the contents of the log and paste in your next reply.
   

======================================================
 
STEP 6
 Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• checkup.txt
• How is your computer performing? Are there any outstanding issues?

[Geordie]

Adam, 

No outstanding issues, though I wonder if I may just delete by hand the files quarantined by FRST.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-10-2014 01

Ran by Geordie at 2014-10-31 06:01:46 Run:2

Running from C:\Users\Geordie\Desktop

Loaded Profile: Geordie (Available profiles: Geordie)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

C:\temp\launcher.exe

C:\temp\white.exe 

C:\temp\white2.exe 

C:\Users\Geordie\Downloads\CuteWriter.exe

EmptyTemp:

end

*****************

 

C:\temp\launcher.exe => Moved successfully.

C:\temp\white.exe => Moved successfully.

C:\temp\white2.exe => Moved successfully.

C:\Users\Geordie\Downloads\CuteWriter.exe => Moved successfully.

EmptyTemp: => Removed 81.4 MB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

 

 Results of screen317's Security Check version 0.99.89  

 Windows 7 Service Pack 1 x64 (UAC is disabled!)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

 Windows Firewall Disabled!  

Microsoft Security Essentials   

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:````````` 

 Java 8 Update 25  

 Java version out of Date! 

 Adobe Flash Player 15.0.0.152  

 Adobe Reader XI  

 Google Chrome 38.0.2125.104  

 Google Chrome 38.0.2125.111  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log`````````````````````` 

[LiquidTension]

Hi Geordie, 
 
Running DelFix as instructed below will permanently delete the files quarantined by FRST.

 

Now for the good news!

 

----------------
 
All Clean!
Congratulations, your computer appears clean!
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful. 
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. 
 
 
STEP 1
 ComboFix Uninstall

• Press the Windows Key + r on your keyboard at the same time. Type the following text into the Run box:

  ComboFix /Uninstall

• Click OK.
• Note: It may appear as if Combofix is installing. This is not the case; the programme is uninstalling. Please do not interrupt the process.
   

STEP 2
 DelFix

• Please download DelFix and save the file to your Desktop.
• Double-click DelFix.exe to run the programme.
• Place a checkmark next to the following items:
  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore
  • Reset system settings
• Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
======================================================
 
I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

• Answers to common security questions - Best Practices by quietman7, MVP
• How Malware Spreads - How did I get infected? by quietman7, MVP
• Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
• How to Prevent Malware by miekiemoes, MVP
• How to backup and restore your data using Cobian Backup by YourHighness
• Slow Computer/browser? It May Not Be Malware by quietman7, MVP
   

The following programmes come highly recommended in the security community.

•  AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
• CryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
•  Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
•  Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
•  NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
•  Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
•  Secuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
•  SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
•  Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using Malwarebytes.
 
Safe Surfing.
Adam (LiquidTension).

[Geordie]

Everything is great! Thanks so much for your help!

[LiquidTension]

You're more than welcome. 

 

I will mark this topic for closure. 

 

All the best, 

Adam

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!