Jump to content

Malicious Website Blocked SysWOW64\svchost.exe


Recommended Posts

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs in your next reply....

 

Thaks,

 

Kevin

Link to post
Share on other sites

Here's the combofix results

 

ComboFix 14-11-15.01 - Kim 11/14/2014  18:03:02.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.1637 [GMT -5:00]
Running from: c:\users\Kim\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\4PxPlo.jpg
c:\users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\b37laYjY7.jpg
c:\users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\X17yk.jpg
c:\users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\y1B3BY.jpg
c:\users\Kim\AppData\Roaming\GetValue.vbs
c:\users\Kim\GoToAssistDownloadHelper.exe
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct: 
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
    (Default)    REG_SZ    Thumbnail Cache Class Factory for Out of Proc Server
    AppID    REG_SZ    {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32
    (Default)    REG_SZ    c:\windows\system32\thumbcache.dll
    ThreadingModel    REG_SZ    Apartment
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\
.
(((((((((((((((((((((((((   Files Created from 2014-10-14 to 2014-11-14  )))))))))))))))))))))))))))))))
.
.
2014-11-14 23:46 . 2014-11-14 23:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-14 21:44 . 2014-11-14 21:48 -------- d-----w- c:\windows\SysWow64\vbox
2014-11-14 21:44 . 2014-11-14 21:48 -------- d-----w- c:\windows\system32\vbox
2014-11-14 21:40 . 2014-11-14 22:41 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-14 21:37 . 2014-10-01 16:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-14 21:37 . 2014-10-01 16:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-14 21:37 . 2014-11-14 21:37 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-11-14 21:36 . 2014-11-14 21:36 -------- d-----w- c:\users\Kim\AppData\Local\Programs
2014-11-14 20:59 . 2014-11-14 20:59 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-14 20:59 . 2014-11-14 20:59 43152 ----a-w- c:\windows\avastSS.scr
2014-11-14 13:20 . 2014-11-14 23:15 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF2FBE18-59FE-4B8F-BBCD-7195A6E1E8A4}\offreg.dll
2014-11-14 05:43 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2014-11-14 05:43 . 2014-08-21 06:40 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-14 05:43 . 2014-08-21 06:26 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-11-14 05:43 . 2014-08-21 06:23 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-11-14 05:43 . 2014-08-12 02:02 878080 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-14 05:43 . 2014-08-12 01:36 701440 ----a-w- c:\windows\SysWow64\IMJP10K.DLL
2014-11-14 05:43 . 2014-10-03 02:12 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-14 05:43 . 2014-10-03 01:44 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2014-11-14 05:43 . 2014-10-03 02:11 284672 ----a-w- c:\windows\system32\EncDump.dll
2014-11-14 05:43 . 2014-10-03 02:11 680960 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-14 05:43 . 2014-10-03 02:11 440832 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-14 05:43 . 2014-10-03 02:11 296448 ----a-w- c:\windows\system32\AudioSes.dll
2014-11-14 05:43 . 2014-10-03 01:44 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
2014-11-14 05:37 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
2014-11-14 05:37 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-11-14 05:37 . 2014-10-10 00:57 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-11-14 05:37 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll
2014-11-14 05:36 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-11-14 05:36 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-14 05:36 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-11-14 05:27 . 2010-04-12 22:29 411368 ----a-w- c:\windows\SysWow64\deployJava1.dll
2014-11-14 05:27 . 2010-04-12 22:29 411368 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2014-11-13 13:01 . 2014-11-13 13:01 -------- d-sh--w- c:\users\Kim\AppData\Local\EmieBrowserModeList
2014-11-12 14:04 . 2014-10-14 01:50 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-11-12 14:04 . 2014-11-06 02:21 2051072 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-11 14:02 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF2FBE18-59FE-4B8F-BBCD-7195A6E1E8A4}\mpengine.dll
2014-10-31 22:08 . 2014-10-31 22:08 -------- d-----w- c:\program files (x86)\Coupons
2014-10-16 14:47 . 2014-06-18 22:23 1943696 ----a-w- c:\windows\system32\dfshim.dll
2014-10-16 14:47 . 2014-06-18 22:23 156312 ----a-w- c:\windows\system32\mscorier.dll
2014-10-16 14:47 . 2014-06-18 22:23 156824 ----a-w- c:\windows\SysWow64\mscorier.dll
2014-10-16 14:47 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll
2014-10-16 14:47 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll
2014-10-16 14:47 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll
2014-10-16 14:47 . 2014-09-25 22:32 2017280 ----a-w- c:\windows\SysWow64\inetcpl(30).cpl
2014-10-16 14:46 . 2014-08-29 02:07 44032 ----a-w- c:\windows\system32\tsgqec.dll
2014-10-16 14:46 . 2014-08-29 01:44 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2014-10-16 14:46 . 2014-08-29 01:44 4922368 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-10-16 14:46 . 2014-08-29 01:44 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
2014-10-16 14:46 . 2014-08-29 01:44 1050112 ----a-w- c:\windows\SysWow64\mstsc.exe
2014-10-16 14:46 . 2014-08-29 02:07 322560 ----a-w- c:\windows\system32\aaclient.dll
2014-10-16 14:46 . 2014-08-29 02:06 1125888 ----a-w- c:\windows\system32\mstsc.exe
2014-10-16 14:46 . 2014-08-29 02:07 5780480 ----a-w- c:\windows\system32\mstscax.dll
2014-10-16 14:46 . 2014-08-29 02:07 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2014-10-16 14:45 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll
2014-10-16 14:45 . 2014-09-04 05:04 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2014-10-16 14:45 . 2014-07-17 02:07 235520 ----a-w- c:\windows\system32\winsta.dll
2014-10-16 14:45 . 2014-07-17 02:07 150528 ----a-w- c:\windows\system32\rdpcorekmts.dll
2014-10-16 14:45 . 2014-07-17 01:40 157696 ----a-w- c:\windows\SysWow64\winsta.dll
2014-10-16 14:45 . 2014-07-17 01:21 212480 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-10-16 14:45 . 2014-07-17 02:07 455168 ----a-w- c:\windows\system32\winlogon.exe
2014-10-16 14:45 . 2014-07-17 01:21 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-14 20:59 . 2014-07-19 16:58 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-11-14 20:59 . 2014-07-19 16:54 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-14 20:59 . 2011-06-12 17:33 436624 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-14 20:59 . 2014-07-19 16:58 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-14 20:59 . 2014-07-19 16:54 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-14 20:59 . 2011-06-12 17:33 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-14 20:59 . 2012-10-07 23:18 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-11-14 20:58 . 2011-06-12 17:33 1050432 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-11-14 08:16 . 2012-05-09 07:11 103374192 ----a-w- c:\windows\system32\MRT.exe
2014-11-12 00:57 . 2012-10-07 23:23 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-12 00:57 . 2011-12-14 23:56 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-28 10:34 . 2011-06-12 17:49 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-01 16:11 . 2010-11-22 17:12 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-25 02:08 . 2014-10-01 15:52 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 15:52 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-09 22:11 . 2014-09-24 16:22 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 16:22 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-03 17:35 . 2014-05-19 21:56 444912 ----a-w- c:\windows\CouponPrinter.ocx
2014-09-03 17:35 . 2014-05-19 21:58 659440 ----a-w- c:\windows\couponprinter_x64.ocx
2014-08-29 16:53 . 2010-06-24 15:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-08-28 22:21 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 22:21 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE" [2012-09-27 283232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-05 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-14 5225064]
.
c:\users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
Dropbox.lnk - c:\users\Kim\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-13 35419192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2014-6-16 6515528]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys;c:\windows\SYSNATIVE\DRIVERS\stdflt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 CouponPrinterService;Coupon Printer Service;c:\program files (x86)\Coupons\CouponPrinterService.exe;c:\program files (x86)\Coupons\CouponPrinterService.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys;c:\windows\SYSNATIVE\DRIVERS\Acceler.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-29 13:39 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-07 00:57]
.
2014-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-14 00:06]
.
2014-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-14 00:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-14 20:59 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2014-06-16 16:10 6487880 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2014-06-16 16:10 6487880 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.1.1
FF - ProfilePath - c:\users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\ptanzvco.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1105775580-4205987658-3193769944-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1105775580-4205987658-3193769944-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1105775580-4205987658-3193769944-1001_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1105775580-4205987658-3193769944-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-14  18:51:39
ComboFix-quarantined-files.txt  2014-11-14 23:51
.
Pre-Run: 359,900,454,912 bytes free
Post-Run: 369,229,410,304 bytes free
.
- - End Of File - - 26541809DF27546954BAFB3F78765E68
5C616939100B85E558DA92B899A0FC36
Link to post
Share on other sites

Here's malwarebytes logs

 

<?xml version="1.0" encoding="UTF-16"?>
 
-<mbam-log>
 
 
-<header>
 
<date>2014/11/14 16:40:42 -0500</date>
 
<logfile>mbam-log-2014-11-14 (16-40-35).xml</logfile>
 
<isadmin>yes</isadmin>
 
</header>
 
 
-<engine>
 
<version>2.00.3.1025</version>
 
<malware-database>v2014.11.14.10</malware-database>
 
<rootkit-database>v2014.11.12.01</rootkit-database>
 
<license>trial</license>
 
<file-protection>enabled</file-protection>
 
<web-protection>enabled</web-protection>
 
<self-protection>disabled</self-protection>
 
</engine>
 
 
-<system>
 
<osversion>Windows 7 Service Pack 1</osversion>
 
<arch>x64</arch>
 
<username>Kim</username>
 
<filesys>NTFS</filesys>
 
</system>
 
 
-<summary>
 
<type>threat</type>
 
<result>completed</result>
 
<objects>337867</objects>
 
<time>2158</time>
 
<processes>0</processes>
 
<modules>0</modules>
 
<keys>0</keys>
 
<values>0</values>
 
<datas>0</datas>
 
<folders>0</folders>
 
<files>1</files>
 
<sectors>0</sectors>
 
</summary>
 
 
-<options>
 
<memory>enabled</memory>
 
<startup>enabled</startup>
 
<filesystem>enabled</filesystem>
 
<archives>enabled</archives>
 
<rootkits>disabled</rootkits>
 
<deeprootkit>disabled</deeprootkit>
 
<heuristics>enabled</heuristics>
 
<pup>enabled</pup>
 
<pum>enabled</pum>
 
</options>
 
 
-<items>
 
 
-<file>
 
<path>C:\Users\Kim\Dropbox\ubcd528.exe</path>
 
<vendor>PUP.Optional.OpenCandy</vendor>
 
<action>success</action>
 
<hash>852d7cbfd3a960d6e7793b3317eede22</hash>
 
</file>
 
</items>
 
</mbam-log>
Link to post
Share on other sites

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
Ran by Kim (administrator) on KIMPLUMLAPTOP on 14-11-2014 20:19:44
Running from C:\Users\Kim\Desktop
Loaded Profile: Kim (Available profiles: Kim)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
() C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1822504 2009-08-23] (Synaptics Incorporated)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] ()
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [246504 2010-01-11] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-14] (AVAST Software)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1105775580-4205987658-3193769944-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-09-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1105775580-4205987658-3193769944-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Kim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy2] -> {747E722C-CB46-4a9d-BDFE-192AAD5099B1} => C:\Program Files\MozyHome\mozyshell.dll (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy3] -> {EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} => C:\Program Files\MozyHome\mozyshell.dll (Mozy, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1105775580-4205987658-3193769944-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {0DB6796A-EB0D-4822-87CE-045F86802EBB} URL = 
SearchScopes: HKCU - {0AAB0E89-9D44-4003-A770-76DED818C71F} URL = 
SearchScopes: HKCU - {0DB6796A-EB0D-4822-87CE-045F86802EBB} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKU\S-1-5-21-1105775580-4205987658-3193769944-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-1105775580-4205987658-3193769944-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\ptanzvco.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2014-11-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-06-12]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U18) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-12]
CHR Extension: (YouTube) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-07]
CHR Extension: (Google Search) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-07]
CHR Extension: (Google Wallet) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-27]
CHR Extension: (Gmail) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-14] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-14] (Avast Software)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-09-05] (Coupons.com Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-02-02] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-02-02] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-07-05] (Creative Technology Ltd) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-06-23] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [54040 2011-09-29] (Mozy, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2010-02-02] (Creative Labs) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-14] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-14] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\SysWOW64\drivers\MBAMSwissArmy.sys [38224 2010-12-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [67808 2013-05-21] (Mozy, Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-14] (Avast Software)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-14 20:19 - 2014-11-14 20:20 - 00023349 _____ () C:\Users\Kim\Desktop\FRST.txt
2014-11-14 20:19 - 2014-11-14 20:19 - 00000000 ____D () C:\FRST
2014-11-14 20:17 - 2014-11-14 20:17 - 02116608 _____ (Farbar) C:\Users\Kim\Desktop\FRST64.exe
2014-11-14 19:06 - 2014-11-14 19:06 - 00000247 _____ () C:\Windows\system32\2014-11-15-00-06-00.011-aswFe.exe-7216.log
2014-11-14 18:58 - 2014-11-14 19:05 - 00000247 _____ () C:\Windows\system32\2014-11-14-23-58-32.009-aswFe.exe-1848.log
2014-11-14 18:58 - 2014-11-14 18:58 - 00000197 _____ () C:\Windows\system32\2014-11-14-23-58-26.007-AvastVBoxSVC.exe-8832.log
2014-11-14 18:51 - 2014-11-14 18:51 - 00029728 _____ () C:\ComboFix.txt
2014-11-14 18:50 - 2014-11-14 18:50 - 00000197 _____ () C:\Windows\system32\2014-11-14-23-50-33.000-AvastVBoxSVC.exe-4416.log
2014-11-14 18:18 - 2014-11-14 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-11-14 18:18 - 2011-02-04 18:50 - 00001120 _____ () C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
2014-11-14 18:18 - 2010-02-21 16:21 - 00002016 _____ () C:\Users\Public\Desktop\Adobe Reader 9.lnk
2014-11-14 18:18 - 2010-02-21 16:17 - 00001009 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat_com.lnk
2014-11-14 18:18 - 2010-02-21 16:17 - 00000997 _____ () C:\Users\Public\Desktop\Acrobat_com.lnk
2014-11-14 18:18 - 2010-02-21 03:03 - 00001149 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
2014-11-14 18:18 - 2010-02-09 17:20 - 00002429 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-14 18:18 - 2010-02-09 17:18 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-11-14 18:18 - 2010-02-09 16:54 - 00001979 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
2014-11-14 18:18 - 2010-02-02 17:05 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-11-14 18:18 - 2010-02-02 17:05 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-11-14 18:18 - 2010-02-02 15:58 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-11-14 18:18 - 2010-02-02 15:31 - 00002084 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD DX.lnk
2014-11-14 18:18 - 2010-02-02 15:30 - 00001860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cozi Family Calendar.lnk
2014-11-14 18:18 - 2010-02-02 15:19 - 00002557 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
2014-11-14 18:18 - 2009-07-14 00:01 - 00001282 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2014-11-14 18:18 - 2009-07-13 23:57 - 00001352 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2014-11-14 18:18 - 2009-07-13 23:57 - 00001330 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2014-11-14 18:18 - 2009-07-13 23:57 - 00001246 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2014-11-14 18:18 - 2009-07-13 23:54 - 00001210 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2014-11-14 18:18 - 2009-07-13 23:49 - 00001266 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2014-11-14 18:16 - 2014-11-14 18:16 - 00000197 _____ () C:\Windows\system32\2014-11-14-23-16-32.016-AvastVBoxSVC.exe-4764.log
2014-11-14 18:00 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-14 18:00 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-14 18:00 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-14 18:00 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-14 18:00 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-14 18:00 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-14 18:00 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-14 18:00 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-14 17:58 - 2014-11-14 18:51 - 00000000 ____D () C:\Qoobox
2014-11-14 17:54 - 2014-11-14 18:49 - 00000000 ____D () C:\Windows\erdnt
2014-11-14 17:44 - 2014-11-14 17:52 - 05598504 ____R (Swearware) C:\Users\Kim\Desktop\ComboFix.exe
2014-11-14 16:44 - 2014-11-14 16:48 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-11-14 16:44 - 2014-11-14 16:48 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-14 16:40 - 2014-11-14 17:41 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-14 16:38 - 2014-11-14 16:38 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-14 16:38 - 2014-11-14 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-14 16:37 - 2014-11-14 16:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-14 16:37 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-14 16:37 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-14 16:01 - 2014-11-14 16:01 - 00001926 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-14 16:00 - 2014-11-14 16:00 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-14 15:59 - 2014-11-14 15:59 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-14 15:59 - 2014-11-14 15:59 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-14 00:44 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-14 00:44 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-14 00:44 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-14 00:44 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-14 00:44 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-14 00:44 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-14 00:44 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-14 00:44 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-14 00:44 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-14 00:44 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-14 00:44 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-14 00:44 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-14 00:44 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-14 00:44 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-14 00:44 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-14 00:44 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-14 00:44 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-14 00:44 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-14 00:44 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-14 00:44 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-14 00:44 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-14 00:44 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-14 00:44 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-14 00:44 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-14 00:44 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-14 00:44 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-14 00:44 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-14 00:44 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-14 00:44 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-14 00:44 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-14 00:44 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-14 00:44 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-14 00:44 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-14 00:44 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-14 00:44 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-14 00:44 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-14 00:44 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-14 00:44 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-14 00:44 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-14 00:44 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-14 00:44 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-14 00:44 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-14 00:44 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-14 00:44 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-14 00:44 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-14 00:44 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-14 00:44 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-14 00:44 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-14 00:44 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-14 00:44 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-14 00:44 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-14 00:44 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-14 00:44 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-14 00:44 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-14 00:44 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-14 00:44 - 2014-11-05 12:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-14 00:44 - 2014-11-05 12:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-14 00:44 - 2014-11-05 12:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-14 00:44 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-14 00:44 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-14 00:44 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-14 00:44 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-14 00:44 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-14 00:44 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-14 00:44 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-14 00:44 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-14 00:43 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-14 00:43 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-14 00:43 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-14 00:43 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-14 00:43 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-14 00:43 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-14 00:43 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-14 00:43 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-14 00:43 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-14 00:43 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-14 00:43 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-14 00:43 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-14 00:43 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-14 00:42 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-14 00:42 - 2014-09-19 04:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-14 00:42 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-14 00:42 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-14 00:42 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-14 00:42 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-14 00:42 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-14 00:42 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-14 00:42 - 2014-09-19 04:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-14 00:42 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-14 00:42 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-14 00:42 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-14 00:42 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-14 00:42 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-14 00:42 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-14 00:37 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-14 00:37 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-14 00:37 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-14 00:37 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-14 00:36 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-14 00:36 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-14 00:36 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-14 00:27 - 2010-04-12 17:29 - 00411368 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2014-11-14 00:27 - 2010-04-12 17:29 - 00153376 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2014-11-14 00:27 - 2010-04-12 17:29 - 00145184 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2014-11-14 00:27 - 2010-04-12 17:29 - 00145184 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2014-11-14 00:26 - 2014-11-14 00:27 - 00003297 _____ () C:\Windows\SysWOW64\jupdate-1.6.0_20-b02.log
2014-11-13 08:01 - 2014-11-13 08:01 - 00000000 __SHD () C:\Users\Kim\AppData\Local\EmieBrowserModeList
2014-11-12 09:04 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 09:04 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-10-31 17:08 - 2014-10-31 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-10-31 17:08 - 2014-10-31 17:08 - 00000000 ____D () C:\Program Files (x86)\Coupons
2014-10-31 16:47 - 2014-10-31 16:47 - 00000703 _____ () C:\Users\Kim\Downloads\MyFireMountainGemsCart_10-31-2014.csv
2014-10-16 09:47 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl(30).cpl
2014-10-16 09:47 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 09:47 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 09:47 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 09:47 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 09:47 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 09:47 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 09:46 - 2014-08-28 21:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 09:46 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 09:46 - 2014-08-28 21:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-16 09:46 - 2014-08-28 21:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-16 09:46 - 2014-08-28 21:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 09:46 - 2014-08-28 20:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 09:46 - 2014-08-28 20:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 09:46 - 2014-08-28 20:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 09:46 - 2014-08-28 20:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-16 09:45 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 09:45 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 09:45 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 09:45 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 09:45 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 09:45 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 09:45 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 09:45 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-14 20:17 - 2011-12-14 18:57 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-14 19:57 - 2012-10-07 18:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-14 19:38 - 2009-07-14 00:10 - 01079973 _____ () C:\Windows\WindowsUpdate.log
2014-11-14 18:51 - 2009-07-13 22:20 - 00000000 ___RD () C:\Users\Default
2014-11-14 18:48 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-14 18:44 - 2010-02-09 16:54 - 00000000 ____D () C:\Users\Kim
2014-11-14 18:19 - 2010-11-22 14:46 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-14 18:18 - 2012-10-07 21:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-11-14 18:18 - 2011-02-04 18:50 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.2
2014-11-14 18:18 - 2010-11-22 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
2014-11-14 18:18 - 2010-02-02 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio
2014-11-14 18:18 - 2010-02-02 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center
2014-11-14 18:18 - 2010-02-02 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2014-11-14 18:18 - 2010-02-02 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
2014-11-14 18:18 - 2010-02-02 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe
2014-11-14 18:18 - 2010-02-02 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2014-11-14 18:18 - 2010-02-02 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-11-14 18:18 - 2010-02-02 15:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Wireless
2014-11-14 18:18 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-14 18:18 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-14 18:18 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-14 17:50 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-14 17:50 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-14 17:44 - 2011-10-15 12:27 - 00000000 ___RD () C:\Users\Kim\Dropbox
2014-11-14 17:44 - 2011-10-15 12:25 - 00000000 ____D () C:\Users\Kim\AppData\Roaming\Dropbox
2014-11-14 17:43 - 2011-10-15 12:27 - 00001020 _____ () C:\Users\Kim\Desktop\Dropbox.lnk
2014-11-14 17:43 - 2011-10-15 12:26 - 00000000 ____D () C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 17:43 - 2009-07-14 00:13 - 00799546 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-14 17:39 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-14 17:39 - 2009-07-13 23:51 - 00045901 _____ () C:\Windows\setupact.log
2014-11-14 17:38 - 2010-02-02 17:01 - 00773988 _____ () C:\Windows\PFRO.log
2014-11-14 17:38 - 2009-07-14 02:45 - 00000000 ____D () C:\Windows\ShellNew
2014-11-14 16:37 - 2010-11-22 12:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-14 16:32 - 2011-12-14 18:57 - 00000000 ____D () C:\Program Files\Google
2014-11-14 16:32 - 2011-12-14 18:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-14 16:14 - 2011-12-14 18:57 - 00000000 ____D () C:\Users\Kim\AppData\Local\Google
2014-11-14 16:14 - 2011-12-14 18:57 - 00000000 ____D () C:\ProgramData\Google
2014-11-14 15:59 - 2014-07-19 11:58 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-11-14 15:59 - 2014-07-19 11:58 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-14 15:59 - 2014-07-19 11:54 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-14 15:59 - 2014-07-19 11:54 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-14 15:59 - 2012-10-07 18:18 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-14 15:59 - 2011-06-12 12:33 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-14 15:59 - 2011-06-12 12:33 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-14 15:58 - 2011-06-12 12:33 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-11-14 13:01 - 2011-09-29 09:50 - 00003378 _____ () C:\Windows\mozy.flt
2014-11-14 13:01 - 2011-09-29 09:50 - 00002818 _____ () C:\Windows\mozy.blk
2014-11-14 10:59 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-14 05:12 - 2011-12-14 18:57 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 05:12 - 2011-12-14 18:57 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 05:12 - 2011-12-14 18:57 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-14 05:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 04:27 - 2009-07-13 23:45 - 00334976 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 04:22 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-14 03:36 - 2013-08-14 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-14 03:16 - 2012-05-09 02:11 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-14 00:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-14 00:27 - 2010-02-02 15:11 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-14 00:23 - 2009-07-14 02:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-14 00:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-11-11 19:57 - 2012-10-07 18:23 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-11 19:57 - 2012-10-07 18:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-11 19:57 - 2011-12-14 18:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-31 18:46 - 2014-06-20 15:12 - 00028672 _____ () C:\Users\Kim\Documents\2014businesstracking.xls
2014-10-28 05:34 - 2011-06-12 12:49 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-06 22:02
 
==================== End Of Log ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2014
Ran by Kim at 2014-11-14 20:20:43
Running from C:\Users\Kim\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
5700_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Accelerometer (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 1.06.08.17 - STMicroelectronics)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1997025392.48.56.6032618 - Audible, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.2) (Version: 5.0.1.2 - Coupons.com Incorporated)
Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.31 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.44 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Driver Download Manager (HKU\S-1-5-21-1105775580-4205987658-3193769944-1001\...\f031ef6ac137efc5) (Version: 2.0.0.0 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 14.0.2.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
Dropbox (HKU\S-1-5-21-1105775580-4205987658-3193769944-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
HP Driver Diagnostics (HKLM-x32\...\{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}) (Version: 1.03.0005 - Hewlett-Packard Company)
HP Officejet J5700 Series (HKLM\...\{F2F8F16F-253E-4846-B508-8666FE2C5B14}) (Version: 13.0 - HP)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1968 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
J5700_Basic (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
Java 6 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Java 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
LoJack Factory Installer (HKLM-x32\...\InstallShield_{AE0259D4-7A01-4E47-BBAF-2604D03DF07C}) (Version: 1.0.0.5 - Absolute Software Corporation)
LoJack Factory Installer (x32 Version: 1.0.0.5 - Absolute Software Corporation) Hidden
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox (3.6.12) (HKLM-x32\...\Mozilla Firefox (3.6.12)) (Version: 3.6.12 (en-US) - Mozilla)
MozyHome (HKLM\...\{A24583BD-E141-ED96-B241-A3941641A7EB}) (Version: 2.26.4.395 - Mozy, Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice.org 3.2 (HKLM-x32\...\{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}) (Version: 3.2.9502 - OpenOffice.org)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.11 - Dell Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Software Updater (HKLM-x32\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION)
Sound Blaster X-Fi MB (HKLM-x32\...\{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}) (Version: 1.0 - Creative Technology Limited)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9603 - Broadcom Corporation)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1105775580-4205987658-3193769944-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1105775580-4205987658-3193769944-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1105775580-4205987658-3193769944-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1105775580-4205987658-3193769944-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1105775580-4205987658-3193769944-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1105775580-4205987658-3193769944-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1105775580-4205987658-3193769944-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1105775580-4205987658-3193769944-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1105775580-4205987658-3193769944-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
13-11-2014 08:00:49 Windows Update
14-11-2014 04:39:03 avast! antivirus system restore point
14-11-2014 05:18:11 Installed Java 6 Update 20
14-11-2014 08:02:56 Windows Update
14-11-2014 13:22:45 Windows Update
14-11-2014 20:53:04 avast! antivirus system restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2014-11-14 18:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {158D0CF8-71B5-4B93-BC4F-A68F43252ECF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {2EAAABBF-6130-4C5F-9E3A-BF43E695863F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {53878F62-9A31-4A21-9D02-53F01D016484} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
Task: {C4A875C3-6F7D-4FF8-B7A2-F0927B3FC8AB} - System32\Tasks\DH4G7LL1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-16] (Dell Inc.)
Task: {D393039C-869C-44B5-B907-F4BFDB05BC3B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-14] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-02-02 15:12 - 2009-07-16 20:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2010-02-02 15:12 - 2009-07-16 20:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2010-02-02 15:17 - 2009-06-23 17:02 - 00060928 _____ () C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
2010-02-02 15:17 - 2009-07-22 09:52 - 02384896 _____ () C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
2012-01-10 20:12 - 2012-01-10 20:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 01807600 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2014-10-17 02:48 - 2014-10-17 02:48 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\27062a1bd5e07ac476c1ef919d9abff5\VistaBridgeLibrary.ni.dll
2014-11-14 15:58 - 2014-11-14 15:58 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-14 15:58 - 2014-11-14 15:58 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-11-14 13:37 - 2014-11-14 13:37 - 02903040 _____ () C:\Program Files\AVAST Software\Avast\defs\14111400\algo.dll
2014-11-14 15:58 - 2014-11-14 15:58 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-02-02 15:28 - 2009-09-17 14:04 - 00115952 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-02-02 15:28 - 2009-09-17 14:05 - 00128240 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00275696 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-09-11 13:05 - 2009-09-11 13:05 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00095472 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00152816 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00017648 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2014-11-14 15:59 - 2014-11-14 15:59 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-29 08:40 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-29 08:40 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-29 08:40 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-29 08:40 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\Users\Kim\Desktop\Photos:com.dropbox.attributes
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1105775580-4205987658-3193769944-500 - Administrator - Disabled)
Guest (S-1-5-21-1105775580-4205987658-3193769944-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1105775580-4205987658-3193769944-1002 - Limited - Enabled)
Kim (S-1-5-21-1105775580-4205987658-3193769944-1001 - Administrator - Enabled) => C:\Users\Kim
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/14/2014 01:44:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17420, time stamp: 0x4a5bc96f
Faulting module name: Flash32_15_0_0_223.ocx, version: 15.0.0.223, time stamp: 0x544ecba4
Exception code: 0xc0000005
Fault offset: 0x0064d812
Faulting process id: 0x397c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (11/14/2014 11:19:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 20ec
 
Start Time: 01d0002441b4c230
 
Termination Time: 0
 
Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (11/14/2014 08:46:16 AM) (Source: MsiInstaller) (EventID: 1024) (User: KimPlumLaptop)
Description: Product: Microsoft Works - Update 'Security Update for Microsoft Works 9 (KB2754670)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (11/14/2014 08:46:16 AM) (Source: MsiInstaller) (EventID: 11706) (User: KimPlumLaptop)
Description: Product: Microsoft Works -- Error 1706.No valid source could be found for product Microsoft Works.  The Windows installer cannot continue.
 
Error: (11/14/2014 08:22:46 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1105775580-4205987658-3193769944-1001.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {2a578dc7-ea05-4edb-8243-cca4a621a4ad}
 
Error: (11/14/2014 08:20:37 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: KimPlumLaptop)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
 
Error: (11/14/2014 08:20:37 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: KimPlumLaptop)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.
 
Error: (11/14/2014 08:20:37 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: KimPlumLaptop)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. 
 
 DETAIL - The process cannot access the file because it is being used by another process.
 
Error: (11/14/2014 08:20:37 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 
 
 DETAIL - The process cannot access the file because it is being used by another process.
 for C:\Users\Kim\ntuser.dat
 
Error: (11/14/2014 00:37:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc5e1
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094765
Faulting process id: 0x3970
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
 
System errors:
=============
Error: (11/14/2014 07:22:18 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (11/14/2014 06:48:17 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (11/14/2014 06:43:58 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (11/14/2014 06:18:52 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (11/14/2014 05:41:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (11/14/2014 05:40:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/14/2014 04:41:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (11/14/2014 04:39:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (11/14/2014 04:35:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (11/14/2014 04:35:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (11/14/2014 01:44:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174204a5bc96fFlash32_15_0_0_223.ocx15.0.0.223544ecba4c00000050064d812397c01d0003a1c57d0ffC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_15_0_0_223.ocx3cc40ddb-6c2e-11e4-adec-0026b91134f6
 
Error: (11/14/2014 11:19:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1742020ec01d0002441b4c2300C:\Program Files\Internet Explorer\IEXPLORE.EXE
 
Error: (11/14/2014 08:46:16 AM) (Source: MsiInstaller) (EventID: 1024) (User: KimPlumLaptop)
Description: Microsoft WorksSecurity Update for Microsoft Works 9 (KB2754670)1603(NULL)(NULL)(NULL)
 
Error: (11/14/2014 08:46:16 AM) (Source: MsiInstaller) (EventID: 11706) (User: KimPlumLaptop)
Description: Product: Microsoft Works -- Error 1706.No valid source could be found for product Microsoft Works.  The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (11/14/2014 08:22:46 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1105775580-4205987658-3193769944-1001.bak)0x80070539, The security ID structure is invalid.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {2a578dc7-ea05-4edb-8243-cca4a621a4ad}
 
Error: (11/14/2014 08:20:37 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: KimPlumLaptop)
Description: 
 
Error: (11/14/2014 08:20:37 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: KimPlumLaptop)
Description: 
 
Error: (11/14/2014 08:20:37 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: KimPlumLaptop)
Description: The process cannot access the file because it is being used by another process.
 
Error: (11/14/2014 08:20:37 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The process cannot access the file because it is being used by another process.
C:\Users\Kim\ntuser.dat
 
Error: (11/14/2014 00:37:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc5e1MSHTML.dll11.0.9600.17344541b8a22c00000fd00094765397001cfffccdccd94eeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll62b813fd-6bc0-11e4-8ef0-0026b91134f6
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-14 18:43:58.655
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-14 18:43:58.328
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-12-22 16:23:46.993
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-12-22 16:23:46.696
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-11-22 15:26:03.020
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2010-11-22 15:16:38.009
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2010-11-22 14:59:28.263
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 63%
Total physical RAM: 3892.52 MB
Available physical RAM: 1430.86 MB
Total Pagefile: 7783.23 MB
Available Pagefile: 4970.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:339.94 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: CF5AC2F0)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451.1 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select FULL Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Let me see those logs in your next reply, also give an update on any remaining issues or concerns...

 

Kevin

 

 

 

 

 

Fixlist.txt

Link to post
Share on other sites

fixlist.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2014
Ran by Kim at 2014-11-15 10:13:54 Run:1
Running from C:\Users\Kim\Desktop
Loaded Profile: Kim (Available profiles: Kim)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
C:\Windows\UpdReg.EXE
HKU\S-1-5-21-1105775580-4205987658-3193769944-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {0DB6796A-EB0D-4822-87CE-045F86802EBB} URL = 
SearchScopes: HKCU - {0AAB0E89-9D44-4003-A770-76DED818C71F} URL = 
SearchScopes: HKCU - {0DB6796A-EB0D-4822-87CE-045F86802EBB} URL = 
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKU\S-1-5-21-1105775580-4205987658-3193769944-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-09-05] (Coupons.com Inc.)
C:\Program Files (x86)\Coupons
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\Users\Kim\Desktop\Photos:com.dropbox.attributes
EmptyTemp:
End
 
 
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdReg => value deleted successfully.
C:\Windows\UpdReg.EXE => Moved successfully.
"HKU\S-1-5-21-1105775580-4205987658-3193769944-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key not found.
"HKU\S-1-5-21-1105775580-4205987658-3193769944-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0AAB0E89-9D44-4003-A770-76DED818C71F}" => Key deleted successfully.
"HKCR\CLSID\{0AAB0E89-9D44-4003-A770-76DED818C71F}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0DB6796A-EB0D-4822-87CE-045F86802EBB}" => Key deleted successfully.
"HKCR\CLSID\{0DB6796A-EB0D-4822-87CE-045F86802EBB}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKU\S-1-5-21-1105775580-4205987658-3193769944-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
CouponPrinterService => Service stopped successfully.
CouponPrinterService => Service deleted successfully.
C:\Program Files (x86)\Coupons => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons => Moved successfully.
C:\ProgramData\TEMP => ":A8ADE5D8" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.
"C:\Users\Kim\Desktop\Photos" => ":com.dropbox.attributes" ADS not found.
EmptyTemp: => Removed 3.5 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
on to next step
Link to post
Share on other sites

malwarebytes log from clipboard:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/15/2014
Scan Time: 11:06:26 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.15.05
Rootkit Database: v2014.11.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kim
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338207
Time Elapsed: 11 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 3
PUP.Optional.SoftThinks.A, C:\Users\Default\AppData\Local\SoftThinks, Quarantined, [89888fad83f9f0466fb6e2513ec50df3], 
PUP.Optional.SoftThinks.A, C:\Users\Kim\AppData\Local\SoftThinks, Quarantined, [001153e94a322f077ca95ad9c63d31cf], 
PUP.Optional.SoftThinks.A, C:\Users\Kim\AppData\Local\SoftThinks\Profiles, Quarantined, [001153e94a322f077ca95ad9c63d31cf], 
 
Files: 3
PUP.Optional.SoftThinks.A, C:\Users\Default\AppData\Local\SoftThinks\scheduler.xml, Quarantined, [89888fad83f9f0466fb6e2513ec50df3], 
PUP.Optional.SoftThinks.A, C:\Users\Kim\AppData\Local\SoftThinks\scheduler.xml, Quarantined, [001153e94a322f077ca95ad9c63d31cf], 
PUP.Optional.SoftThinks.A, C:\Users\Kim\AppData\Local\SoftThinks\Profiles\Profil1.xml, Quarantined, [001153e94a322f077ca95ad9c63d31cf], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
on to adwcleaner
Link to post
Share on other sites

adwcleaner log:

 

# AdwCleaner v4.101 - Report created 15/11/2014 at 11:28:24
# Updated 09/11/2014 by Xplode
# Database : 2014-11-13.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kim - KIMPLUMLAPTOP
# Running from : C:\Users\Kim\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.2
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A81E737A17150D040843D72D34240018
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A81E737A17150D040843D72D34240018
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A81E737A17150D040843D72D34240018
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\365sweetswaps.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\truedelta.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\viewpoints.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.delta.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.viewpoints.com
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17420
 
 
-\\ Mozilla Firefox v3.6.12 (en-US)
 
 
-\\ Google Chrome v38.0.2125.111
 
 
*************************
 
AdwCleaner[R0].txt - [2655 octets] - [15/11/2014 11:25:13]
AdwCleaner[s0].txt - [2588 octets] - [15/11/2014 11:28:24]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2648 octets] ##########
  on to Junkware removal toll step
Link to post
Share on other sites

JRT removal log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.8 (11.15.2014:1)
OS: Windows 7 Home Premium x64
Ran by Kim on Sat 11/15/2014 at 11:40:26.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\pcdr"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/15/2014 at 11:46:33.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
on to the Microsoft tool step
Link to post
Share on other sites

MS Malicious Software Removal Tool log

 

 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.8, May 2012
Started On Wed May 09 03:11:42 2012
->Scan ERROR: resource process://pid:5104 (code 0x00000490 (1168))
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 09 03:13:29 2012
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.9, June 2012
Started On Wed Jun 13 03:07:15 2012
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 13 03:09:20 2012
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.10, July 2012
Started On Thu Jul 12 03:02:54 2012
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 12 03:04:36 2012
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.11, August 2012
Started On Thu Aug 16 03:00:54 2012
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 16 03:03:06 2012
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.12, September 2012
Started On Thu Sep 13 03:00:43 2012
->Scan ERROR: resource process://pid:6384 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:6356 (code 0x00000490 (1168))
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 13 03:02:42 2012
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.13, October 2012
Started On Thu Oct 11 03:04:02 2012
->Scan ERROR: resource process://pid:1520 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:5964 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:5700 (code 0x00000490 (1168))
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 11 03:05:39 2012
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.14, November 2012
Started On Fri Nov 16 03:02:02 2012
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Nov 16 03:03:45 2012
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.15, December 2012
Started On Wed Dec 12 03:03:13 2012
->Scan ERROR: resource process://pid:3200 (code 0x00000005 (5))
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 12 03:04:52 2012
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.16, January 2013
Started On Thu Jan 10 03:03:47 2013
->Scan ERROR: resource process://pid:6832 (code 0x00000490 (1168))
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 10 03:06:51 2013
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.17, February 2013
Started On Thu Feb 14 03:06:57 2013
->Scan ERROR: resource process://pid:5976 (code 0x00000490 (1168))
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 14 03:09:05 2013
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.18, March 2013
Started On Thu Mar 14 03:04:47 2013
->Scan ERROR: resource process://pid:10780 (code 0x00000490 (1168))
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 14 03:06:33 2013
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.19, April 2013
Started On Thu Apr 11 03:03:07 2013
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 11 03:05:08 2013
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.20, May 2013
Started On Thu May 16 03:07:03 2013
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 16 03:09:15 2013
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.21, June 2013
Started On Thu Jun 13 03:03:41 2013
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 13 03:06:15 2013
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.22, July 2013
Started On Thu Jul 11 03:12:46 2013
->Scan ERROR: resource process://pid:7984 (code 0x00000490 (1168))
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 11 03:14:45 2013
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.3, August 2013 (build 5.3.9301.0)
Started On Wed Aug 14 03:01:21 2013
 
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 14 03:03:14 2013
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.4, September 2013 (build 5.4.9400.0)
Started On Wed Sep 11 03:03:56 2013
 
Engine: 1.1.9800.0
Signatures: 1.157.932.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 11 03:06:27 2013
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.5, October 2013 (build 5.5.9502.0)
Started On Thu Oct 10 03:05:36 2013
 
Engine: 1.1.9901.0
Signatures: 1.159.530.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 10 03:08:04 2013
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)
Started On Thu Nov 14 03:02:03 2013
 
Engine: 1.1.10003.0
Signatures: 1.161.1618.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 14 03:04:26 2013
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.7, December 2013 (build 5.7.9701.0)
Started On Sun Dec 15 03:01:03 2013
 
Engine: 1.1.10100.0
Signatures: 1.163.1013.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sun Dec 15 03:02:32 2013
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.8, January 2014 (build 5.8.9803.0)
Started On Thu Jan 16 03:01:12 2014
 
Engine: 1.1.10201.0
Signatures: 1.165.1273.0
 
Results Summary:
----------------
No infection found.
Failed to submit MAPS report: 0x80004005
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 16 03:03:56 2014
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.9, February 2014 (build 5.9.9902.0)
Started On Sun Feb 16 03:01:34 2014
 
Engine: 1.1.10201.0
Signatures: 1.165.3163.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sun Feb 16 03:04:21 2014
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.10, March 2014 (build 5.10.10001.0)
Started On Wed Mar 19 03:01:13 2014
 
Engine: 1.1.10302.0
Signatures: 1.167.1001.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 19 03:03:42 2014
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.11, April 2014 (build 5.11.10100.0)
Started On Thu Apr 10 03:01:48 2014
 
Engine: 1.1.10401.0
Signatures: 1.169.1258.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 10 03:03:48 2014
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.12, May 2014 (build 5.12.10200.0)
Started On Thu May 15 03:02:29 2014
 
Engine: 1.1.10502.0
Signatures: 1.173.1305.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 15 03:04:58 2014
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.13, June 2014 (build 5.13.10300.0)
Started On Fri Jun 13 03:04:26 2014
 
Engine: 1.1.10600.0
Signatures: 1.175.1113.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Jun 13 03:06:27 2014
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.14, July 2014 (build 5.14.10402.0)
Started On Thu Jul 10 03:03:33 2014
 
Engine: 1.1.10701.0
Signatures: 1.177.949.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 10 03:05:52 2014
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.15, August 2014 (build 5.15.10500.0)
Started On Fri Aug 15 03:08:46 2014
 
Engine: 1.1.10802.0
Signatures: 1.179.1796.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 15 03:13:25 2014
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
Started On Sat Sep 13 03:02:46 2014
 
Engine: 1.1.10904.0
Signatures: 1.183.882.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sat Sep 13 03:07:34 2014
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)
Started On Fri Oct 17 03:02:06 2014
 
Engine: 1.1.11005.0
Signatures: 1.185.2035.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Oct 17 03:08:45 2014
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)
Started On Thu Nov 13 03:03:12 2014
 
Engine: 1.1.11104.0
Signatures: 1.187.1116.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 13 03:08:26 2014
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)
Started On Fri Nov 14 03:16:58 2014
 
Engine: 1.1.11104.0
Signatures: 1.187.1116.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Nov 14 03:36:07 2014
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)
Started On Sat Nov 15 11:52:45 2014
 
Engine: 1.1.11104.0
Signatures: 1.187.1116.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sat Nov 15 13:23:06 2014
 
 
Return code: 0 (0x0)
 
I do not have any problems currently happening with machine.  If you have an idea of what weakness was (avast or firewall settings for example) that would be appreciated.  Otherwise, just if you see something concerning in logs.
 
Thanks,
Mark
Link to post
Share on other sites

Logs are ok, if no remaining issues or concerns run the following to clean up.....

 

Download and run this:

http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXE

That will remove Combofix and associated folders...
 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if we can close out..

 

Thank you,

 

Kevin...

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.