Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran ADWCleaner - HKCU\Software\FLEXnet remains


  • This topic is locked This topic is locked
14 replies to this topic

#1 lhamilton

lhamilton

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 12 January 2014 - 01:36 PM

Hi,

 

I'd posted a query at http://www.bleepingcomputer.com/forums/t/519955/ran-adwcleaner-hkcusoftwareflexnet-remains/ and it was suggested that I post again regarding the Flexnet files remaining. I made a mistake with my original scanning by leaving the Malwarebytes resident and then in I went and replied to my second posting which I shouldn't have done ( http://www.bleepingcomputer.com/forums/t/520055/ran-adwcleaner-hkcusoftwareflexnet-remains/ ) so here is a new post (I wanted to rerun rkill and malwarebytes again anyway since I was having another problem) -- At the moment I still only have the FLEXnet remaining but only ADWCleaner notices it.

 

Since my last query, malwarebytes seemed to be having trouble with two issues and they appear to now be cleaned since I ran rkill and then malwarebytes again, so I'll start with what I've seen since the first query -- This is what I saw on Malwarebytes -- I was getting a lot of popups from malwarebites but it didn't seem to be able to remove the problem -- I'm rather curious about what was going on --

 

 

2014/01/09 13:42:14 -0500    LINDA-PC    (null)    MESSAGE    Starting protection
2014/01/09 13:42:14 -0500    LINDA-PC    (null)    MESSAGE    Protection started successfully
2014/01/09 13:42:14 -0500    LINDA-PC    (null)    MESSAGE    Starting IP protection
2014/01/09 13:42:16 -0500    LINDA-PC    (null)    MESSAGE    IP Protection started successfully
2014/01/09 13:49:13 -0500    LINDA-PC    Linda    IP-BLOCK    162.210.192.21 (Type: outgoing, Port: 49701, Process: rundll32.exe)
2014/01/09 13:49:37 -0500    LINDA-PC    Linda    IP-BLOCK    162.210.192.21 (Type: outgoing, Port: 49734, Process: firefox.exe)
2014/01/09 13:55:16 -0500    LINDA-PC    Linda    IP-BLOCK    162.210.192.21 (Type: outgoing, Port: 49979, Process: rundll32.exe)
2014/01/09 13:55:40 -0500    LINDA-PC    Linda    IP-BLOCK    162.210.192.21 (Type: outgoing, Port: 49985, Process: firefox.exe)
2014/01/09 14:01:10 -0500    LINDA-PC    Linda    IP-BLOCK    162.210.192.21 (Type: outgoing, Port: 50020, Process: rundll32.exe)
2014/01/09 14:01:42 -0500    LINDA-PC    Linda    IP-BLOCK    162.210.192.21 (Type: outgoing, Port: 50024, Process: firefox.exe)
2014/01/09 20:50:21 -0500    LINDA-PC    (null)    MESSAGE    Starting protection
2014/01/09 20:50:22 -0500    LINDA-PC    (null)    MESSAGE    Protection started successfully
2014/01/09 20:50:22 -0500    LINDA-PC    (null)    MESSAGE    Starting IP protection
2014/01/09 20:50:25 -0500    LINDA-PC    Linda    MESSAGE    IP Protection started successfully
2014/01/09 20:57:21 -0500    LINDA-PC    Linda    IP-BLOCK    162.210.192.21 (Type: outgoing, Port: 49639, Process: rundll32.exe)
2014/01/09 20:57:37 -0500    LINDA-PC    Linda    IP-BLOCK    162.210.192.21 (Type: outgoing, Port: 49670, Process: firefox.exe)
2014/01/09 21:03:23 -0500    LINDA-PC    Linda    IP-BLOCK    162.210.192.21 (Type: outgoing, Port: 49926, Process: rundll32.exe)
2014/01/09 21:03:40 -0500    LINDA-PC    Linda    IP-BLOCK    162.210.192.21 (Type: outgoing, Port: 49931, Process: firefox.exe)
2014/01/09 21:05:59 -0500    LINDA-PC    Linda    MESSAGE    Executing scheduled update:  Daily
2014/01/09 21:06:13 -0500    LINDA-PC    Linda    MESSAGE    Scheduled update executed successfully:  database updated from version v2014.01.08.07 to version v2014.01.10.01
2014/01/09 21:06:13 -0500    LINDA-PC    Linda    MESSAGE    Starting database refresh
2014/01/09 21:06:14 -0500    LINDA-PC    Linda    MESSAGE    Stopping IP protection
2014/01/09 21:06:15 -0500    LINDA-PC    Linda    MESSAGE    IP Protection stopped successfully
2014/01/09 21:06:19 -0500    LINDA-PC    Linda    MESSAGE    Database refreshed successfully
2014/01/09 21:06:19 -0500    LINDA-PC    Linda    MESSAGE    Starting IP protection
2014/01/09 21:06:22 -0500    LINDA-PC    Linda    MESSAGE    IP Protection started successfully
2014/01/09 21:09:24 -0500    LINDA-PC    Linda    IP-BLOCK    162.210.192.21 (Type: outgoing, Port: 50016, Process: rundll32.exe)
2014/01/09 21:09:40 -0500    LINDA-PC    Linda    IP-BLOCK    162.210.192.21 (Type: outgoing, Port: 50019, Process: firefox.exe)
2014/01/09 21:10:40 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 21:10:40 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 21:12:06 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 21:12:06 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 21:12:09 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 21:12:09 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 21:18:01 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 21:18:01 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 21:18:11 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 21:18:11 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 21:20:42 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 21:20:42 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 21:24:54 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 21:24:54 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 21:25:01 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 21:25:01 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 21:28:34 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 21:28:35 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 21:30:44 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 21:30:44 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 21:40:45 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 21:40:45 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 21:50:47 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 21:50:47 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 22:00:48 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 22:00:49 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 22:10:50 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 22:10:50 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 22:18:00 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 22:18:00 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 22:18:07 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 22:18:07 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 22:18:11 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 22:18:11 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 22:20:52 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 22:20:52 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 22:30:53 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 22:30:53 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 22:40:55 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 22:40:55 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 22:50:56 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 22:50:56 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 23:00:58 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 23:00:58 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 23:04:10 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 23:04:10 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 23:10:59 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 23:10:59 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 23:17:00 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 23:17:00 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 23:18:00 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 23:18:00 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 23:21:01 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 23:21:01 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 23:22:00 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 23:22:00 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 23:31:02 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 23:31:03 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 23:41:04 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 23:41:04 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 23:42:40 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 23:42:40 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 23:44:11 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 23:44:11 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 23:44:18 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/09 23:44:18 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/09 23:44:48 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE

 

 

So -- today I ran rkill

 

 

Rkill 2.6.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/07/2014 07:57:02 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 01/07/2014 07:59:11 PM
Execution time: 0 hours(s), 2 minute(s), and 9 seconds(s)
 

 

Then I ran JRT

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Linda on 12/01/2014 at 12:33:42.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/01/2014 at 12:45:27.91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

After a restart and rkill I then I ran Malware bytes. It appears to have removed whatever was disturbing it since I don't have warnings from it anymore while I'm running my computer -- Do you know what was going on? Do I need to run rkill before removing things with malwarebytes?

 

 

2014/01/12 12:09:30 -0500    LINDA-PC    Linda    MESSAGE    Starting protection
2014/01/12 12:09:30 -0500    LINDA-PC    Linda    MESSAGE    Protection started successfully
2014/01/12 12:09:30 -0500    LINDA-PC    Linda    MESSAGE    Starting IP protection
2014/01/12 12:09:32 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:09:32 -0500    LINDA-PC    Linda    MESSAGE    IP Protection started successfully
2014/01/12 12:09:32 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:09:37 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:09:38 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:09:41 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:09:41 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:09:44 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:09:44 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:09:48 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:09:48 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:09:52 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:09:53 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:09:56 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:09:56 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:09:59 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:09:59 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:11:19 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:11:19 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:11:24 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:11:24 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:15:21 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:15:21 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:15:56 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:15:56 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:16:01 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:16:02 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:16:36 -0500    LINDA-PC    Linda    IP-BLOCK    162.210.192.21 (Type: outgoing, Port: 49813, Process: rundll32.exe)
2014/01/12 12:17:03 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:17:03 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:17:15 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:17:15 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:17:44 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:17:44 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:17:52 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:17:52 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:17:55 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:17:55 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:17:59 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:17:59 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:18:12 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:18:12 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:18:44 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:18:44 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:18:47 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:18:47 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:18:58 -0500    LINDA-PC    Linda    MESSAGE    Executing scheduled update:  Daily
2014/01/12 12:19:03 -0500    LINDA-PC    Linda    MESSAGE    Scheduled update executed successfully:  database updated from version v2014.01.10.01 to version v2014.01.12.05
2014/01/12 12:19:03 -0500    LINDA-PC    Linda    MESSAGE    Starting database refresh
2014/01/12 12:19:04 -0500    LINDA-PC    Linda    MESSAGE    Stopping IP protection
2014/01/12 12:19:04 -0500    LINDA-PC    Linda    MESSAGE    IP Protection stopped successfully
2014/01/12 12:19:09 -0500    LINDA-PC    Linda    MESSAGE    Database refreshed successfully
2014/01/12 12:19:09 -0500    LINDA-PC    Linda    MESSAGE    Starting IP protection
2014/01/12 12:19:13 -0500    LINDA-PC    Linda    MESSAGE    IP Protection started successfully
2014/01/12 12:19:18 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:19:19 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:19:48 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:19:48 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:20:09 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:20:10 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:20:28 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:20:29 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:21:23 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:21:24 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:22:11 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:22:11 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:22:32 -0500    LINDA-PC    Linda    IP-BLOCK    162.210.192.21 (Type: outgoing, Port: 50231, Process: rundll32.exe)
2014/01/12 12:24:36 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:24:39 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:24:44 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:24:44 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:25:00 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:25:00 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:25:31 -0500    LINDA-PC    Linda    DETECTION    C:\ProgramData\Fast And Safe\FastAndSafe.dll    Spyware.Password    QUARANTINE
2014/01/12 12:25:31 -0500    LINDA-PC    Linda    ERROR    Quarantine failed:  DeleteFile failed with error code 5
2014/01/12 12:27:44 -0500    LINDA-PC    (null)    MESSAGE    Starting protection
2014/01/12 12:27:44 -0500    LINDA-PC    (null)    MESSAGE    Protection started successfully
2014/01/12 12:27:44 -0500    LINDA-PC    (null)    MESSAGE    Starting IP protection
2014/01/12 12:27:47 -0500    LINDA-PC    (null)    MESSAGE    IP Protection started successfully
2014/01/12 12:31:49 -0500    LINDA-PC    Linda    MESSAGE    Stopping protection
2014/01/12 12:31:49 -0500    LINDA-PC    Linda    MESSAGE    Protection stopped successfully
2014/01/12 12:31:49 -0500    LINDA-PC    Linda    MESSAGE    Stopping IP protection
2014/01/12 12:31:49 -0500    LINDA-PC    Linda    MESSAGE    IP Protection stopped successfully
2014/01/12 12:31:49 -0500    LINDA-PC    Linda    MESSAGE    Protection stopped
2014/01/12 12:48:32 -0500    LINDA-PC    Linda    MESSAGE    Starting protection
2014/01/12 12:48:32 -0500    LINDA-PC    Linda    MESSAGE    Protection started successfully
2014/01/12 12:48:32 -0500    LINDA-PC    Linda    MESSAGE    Starting IP protection
2014/01/12 12:48:35 -0500    LINDA-PC    Linda    MESSAGE    IP Protection started successfully
 

 

ADWcleaner still shows the flex files

 

 

# AdwCleaner v3.017 - Report created 12/01/2014 at 13:07:37
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Linda - LINDA-PC
# Running from : D:\lhamilto\install\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\FLEXnet
Key Found : [x64] HKCU\Software\FLEXnet

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\3zwcdwdb.default-1367292270194\prefs.js ]


*************************

AdwCleaner[R0].txt - [8926 octets] - [07/01/2014 00:32:57]
AdwCleaner[R1].txt - [978 octets] - [07/01/2014 00:41:54]
AdwCleaner[R2].txt - [1097 octets] - [07/01/2014 00:45:07]
AdwCleaner[R3].txt - [1157 octets] - [07/01/2014 01:05:06]
AdwCleaner[R4].txt - [1277 octets] - [07/01/2014 19:46:59]
AdwCleaner[R5].txt - [1338 octets] - [07/01/2014 19:52:15]
AdwCleaner[R6].txt - [1458 octets] - [07/01/2014 19:55:49]
AdwCleaner[R7].txt - [1518 octets] - [07/01/2014 20:22:59]
AdwCleaner[R8].txt - [1195 octets] - [12/01/2014 13:07:37]
AdwCleaner[S0].txt - [7609 octets] - [07/01/2014 00:35:54]
AdwCleaner[S1].txt - [999 octets] - [07/01/2014 00:43:02]
AdwCleaner[S2].txt - [1180 octets] - [07/01/2014 01:06:12]
AdwCleaner[S3].txt - [1360 octets] - [07/01/2014 19:53:15]

########## EOF - C:\AdwCleaner\AdwCleaner[R8].txt - [1494 octets] ##########
 

 

And here is my DDS file

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Linda at 13:11:25 on 2014-01-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.12248.9568 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe
C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.ca/
uSearch Bar = Preserve
uProxyServer = gateway.bns:8000
mWinlogon: Userinit = userinit.exe,
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
mRun: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Corel Reminder] "C:\Program Files (x86)\Corel\Graphics10\Register\NAVBrowser.exe" /r /i "C:\Program Files (x86)\Corel\Graphics10\Register\NavLoad.ini"
mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Linda\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Psi.lnk - C:\Program Files\Psi\Psi.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE
uPolicies-Explorer: NoDriveAutoRun = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.0.1 192.168.1.1
TCP: Interfaces\{10DA136E-9C5B-44B3-B321-8DB640244923} : DHCPNameServer = 192.168.0.1 192.168.1.1
TCP: Interfaces\{10DA136E-9C5B-44B3-B321-8DB640244923}\4756374786F6473707F647 : DHCPNameServer = 192.168.137.1
TCP: Interfaces\{7235CECB-B2E9-4ED0-B240-2C36FCC2BC35} : DHCPNameServer = 10.0.12.120 10.6.32.111
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\3zwcdwdb.default-1367292270194\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL -
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\npmusicn.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\NPSibelius.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-4-9 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-6-12 55856]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-16 277120]
R2 AsusUacSvc;Asus process privilege adjust service;C:\Program Files\ASUS\Rotation Desktop for G Series\AsusUacSvc.exe [2012-6-12 113840]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-12-29 106144]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE [2013-12-16 193696]
R2 FanChkService;Fan Filter Checker Service;C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [2012-1-20 45696]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-6-12 128280]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-6-12 161560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-7 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-7 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 134944]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-8 144672]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-12 363800]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-4-9 27760]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-12-29 158880]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2012-6-12 17152]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE [2013-12-16 247968]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-12-29 30368]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-4-9 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-4-9 787736]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-4-9 108656]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-7 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2012-4-9 22800]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-4-9 2193008]
S2 64af91bf;Fast And Safe;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-12-29 36000]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-4-29 245760]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-12-29 338592]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-12-29 110752]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-12-29 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-12-29 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-12-29 280992]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-12-29 548000]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-2-18 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-18 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-12 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-01-12 17:23:19    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{61A16F64-9795-4DA3-B4CF-4753E38DCB6A}\mpengine.dll
2014-01-10 16:16:14    10315576    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-08 01:02:55    --------    d-----w-    C:\Windows\ERUNT
2014-01-07 22:43:09    --------    d-----w-    C:\Users\Linda\AppData\Roaming\Malwarebytes
2014-01-07 22:42:46    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-01-07 22:42:44    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-01-07 22:42:44    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-07 22:42:19    --------    d-----w-    C:\Users\Linda\AppData\Local\Programs
2014-01-07 05:32:46    --------    d-----w-    C:\AdwCleaner
2014-01-04 03:30:14    --------    d-----r-    C:\Users\Linda\Google Drive
2014-01-01 15:52:10    --------    d-----w-    C:\Users\Linda\AppData\Local\Macromedia
2014-01-01 15:51:16    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-01 15:51:16    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-01 03:22:05    --------    d-----w-    C:\Users\Linda\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-12-31 03:44:36    --------    d-----w-    C:\ProgramData\pokllmladafmeffkbdobgjmdhccohanm
2013-12-31 03:44:33    --------    d-----w-    C:\Users\Linda\AppData\Local\Packages
2013-12-31 03:44:32    --------    d-----w-    C:\ProgramData\68b18d7e944da6c7
2013-12-31 03:24:14    --------    d-----w-    C:\ProgramData\Fast And Safe
.
==================== Find3M  ====================
.
2014-01-12 17:48:58    380    ----a-w-    C:\Users\Linda\AppData\Roaming\sp_data.sys
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-19 10:21:41    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-10-19 02:18:57    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
.
============= FINISH: 13:12:01.02 ===============
 

 

I've attached the attach file from DDS

 

Two questions -- can I leave the flex files alone and what was going on with malwarebytes and the IP block it kept doing and the Fast and Easy file that it kept trying and trying to remove. It seems to have settled now but why did that seem to be a problem -- how did it get on my computer despite Malwarebytes and where from? And did I need to run rkill first and then malwarebytes to remove that problem?

 

Thanks

Attached Files


Edited by lhamilton, 12 January 2014 - 01:40 PM.


BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:06 AM

Posted 18 January 2014 - 04:51 PM

Hello lhamilton and welcome to Bleeping Computer! :thumbsup:

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:

  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • Please copy and paste all logs here unless otherwise instructed!
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • Please do not run any other tools without my instruction to do so!

==========

 

Do I need to run rkill before removing things with malwarebytes?

Rkill is a program designed to stop known malware processes that could be interfering with the running of your normal antimalware programs. It is not always necessary to run Rkill unless your normal tools are obviously being stopped prematurely.
 
...And by looking at your Rkill log above, there were no malware services, processes, or issues running for Rkill to...well...kill! :wink:
 
==========
 
FlexNet is really nothing to worry about, and it wouldn't hurt to have AdwCleaner remove these two registry keys or to leave them alone. They are not necessary to have running when the system boots, but they are created from legitimate programs.
 
==========
 
It looks like MBAM was trying to block some activity...can't be sure exactly why, but there were multiple ports being blocked and they could be related to the open Proxy on your system.  Are you aware of the below open ProxyServer port that is shown in your DDS log?:
 
uProxyServer = gateway.bns:8000
 
If not, we will remove it. "Fast and Easy" is something we will also remove during the cleaning process.
 

how did it get on my computer despite Malwarebytes and where from?

Malwarebytes cannot block every piece of malware, nor can even the best antivirus program. There is no way to tell where you got malware from exactly, but for now, feel free to read this link on the subject: http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/

 

I'll provide you with some more information and prevention tips once I have given you the "all clean". :wink:
 
==========
 
Now, let's run a couple of programs to get a few more logs so we can see exactly what's going on:

Step :step1:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. You will need the 64-bit version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

==========

Step :step2:

Run Combofix

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out here or here

Combofix may need to reboot your computer more than once to do its job...this is normal.

You can download Combofix from one of these links.

  • Close any open browsers or any other programs that are open.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you C:\Combofix.txt. Please include that in your next reply.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

==========

In your next reply, please include the following:

  • The FRST.txt log
  • The Addition.txt log
  • The Combofix log (located at C:Combofix.txt)
  • Let me know how the machine is running now!

bloopie



#3 lhamilton

lhamilton
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 18 January 2014 - 06:17 PM

A question before I instll the new removing tool. It looks like the last time that I ran rkill and antimalwarebytes that it got the fast and easy problem cleared up plus the probkem with the ip trying to reach me and the logs still look good etc. could it be that that is cleared up? If so, how would I fix the problem with the open port that shouldn't be open? Thanks.

#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:06 AM

Posted 18 January 2014 - 06:44 PM

Hello again,

 

It is possible that most of your issues are already cleared up, but we still need to make sure there are no leftovers and that your machine is clean...otherwise you risk becoming re-infected.

 

how would I fix the problem with the open port that shouldn't be open?

We will take care of all the issues during the cleaning process, and I will give you all the instructions to do so...starting with the instructions in my last post. :wink:

 

bloopie



#5 lhamilton

lhamilton
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 18 January 2014 - 09:05 PM

Hi,

 

I've followed the various steps.

 

1. Here's frst.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2014 03
Ran by Linda (administrator) on LINDA-PC on 18-01-2014 20:22:14
Running from D:\lhamilto\install
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
() C:\Program Files\ASUS\Rotation Desktop for G Series\AsusUacSvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(WinZip Computing, Inc.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files\Psi\Psi.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [373248 2012-03-28] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2869008 2012-01-26] (Synaptics Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-18] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5138032 2012-03-30] (VIA)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-06] (Intel Corporation)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322176 2012-02-16] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [CPMonitor] - C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe [84464 2011-05-23] ()
HKLM-x32\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-06] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] - C:\Windows\AsScrPro.exe [3058304 2012-06-12] (ASUS)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Corel Reminder] - C:\Program Files (x86)\Corel\Graphics10\Register\NAVBrowser.exe [208896 2000-10-04] (Naviant, Inc.)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] - C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2010-10-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\lhamilton\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\UpdatusUser\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
AppInit_DLLs: C:\ProgramData\Fast And Safe\FastAndSafe_x64.dll [4275200 2013-12-30] ()
Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Psi.lnk
ShortcutTarget: Psi.lnk -> C:\Program Files\Psi\Psi.exe ()

==================== Internet (Whitelisted) ====================

ProxyServer: gateway.bns:8000
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x617D6AB3369ACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\3zwcdwdb.default-1367292270194
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.google.ca/
FF Keyword.URL: user_pref("keyword.URL", "");
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer - C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer - C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @Sibelius.com/Scorch Plugin - C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Canadian English Dictionary - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\3zwcdwdb.default-1367292270194\Extensions\en-CA@dictionaries.addons.mozilla.org [2014-01-01]
FF Extension: United States English Spellchecker - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\3zwcdwdb.default-1367292270194\Extensions\en-US@dictionaries.addons.mozilla.org [2014-01-01]
FF Extension: Dictionnaires français - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\3zwcdwdb.default-1367292270194\Extensions\fr-dicollecte@dictionaries.addons.mozilla.org [2014-01-01]
FF Extension: WOT - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\3zwcdwdb.default-1367292270194\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-07]
FF Extension: CSS Usage - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\3zwcdwdb.default-1367292270194\Extensions\csscoverage@spaghetticoder.org.xpi [2014-01-01]
FF Extension: Firebug - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\3zwcdwdb.default-1367292270194\Extensions\firebug@software.joehewitt.com.xpi [2014-01-01]
FF Extension: abcTajpu - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\3zwcdwdb.default-1367292270194\Extensions\{15a7ef52-8a77-426e-9e17-e21af257d7c8}.xpi [2014-01-01]
FF Extension: NoScript - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\3zwcdwdb.default-1367292270194\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-01]
FF Extension: Web Developer - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\3zwcdwdb.default-1367292270194\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-01-01]
FF Extension: Adblock Plus - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\3zwcdwdb.default-1367292270194\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-01]

==================== Services (Whitelisted) =================

S2 64af91bf; C:\ProgramData\Fast And Safe\FastAndSafeSvc.dll [177488 2013-12-30] ()
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUS)
R2 AsusUacSvc; C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [113840 2011-03-27] ()
R2 FanChkService; C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [45696 2012-01-20] (ASUSTek Computer Inc.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-03-23] (VIA Technologies, Inc.)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros)

==================== Drivers (Whitelisted) ====================

R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-01-26] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-18 20:22 - 2014-01-18 20:22 - 00000000 ____D C:\FRST
2014-01-17 13:43 - 2014-01-17 13:43 - 00079125 _____ C:\Users\Linda\Downloads\projectID4f907685690d3.zip
2014-01-15 12:46 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 12:46 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 12:46 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 12:46 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 12:46 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 12:46 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 12:46 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 12:46 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 12:46 - 2013-11-26 05:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-12 12:32 - 2014-01-07 22:36 - 01037068 _____ (Thisisu) C:\Users\Linda\Desktop\JRT_NEW.exe
2014-01-09 13:51 - 2014-01-13 22:31 - 00012384 _____ C:\Users\Linda\Documents\PPV_DU.xlsx
2014-01-07 20:02 - 2014-01-07 20:02 - 00000000 ____D C:\Windows\ERUNT
2014-01-07 17:43 - 2014-01-07 17:43 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Malwarebytes
2014-01-07 17:42 - 2014-01-07 17:42 - 00001107 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-07 17:42 - 2014-01-07 17:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-07 17:42 - 2014-01-07 17:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-07 17:42 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-07 17:36 - 2014-01-07 17:36 - 00000000 ____D C:\Users\Linda\Desktop\rkill
2014-01-07 00:32 - 2014-01-12 13:08 - 00000000 ____D C:\AdwCleaner
2014-01-03 22:30 - 2014-01-14 21:28 - 00000000 ___RD C:\Users\Linda\Google Drive
2014-01-03 22:30 - 2014-01-03 22:30 - 00001695 _____ C:\Users\Linda\Desktop\Google Drive.lnk
2014-01-03 22:24 - 2014-01-03 22:24 - 00819136 _____ (Google Inc.) C:\Users\Linda\Downloads\googledrivesync.exe
2014-01-01 22:46 - 2014-01-01 22:46 - 00001157 _____ C:\Users\Linda\Desktop\Firefox Profile Mgr.lnk
2014-01-01 10:52 - 2014-01-01 10:52 - 00000000 ____D C:\Users\Linda\AppData\Local\Macromedia
2014-01-01 10:51 - 2014-01-01 10:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-01 10:51 - 2014-01-01 10:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-01 10:51 - 2014-01-01 10:51 - 00000000 ____D C:\Windows\system32\Macromed
2013-12-31 22:22 - 2013-12-31 22:22 - 00000000 ____D C:\Users\Linda\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-12-30 22:44 - 2014-01-02 11:02 - 00000000 ____D C:\ProgramData\68b18d7e944da6c7
2013-12-30 22:44 - 2013-12-30 22:44 - 00000000 ____D C:\Users\Linda\AppData\Local\Packages
2013-12-30 22:44 - 2013-12-30 22:44 - 00000000 ____D C:\ProgramData\pokllmladafmeffkbdobgjmdhccohanm
2013-12-30 22:24 - 2014-01-12 12:27 - 00000000 ____D C:\ProgramData\Fast And Safe
2013-12-20 15:11 - 2013-12-20 15:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-01-18 20:22 - 2014-01-18 20:22 - 00000000 ____D C:\FRST
2014-01-18 20:20 - 2009-07-13 23:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-18 20:20 - 2009-07-13 23:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-18 20:18 - 2012-06-12 06:50 - 02028795 _____ C:\Windows\WindowsUpdate.log
2014-01-18 20:18 - 2012-02-18 02:37 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-18 20:14 - 2012-06-12 06:55 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-01-18 20:13 - 2013-04-05 07:08 - 00000380 _____ C:\Users\Linda\AppData\Roaming\sp_data.sys
2014-01-18 20:13 - 2012-06-12 06:52 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-18 20:13 - 2012-02-18 02:37 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-18 20:13 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-18 20:13 - 2009-07-13 23:51 - 00071494 _____ C:\Windows\setupact.log
2014-01-17 13:43 - 2014-01-17 13:43 - 00079125 _____ C:\Users\Linda\Downloads\projectID4f907685690d3.zip
2014-01-15 21:32 - 2009-07-13 23:45 - 04956840 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 15:29 - 2013-04-11 22:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-15 15:28 - 2013-08-13 23:49 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 15:26 - 2013-04-13 21:43 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 21:28 - 2014-01-03 22:30 - 00000000 ___RD C:\Users\Linda\Google Drive
2014-01-13 22:31 - 2014-01-09 13:51 - 00012384 _____ C:\Users\Linda\Documents\PPV_DU.xlsx
2014-01-12 13:08 - 2014-01-07 00:32 - 00000000 ____D C:\AdwCleaner
2014-01-12 12:27 - 2013-12-30 22:24 - 00000000 ____D C:\ProgramData\Fast And Safe
2014-01-09 14:56 - 2013-05-27 21:59 - 00001456 _____ C:\Users\Linda\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-01-08 21:57 - 2013-04-11 22:07 - 00000000 ____D C:\Users\Linda\AppData\Local\Microsoft Help
2014-01-07 22:36 - 2014-01-12 12:32 - 01037068 _____ (Thisisu) C:\Users\Linda\Desktop\JRT_NEW.exe
2014-01-07 20:02 - 2014-01-07 20:02 - 00000000 ____D C:\Windows\ERUNT
2014-01-07 19:45 - 2012-02-18 02:15 - 00018904 _____ C:\Windows\PFRO.log
2014-01-07 17:43 - 2014-01-07 17:43 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Malwarebytes
2014-01-07 17:42 - 2014-01-07 17:42 - 00001107 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-07 17:42 - 2014-01-07 17:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-07 17:42 - 2014-01-07 17:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-07 17:36 - 2014-01-07 17:36 - 00000000 ____D C:\Users\Linda\Desktop\rkill
2014-01-03 22:30 - 2014-01-03 22:30 - 00001695 _____ C:\Users\Linda\Desktop\Google Drive.lnk
2014-01-03 22:30 - 2013-04-05 07:06 - 00000000 ____D C:\Users\Linda
2014-01-03 22:27 - 2013-04-14 22:05 - 00000000 ____D C:\Users\Linda\AppData\Local\Google
2014-01-03 22:27 - 2012-02-18 02:37 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-03 22:24 - 2014-01-03 22:24 - 00819136 _____ (Google Inc.) C:\Users\Linda\Downloads\googledrivesync.exe
2014-01-02 11:02 - 2013-12-30 22:44 - 00000000 ____D C:\ProgramData\68b18d7e944da6c7
2014-01-02 02:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2014-01-01 22:46 - 2014-01-01 22:46 - 00001157 _____ C:\Users\Linda\Desktop\Firefox Profile Mgr.lnk
2014-01-01 10:52 - 2014-01-01 10:52 - 00000000 ____D C:\Users\Linda\AppData\Local\Macromedia
2014-01-01 10:51 - 2014-01-01 10:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-01 10:51 - 2014-01-01 10:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-01 10:51 - 2014-01-01 10:51 - 00000000 ____D C:\Windows\system32\Macromed
2014-01-01 10:51 - 2013-04-08 21:33 - 00000000 ____D C:\Users\Linda\AppData\Local\Adobe
2013-12-31 22:22 - 2013-12-31 22:22 - 00000000 ____D C:\Users\Linda\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-12-30 22:44 - 2013-12-30 22:44 - 00000000 ____D C:\Users\Linda\AppData\Local\Packages
2013-12-30 22:44 - 2013-12-30 22:44 - 00000000 ____D C:\ProgramData\pokllmladafmeffkbdobgjmdhccohanm
2013-12-29 22:18 - 2013-04-12 00:44 - 00000000 ____D C:\Users\Linda\AppData\Local\CutePDF Writer
2013-12-29 22:15 - 2013-05-13 21:11 - 00000000 ____D C:\Users\Linda\AppData\Local\CrashDumps
2013-12-23 17:17 - 2012-06-12 06:55 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-12-22 21:50 - 2013-04-11 21:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 15:12 - 2013-12-20 15:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\Linda\AppData\Local\Temp\APNSetup.exe
C:\Users\Linda\AppData\Local\Temp\converter.exe
C:\Users\Linda\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Linda\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Linda\AppData\Local\Temp\nvStInst.exe
C:\Users\Linda\AppData\Local\Temp\ose00000.exe
C:\Users\Linda\AppData\Local\Temp\selfupdt.exe
C:\Users\Linda\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Linda\AppData\Local\Temp\_is6AB4.exe
C:\Users\Linda\AppData\Local\Temp\_is9740.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-02 02:06

==================== End Of Log ============================

 

and Addition.txt

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2014 03
Ran by Linda at 2014-01-18 20:24:25
Running from D:\lhamilto\install
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Community Help (x32 Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (x32 Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (x32 Version: 10.1.85.3 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS5 (x32 Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (x32 Version: 3.1.142.60386 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.1.142.60386 - Alcor Micro Corp.) Hidden
Amazing Slow Downer (remove only) (x32 Version:  - )
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (x32 Version: 1.0.24 - ASUS)
ASUS Fan Filter Checker (x32 Version: 1.0.0001 - ASUS)
ASUS LifeFrame3 (x32 Version: 3.0.29 - ASUS)
ASUS Power4Gear Hybrid (Version: 1.1.50 - ASUS)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0040 - ASUS)
ASUS USB Charger Plus (x32 Version: 2.0.9 - ASUS)
ASUS Virtual Camera (x32 Version: 1.0.25 - ASUS)
ASUS WebStorage (x32 Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusScr_G75 Series_ENG (x32 Version: 1.0.0001 - ASUS)
AsusVibe2.0 (x32 Version: 2.0.9.157 - ASUSTEK)
Atheros Bluetooth Suite (64) (Version: 7.4.0.115 - Atheros)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.8.8 - Atheros Communications Inc.)
Atheros Driver Installation Program (x32 Version: 9.2 - Atheros)
ATK Package (x32 Version: 1.0.0016 - ASUS)
Azardi (x32 Version:  - )
Band-in-a-Box 2007 Update (x32 Version:  - PG Music Inc.)
Beyond Compare version 3.0.6 (x32 Version:  - Scooter Software)
Bing Bar (x32 Version: 7.3.124.0 - Microsoft Corporation)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite DCP-7065DN (x32 Version: 1.0.0.0 - Brother Industries, Ltd.)
calibre (x32 Version: 0.9.26 - Kovid Goyal)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation)
ConvertLIT Graphical User Interface 2.0 (x32 Version: 2.0 - DukeLupus)
CorelDRAW 10 (x32 Version:  - )
CorelDRAW 10 (x32 Version: 10 - Corel) Hidden
CutePDF Writer 3.0 (Version:  3.0 - CutePDF.com)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink Media Suite (x32 Version: 8.0.2926 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2926 - CyberLink Corp.) Hidden
CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Fast And Safe (x32 Version:  - PlanetCore)
Freecorder 2.3 (with Skype Call Recording) (x32 Version:  - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GameFast (Version: 1.0.1.1 - ASUSTEK Computer Inc)
GNU Aspell 0.50-3 (x32 Version:  - GNU)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GPL Ghostscript 8.56 (x32 Version:  - )
GPL Ghostscript Fonts (x32 Version:  - )
HomeSite 4.0 (HKCU Version:  - )
InstantOn for NB (x32 Version: 2.2.0 - ASUS)
Intel® Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 8.0.3.1427 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.605.1 - Intel Corporation)
iTunes (Version: 11.1.2.32 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio Professional 2003 (x32 Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Monarch Pro 9.01 (x32 Version: 9.01 - Datawatch)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
MuseScore 1.3 (x32 Version: 1.3.0 - Werner Schweer and Others)
Musicnotes Software Suite 1.7.2 (x32 Version: 1.7.2 - Musicnotes Inc.)
Neuratron PhotoScore MIDI Lite (x32 Version: 5.5.1 - Neuratron Limited)
Noise Reduction Plug-in 2.0i (x32 Version: 2.0.455 - Sony)
Notepad++ (x32 Version: 6.5.2 - Notepad++ Team)
Nuance PaperPort 12 (x32 Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (x32 Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA 3D Vision Driver 314.22 (Version: 314.22 - NVIDIA Corporation)
NVIDIA Control Panel 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 314.22 (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.23.1 (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
OmniPage Pro 11.0 (x32 Version: 11.00.0002 - ScanSoft, Inc.)
PaperPort Image Printer 64-bit (Version: 1.00.0001 - Nuance Communications, Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PG Music DirectX Plugins 1.3.4.1 (x32 Version:  - PG Music Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PowerTracks Pro Audio 10.0b (build 3) Update (x32 Version:  - PG Music Inc.)
Psi (remove only) (x32 Version:  - )
Python 2.6 pycrypto-2.0.1 (HKCU Version:  - )
Python 2.6.4 (x32 Version: 2.6.4150 - Python Software Foundation)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Rotation Desktop for G Series (Version: 1.1.3.2 - ASUSTEK Computer Inc)
Roxio AACS Certificate (x32 Version: 1.0.0 - Roxio) Hidden
Roxio CinePlayer (x32 Version: 5.8 - Roxio) Hidden
Roxio CinePlayer (x32 Version: 5.8.58233.4 - Roxio)
Ruby 1.9.1-p243 (x32 Version: 1.9.1-p243 - RubyInstaller Team)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Skype™ 6.3 (x32 Version: 6.3.105 - Skype Technologies S.A.)
Sound Forge Pro 10.0 (x32 Version: 10.0.368 - Sony)
Synaptics Pointing Device Driver (Version: 15.3.43.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
VIA Platform Device Manager (x32 Version: 1.39 - VIA Technologies, Inc.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinFlash (x32 Version: 2.41.0 - ASUS)
WinMerge 2.12.4 (x32 Version: 2.12.4 - Thingamahoochie Software)
WinZip (x32 Version:  9.0  (6028) - WinZip Computing, Inc.)
Wireless Console 3 (x32 Version: 3.0.27 - ASUS)
XnView 1.95.4 (x32 Version: 1.95.4 - Gougelet Pierre-e)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (x32 Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (x32 Version: 15.4.5722.2 - Microsoft Corporation)

==================== Restore Points  =========================

02-01-2014 07:13:28 Language Pack Removal
03-01-2014 18:35:35 Windows Update
06-01-2014 01:41:49 Windows Backup
06-01-2014 03:32:19 Installed Editer 1.0
06-01-2014 03:40:40 Removed Editer 1.0
06-01-2014 18:56:14 Windows Update
07-01-2014 05:31:25 Installed Editer 1.0
10-01-2014 16:15:36 Windows Update
13-01-2014 02:24:43 Windows Backup
13-01-2014 18:48:46 Windows Update
15-01-2014 20:26:12 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0C7BDFFC-3E0C-466D-B030-28718B770970} - System32\Tasks\AdobeAAMUpdater-1.0-Linda-PC-Linda => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {11D9458C-FB82-462F-93D6-3DA2242A616B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18] (Google Inc.)
Task: {2EF6CB77-2A5F-49BD-93A8-5390949D7620} - System32\Tasks\{D8472919-3BFF-4E1D-836C-A941DE636395} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.3.0.105&amp;LastError=12007
Task: {54F72862-E9A2-4F2F-A363-A9097B462BF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18] (Google Inc.)
Task: {613882B1-F216-4BB0-889C-C25166CA611C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {6BA2CD40-14AF-4786-A05F-D1F4613B52FB} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-15] (ASUS)
Task: {7F8BE7B2-34D5-4436-A1E4-26DFB4C08082} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {C4906E81-E11B-4788-B3A1-1A530F900EF1} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D2F289DE-0224-4196-9D52-813F9C84EFB5} - System32\Tasks\Games\UpdateCheck_S-1-5-21-797563391-536820869-950362357-1002
Task: {EB307383-D5E3-42CB-B58F-3D55834CFF37} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {F43DC0E1-3825-4E31-BC66-13B7A44BA734} - System32\Tasks\{C99613BE-BE69-4348-A4F6-404DA8772629} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.3.0.105&amp;LastError=12007
Task: {FADD6399-9DB7-43E8-8931-12AB06B533F0} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-02-29] (ASUSTek Computer Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) =============

2012-06-18 10:24 - 2012-06-18 10:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2012-06-12 06:55 - 2012-03-30 07:01 - 00078448 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-06-12 06:55 - 2012-03-30 07:01 - 00386160 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-10-03 18:56 - 2012-10-03 18:56 - 09196088 _____ () C:\Program Files\Psi\libaspell-15.dll
2012-10-03 18:56 - 2012-10-03 18:56 - 01037824 _____ () C:\Program Files\Psi\libstdc++-6.dll
2012-10-03 18:56 - 2012-10-03 18:56 - 00081920 _____ () C:\Program Files\Psi\libgcc_s_sjlj-1.dll
2012-10-03 18:56 - 2012-10-03 18:56 - 00051200 _____ () C:\Program Files\Psi\libwinpthread-1.dll
2012-10-03 18:56 - 2012-10-03 18:56 - 01126912 _____ () C:\Program Files\Psi\qca2.dll
2012-10-03 18:56 - 2012-10-03 18:56 - 00095744 _____ () C:\Program Files\Psi\zlib1.dll
2012-10-03 18:56 - 2012-10-03 18:56 - 00297472 _____ () C:\Program Files\Psi\crypto\qca-gnupg2.dll
2012-10-03 18:56 - 2012-10-03 18:56 - 00344064 _____ () C:\Program Files\Psi\crypto\qca-ossl2.dll
2012-10-03 18:56 - 2012-10-03 18:56 - 00512512 _____ () C:\Program Files\Psi\gstprovider.dll
2012-08-20 03:35 - 2012-08-20 03:35 - 00231215 _____ () C:\Program Files\Psi\libffi-5.dll
2012-08-20 09:53 - 2012-08-20 09:53 - 01220973 _____ () C:\Program Files\Psi\libgstaudio-0.10-0.dll
2012-08-20 09:52 - 2012-08-20 09:52 - 00504990 _____ () C:\Program Files\Psi\libgstinterfaces-0.10-0.dll
2012-08-20 08:49 - 2012-08-20 08:49 - 04603292 _____ () C:\Program Files\Psi\libgstreamer-0.10-0.dll
2012-08-20 09:53 - 2012-08-20 09:53 - 00694995 _____ () C:\Program Files\Psi\libgstpbutils-0.10-0.dll
2012-08-20 08:50 - 2012-08-20 08:50 - 01849357 _____ () C:\Program Files\Psi\libgstbase-0.10-0.dll
2012-08-20 09:53 - 2012-08-20 09:53 - 00658319 _____ () C:\Program Files\Psi\libgstvideo-0.10-0.dll
2012-08-20 08:02 - 2012-08-20 08:02 - 02557514 _____ () C:\Program Files\Psi\liborc-0.4-0.dll
2012-08-20 07:44 - 2012-08-20 07:44 - 00444078 _____ () C:\Program Files\Psi\libspeexdsp-1.dll
2012-08-20 09:54 - 2012-08-20 09:54 - 00600234 _____ () C:\Program Files\Psi\gstreamer-0.10\libgstaudioconvert.dll
2012-08-20 09:55 - 2012-08-20 09:55 - 00433341 _____ () C:\Program Files\Psi\gstreamer-0.10\libgstaudioresample.dll
2012-08-20 08:02 - 2012-08-20 08:02 - 00211751 _____ () C:\Program Files\Psi\liborc-test-0.4-0.dll
2012-08-20 08:50 - 2012-08-20 08:50 - 01619062 _____ () C:\Program Files\Psi\gstreamer-0.10\libgstcoreelements.dll
2012-08-20 08:51 - 2012-08-20 08:51 - 00151177 _____ () C:\Program Files\Psi\gstreamer-0.10\libgstcoreindexers.dll
2012-08-20 09:54 - 2012-08-20 09:54 - 00312275 _____ () C:\Program Files\Psi\gstreamer-0.10\libgstdecodebin.dll
2012-08-20 09:54 - 2012-08-20 09:54 - 01709844 _____ () C:\Program Files\Psi\gstreamer-0.10\libgstffmpegcolorspace.dll
2012-08-20 11:05 - 2012-08-20 11:05 - 00540295 _____ () C:\Program Files\Psi\gstreamer-0.10\libgstjpeg.dll
2012-08-20 11:03 - 2012-08-20 11:03 - 00205635 _____ () C:\Program Files\Psi\gstreamer-0.10\libgstlevel.dll
2012-08-20 09:55 - 2012-08-20 09:55 - 01011441 _____ () C:\Program Files\Psi\gstreamer-0.10\libgstogg.dll
2012-08-20 09:53 - 2012-08-20 09:53 - 00285924 _____ () C:\Program Files\Psi\libgstriff-0.10-0.dll
2012-08-20 09:52 - 2012-08-20 09:52 - 01138401 _____ () C:\Program Files\Psi\libgsttag-0.10-0.dll
2012-08-20 07:11 - 2012-08-20 07:11 - 00175824 _____ () C:\Program Files\Psi\libogg-0.dll
2012-08-20 11:04 - 2012-08-20 11:04 - 02668438 _____ () C:\Program Files\Psi\gstreamer-0.10\libgstrtp.dll
2012-08-20 09:53 - 2012-08-20 09:53 - 00573106 _____ () C:\Program Files\Psi\libgstrtp-0.10-0.dll
2012-08-20 11:04 - 2012-08-20 11:04 - 00815854 _____ () C:\Program Files\Psi\gstreamer-0.10\libgstrtpmanager.dll
2012-08-20 09:53 - 2012-08-20 09:53 - 00136303 _____ () C:\Program Files\Psi\libgstnetbuffer-0.10-0.dll
2012-08-20 11:05 - 2012-08-20 11:05 - 00243571 _____ () C:\Program Files\Psi\gstreamer-0.10\libgstspeex.dll
2012-08-20 07:44 - 2012-08-20 07:44 - 00559322 _____ () C:\Program Files\Psi\libspeex-1.dll
2012-08-20 09:55 - 2012-08-20 09:55 - 00459136 _____ () C:\Program Files\Psi\gstreamer-0.10\libgsttheora.dll
2012-08-20 07:27 - 2012-08-20 07:27 - 00235227 _____ () C:\Program Files\Psi\libtheoradec-1.dll
2012-08-20 07:27 - 2012-08-20 07:27 - 00418211 _____ () C:\Program Files\Psi\libtheoraenc-1.dll
2012-08-20 09:55 - 2012-08-20 09:55 - 00445509 _____ () C:\Program Files\Psi\gstreamer-0.10\libgsttypefindfunctions.dll
2012-08-20 09:55 - 2012-08-20 09:55 - 00223296 _____ () C:\Program Files\Psi\gstreamer-0.10\libgstvideorate.dll
2012-08-20 09:55 - 2012-08-20 09:55 - 00629100 _____ () C:\Program Files\Psi\gstreamer-0.10\libgstvideoscale.dll
2012-08-20 09:55 - 2012-08-20 09:55 - 00300756 _____ () C:\Program Files\Psi\gstreamer-0.10\libgstvolume.dll
2012-08-20 08:50 - 2012-08-20 08:50 - 00907489 _____ () C:\Program Files\Psi\libgstcontroller-0.10-0.dll
2012-08-20 09:55 - 2012-08-20 09:55 - 00393620 _____ () C:\Program Files\Psi\gstreamer-0.10\libgstvorbis.dll
2012-08-20 07:18 - 2012-08-20 07:18 - 00367108 _____ () C:\Program Files\Psi\libvorbis-0.dll
2012-08-20 07:18 - 2012-08-20 07:18 - 01754056 _____ () C:\Program Files\Psi\libvorbisenc-2.dll
2010-07-14 18:11 - 2010-07-14 18:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-31 11:25 - 2012-01-31 11:25 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2012-02-06 21:32 - 2012-02-06 21:32 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-08-20 11:57 - 2010-08-20 11:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-20 11:57 - 2010-08-20 11:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-04-29 21:14 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-12-20 15:11 - 2013-12-20 15:11 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-06-12 06:54 - 2012-02-21 14:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (01/18/2014 08:15:25 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (01/18/2014 08:15:25 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/17/2014 10:51:40 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (01/17/2014 10:51:40 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/17/2014 01:01:16 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (01/17/2014 01:01:16 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/16/2014 09:46:59 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (01/16/2014 09:46:59 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/16/2014 01:56:53 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (01/16/2014 01:56:53 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 21%
Total physical RAM: 12247.92 MB
Available physical RAM: 9614.92 MB
Total Pagefile: 24494.02 MB
Available Pagefile: 21671.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:673.31 GB) (Free:581.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (SDATA1) (Fixed) (Total:698.63 GB) (Free:373.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 527CD163)

Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 699 GB) (Disk ID: BBC58B91)
Partition 1: (Not Active) - (Size=699 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

2. Here's the log from Cmobofix:

 

 

ComboFix 14-01-16.03 - Linda 18/01/2014  20:38:40.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.12248.10056 [GMT -5:00]
Running from: d:\lhamilto\install\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-19 to 2014-01-19  )))))))))))))))))))))))))))))))
.
.
2014-01-19 01:22 . 2014-01-19 01:22    --------    d-----w-    C:\FRST
2014-01-18 04:02 . 2013-12-04 03:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A40DBAB-DDFD-4631-85CE-BF9D4EDA2FCD}\mpengine.dll
2014-01-17 02:57 . 2013-12-04 03:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-15 17:46 . 2013-11-27 01:41    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2014-01-15 17:46 . 2013-11-27 01:41    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2014-01-15 17:46 . 2013-11-27 01:41    53248    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2014-01-15 17:46 . 2013-11-27 01:41    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2014-01-15 17:46 . 2013-11-27 01:41    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2014-01-15 17:46 . 2013-11-27 01:41    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2014-01-15 17:46 . 2013-11-27 01:41    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2014-01-15 17:46 . 2013-11-26 11:40    376768    ----a-w-    c:\windows\system32\drivers\netio.sys
2014-01-15 17:46 . 2013-11-26 10:32    3156480    ----a-w-    c:\windows\system32\win32k.sys
2014-01-08 01:02 . 2014-01-08 01:02    --------    d-----w-    c:\windows\ERUNT
2014-01-07 22:43 . 2014-01-07 22:43    --------    d-----w-    c:\users\Linda\AppData\Roaming\Malwarebytes
2014-01-07 22:42 . 2014-01-07 22:42    --------    d-----w-    c:\programdata\Malwarebytes
2014-01-07 22:42 . 2014-01-07 22:42    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-07 22:42 . 2013-04-04 19:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-01-07 22:42 . 2014-01-07 22:42    --------    d-----w-    c:\users\Linda\AppData\Local\Programs
2014-01-07 05:32 . 2014-01-12 18:08    --------    d-----w-    C:\AdwCleaner
2014-01-04 03:30 . 2014-01-15 02:28    --------    d-----r-    c:\users\Linda\Google Drive
2014-01-01 15:52 . 2014-01-01 15:52    --------    d-----w-    c:\users\Linda\AppData\Local\Macromedia
2014-01-01 15:51 . 2014-01-01 15:51    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-01 15:51 . 2014-01-01 15:51    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-01 15:51 . 2014-01-01 15:51    --------    d-----w-    c:\windows\system32\Macromed
2014-01-01 03:22 . 2014-01-01 03:22    --------    d-----w-    c:\users\Linda\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-12-31 03:44 . 2013-12-31 03:44    --------    d-----w-    c:\programdata\pokllmladafmeffkbdobgjmdhccohanm
2013-12-31 03:44 . 2013-12-31 03:44    --------    d-----w-    c:\users\Linda\AppData\Local\Packages
2013-12-31 03:44 . 2014-01-02 16:02    --------    d-----w-    c:\programdata\68b18d7e944da6c7
2013-12-31 03:24 . 2014-01-12 17:27    --------    d-----w-    c:\programdata\Fast And Safe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-19 01:13 . 2013-04-05 12:08    380    ----a-w-    c:\users\Linda\AppData\Roaming\sp_data.sys
2014-01-15 20:26 . 2013-04-14 02:43    86054176    ----a-w-    c:\windows\system32\MRT.exe
2013-11-26 11:54 . 2013-12-11 20:36    23183360    ----a-w-    c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-11 20:36    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-11 20:36    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-11 20:36    66048    ----a-w-    c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-11 20:36    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-11 20:36    2764288    ----a-w-    c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-11 20:36    53760    ----a-w-    c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-11 20:36    33792    ----a-w-    c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-11 20:36    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-11 20:36    574976    ----a-w-    c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-11 20:36    139264    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-11 20:36    111616    ----a-w-    c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-11 20:36    708608    ----a-w-    c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-11 20:36    218624    ----a-w-    c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-11 20:36    5769216    ----a-w-    c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-11 20:36    553472    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-11 20:36    4243968    ----a-w-    c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-11 20:36    1995264    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-11 20:36    12996608    ----a-w-    c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-11 20:36    1928192    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-11 20:36    2334208    ----a-w-    c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-11 20:36    1395200    ----a-w-    c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-11 20:36    817664    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-11 20:36    1820160    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-11 19:47    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 19:47    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-11-22 03:32 . 2013-11-22 03:32    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-11-22 03:32 . 2013-11-22 03:32    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-22 03:32 . 2013-11-22 03:32    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-22 03:32 . 2013-11-22 03:32    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2013-11-22 03:32 . 2013-11-22 03:32    235008    ----a-w-    c:\windows\system32\elshyph.dll
2013-11-22 03:32 . 2013-11-22 03:32    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-11-22 03:32 . 2013-11-22 03:32    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-11-22 03:32 . 2013-11-22 03:32    61952    ----a-w-    c:\windows\SysWow64\iesetup.dll
2013-11-22 03:32 . 2013-11-22 03:32    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-22 03:32 . 2013-11-22 03:32    337408    ----a-w-    c:\windows\SysWow64\html.iec
2013-11-22 03:32 . 2013-11-22 03:32    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-11-22 03:32 . 2013-11-22 03:32    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-11-22 03:32 . 2013-11-22 03:32    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-11-22 03:32 . 2013-11-22 03:32    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-11-22 03:32 . 2013-11-22 03:32    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-11-22 03:32 . 2013-11-22 03:32    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-22 03:32 . 2013-11-22 03:32    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2013-11-22 03:32 . 2013-11-22 03:32    51200    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2013-11-22 03:32 . 2013-11-22 03:32    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-11-22 03:32 . 2013-11-22 03:32    454656    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-11-22 03:32 . 2013-11-22 03:32    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-11-22 03:32 . 2013-11-22 03:32    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-11-22 03:32 . 2013-11-22 03:32    112128    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-11-22 03:32 . 2013-11-22 03:32    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-11-22 03:32 . 2013-11-22 03:32    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2013-11-22 03:32 . 2013-11-22 03:32    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-11-22 03:32 . 2013-11-22 03:32    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-11-22 03:32 . 2013-11-22 03:32    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-11-22 03:32 . 2013-11-22 03:32    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-11-22 03:32 . 2013-11-22 03:32    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-11-22 03:32 . 2013-11-22 03:32    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-11-22 03:32 . 2013-11-22 03:32    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-11-22 03:32 . 2013-11-22 03:32    413696    ----a-w-    c:\windows\system32\html.iec
2013-11-22 03:32 . 2013-11-22 03:32    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-22 03:32 . 2013-11-22 03:32    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2013-11-22 03:32 . 2013-11-22 03:32    247808    ----a-w-    c:\windows\system32\msls31.dll
2013-11-22 03:32 . 2013-11-22 03:32    195584    ----a-w-    c:\windows\system32\msrating.dll
2013-11-22 03:32 . 2013-11-22 03:32    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-11-22 03:32 . 2013-11-22 03:32    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-11-22 03:32 . 2013-11-22 03:32    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2013-11-22 03:32 . 2013-11-22 03:32    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2013-11-22 03:32 . 2013-11-22 03:32    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2013-11-22 03:32 . 2013-11-22 03:32    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-11-22 03:32 . 2013-11-22 03:32    774144    ----a-w-    c:\windows\system32\jscript.dll
2013-11-22 03:32 . 2013-11-22 03:32    626176    ----a-w-    c:\windows\system32\msfeeds.dll
2013-11-22 03:32 . 2013-11-22 03:32    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2013-11-22 03:32 . 2013-11-22 03:32    548352    ----a-w-    c:\windows\system32\vbscript.dll
2013-11-22 03:32 . 2013-11-22 03:32    48128    ----a-w-    c:\windows\system32\imgutil.dll
2013-11-22 03:32 . 2013-11-22 03:32    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2013-11-22 03:32 . 2013-11-22 03:32    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-11-22 03:32 . 2013-11-22 03:32    243200    ----a-w-    c:\windows\system32\webcheck.dll
2013-11-22 03:32 . 2013-11-22 03:32    235520    ----a-w-    c:\windows\system32\url.dll
2013-11-22 03:32 . 2013-11-22 03:32    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-11-22 03:32 . 2013-11-22 03:32    147968    ----a-w-    c:\windows\system32\occache.dll
2013-11-22 03:32 . 2013-11-22 03:32    143872    ----a-w-    c:\windows\system32\wextract.exe
2013-11-22 03:32 . 2013-11-22 03:32    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-11-22 03:32 . 2013-11-22 03:32    135680    ----a-w-    c:\windows\system32\iepeers.dll
2013-11-22 03:32 . 2013-11-22 03:32    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-11-22 03:32 . 2013-11-22 03:32    101376    ----a-w-    c:\windows\system32\inseng.dll
2013-11-19 10:21 . 2013-04-12 01:41    267936    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-12 02:23 . 2013-12-11 19:47    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 19:47    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-10-30 02:32 . 2013-12-11 19:47    335360    ----a-w-    c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-11 19:47    301568    ----a-w-    c:\windows\SysWow64\msieftp.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-09-03 40312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-18 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-03-30 5138032]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-07 291608]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-02-16 322176]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
"CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2011-05-23 84464]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-07 102568]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2012-06-12 3058304]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-20 107816]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Corel Reminder"="c:\program files (x86)\Corel\Graphics10\Register\NAVBrowser.exe" [2000-10-04 208896]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2010-10-26 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-23 152392]
.
c:\users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Psi.lnk - c:\program files\Psi\Psi.exe [2012-10-3 9345536]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-2-18 549040]
WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2013-4-11 118784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 64af91bf;Fast And Safe;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x]
S2 AsusUacSvc;Asus process privilege adjust service;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 FanChkService;Fan Filter Checker Service;c:\program files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe;c:\program files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 03:12    1210320    ----a-w-    c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 07:37]
.
2014-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 07:37]
.
2014-01-19 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2013-12-23 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09    227840    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09    227840    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 20:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 20:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 20:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 20:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 20:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2012-03-28 373248]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = gateway.bns:8000
uInternet Settings,ProxyOverride = *.local;<local>
TCP: DhcpNameServer = 192.168.0.1 192.168.1.1
FF - ProfilePath - c:\users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\3zwcdwdb.default-1367292270194\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL -
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf} - c:\progra~3\FASTAN~1\FASTAN~1.DLL
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-18  20:51:08
ComboFix-quarantined-files.txt  2014-01-19 01:51
.
Pre-Run: 624,348,028,928 bytes free
Post-Run: 624,943,874,048 bytes free
.
- - End Of File - - 2CFEA7C094D37C278B202917C9715694
 

 

Combofix ran without a problem (I'd turned off my security softwares prior). Once it finished, I restarted my computer and have reactivated my security softwares. You'd asked if I have my Windows install CDs and I do. My computer seems (so far) to be running OK. With respect to proxies, etc., I run FTP periodically and Psi Jabber client but otherwise just do normal Internet browsing.

 

 

Thanks.


Edited by lhamilton, 18 January 2014 - 09:21 PM.


#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:06 AM

Posted 19 January 2014 - 12:29 PM

Hello again,

The help is my pleasure! Thanks for the logs and information. :)

Okay, there's not too much going on in your logs so we'll get right to it!

==========

Step :step1:

First order of business is to remove Fast And Safe from Add/Remove Programs.

 

Note: If you do not see Fast And Safe in your list, then just let me know and continue with the next steps.
 
==========

Step :step2:

Run a Combofix Script


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy the text in the codebox below, then paste it into the empty notepad:
 

Driver::
64af91bf

File::
C:\ProgramData\Fast And Safe\FastAndSafe.dll
C:\ProgramData\Fast And Safe\FastAndSafeSvc.dll

Folder::
C:\ProgramData\68b18d7e944da6c7
C:\Users\Linda\AppData\Local\Packages
C:\ProgramData\pokllmladafmeffkbdobgjmdhccohanm
C:\ProgramData\Fast And Safe

DDS::
uInternet Settings,ProxyServer = gateway.bns:8000

Firefox::
FF - ProfilePath - c:\users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\3zwcdwdb.default-1367292270194\
FF - prefs.js: network.proxy.type - 0

ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe


CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

Step :step3:

Please update Malwarebytes (aka MBAM), run another quick scan (removing anything found), and post the resultant log for me.

==========

In your next reply, please include the following:

  • Let me know if you were able to remove Fast And Safe from the Add/Remove list
  • The latest C:Combofix.txt
  • The latest MBAM log
  • How is the machine running now? Any changes to performance or other issues?

bloopie



#7 lhamilton

lhamilton
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 19 January 2014 - 01:44 PM

Hi,

 

Here are the results:

 

1. I couldn't remove Fast and Easy because the system couldn't find the file. Here's the error message:

 

There was a problem starting
C:\PROGRA~3\FASTAN~1\FASTAN~1.DLL

The specified module could not be found

 

2. I disabled protection and closed browser etc. Here's the log from Combofix:

 

ComboFix 14-01-16.03 - Linda 19/01/2014  13:01:41.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.12248.10010 [GMT -5:00]
Running from: d:\lhamilto\install\ComboFix.exe
Command switches used :: d:\lhamilto\install\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Fast And Safe\FastAndSafe.dll"
"c:\programdata\Fast And Safe\FastAndSafeSvc.dll"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\68b18d7e944da6c7
c:\programdata\68b18d7e944da6c7\{51417852-174C-88D4-34A0-D0FE7858BE47}
c:\programdata\68b18d7e944da6c7\{CE94DD89-7404-B4B9-E713-E55CC0AB6C3B}
c:\programdata\68b18d7e944da6c7\22c3997ee7059bcb3e5c00063ea7e9ec.ini
c:\programdata\68b18d7e944da6c7\91edd5c0e4a2c4a43e5c00063ea7e9ec.ini
c:\programdata\Fast And Safe
c:\programdata\Fast And Safe\FastAndSafe_x64.dll
c:\programdata\Fast And Safe\FastAndSafeSvc.dll
c:\programdata\pokllmladafmeffkbdobgjmdhccohanm
c:\programdata\pokllmladafmeffkbdobgjmdhccohanm\background.html
c:\programdata\pokllmladafmeffkbdobgjmdhccohanm\content.js
c:\programdata\pokllmladafmeffkbdobgjmdhccohanm\lsdb.js
c:\programdata\pokllmladafmeffkbdobgjmdhccohanm\manifest.json
c:\programdata\pokllmladafmeffkbdobgjmdhccohanm\onu358uVpEMV.js
c:\users\Linda\AppData\Local\Packages
c:\users\Linda\AppData\Local\Packages\windows_ie_ac_001\AC\{3C749A7C-484F-BD1A-D06C-4424CDEFDF43}\DiigiiCoupon.2.7.dat
c:\users\Linda\AppData\Local\Packages\windows_ie_ac_001\AC\{B3B8B857-2F29-5F19-0057-9832569A76F7}\JooniiCeoupionn.2.7.dat
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_64af91bf
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-19 to 2014-01-19  )))))))))))))))))))))))))))))))
.
.
2014-01-19 18:10 . 2014-01-19 18:10    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2014-01-19 18:10 . 2014-01-19 18:10    --------    d-----w-    c:\users\lhamilton\AppData\Local\temp
2014-01-19 18:10 . 2014-01-19 18:10    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-01-19 01:54 . 2013-12-04 03:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD3F6831-F961-4BCD-9145-1C6A29B76351}\mpengine.dll
2014-01-19 01:22 . 2014-01-19 01:22    --------    d-----w-    C:\FRST
2014-01-17 02:57 . 2013-12-04 03:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-15 17:46 . 2013-11-27 01:41    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2014-01-15 17:46 . 2013-11-27 01:41    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2014-01-15 17:46 . 2013-11-27 01:41    53248    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2014-01-15 17:46 . 2013-11-27 01:41    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2014-01-15 17:46 . 2013-11-27 01:41    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2014-01-15 17:46 . 2013-11-27 01:41    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2014-01-15 17:46 . 2013-11-27 01:41    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2014-01-15 17:46 . 2013-11-26 11:40    376768    ----a-w-    c:\windows\system32\drivers\netio.sys
2014-01-15 17:46 . 2013-11-26 10:32    3156480    ----a-w-    c:\windows\system32\win32k.sys
2014-01-08 01:02 . 2014-01-08 01:02    --------    d-----w-    c:\windows\ERUNT
2014-01-07 22:43 . 2014-01-07 22:43    --------    d-----w-    c:\users\Linda\AppData\Roaming\Malwarebytes
2014-01-07 22:42 . 2014-01-07 22:42    --------    d-----w-    c:\programdata\Malwarebytes
2014-01-07 22:42 . 2014-01-07 22:42    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-07 22:42 . 2013-04-04 19:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-01-07 22:42 . 2014-01-07 22:42    --------    d-----w-    c:\users\Linda\AppData\Local\Programs
2014-01-07 05:32 . 2014-01-12 18:08    --------    d-----w-    C:\AdwCleaner
2014-01-04 03:30 . 2014-01-15 02:28    --------    d-----r-    c:\users\Linda\Google Drive
2014-01-01 15:52 . 2014-01-01 15:52    --------    d-----w-    c:\users\Linda\AppData\Local\Macromedia
2014-01-01 15:51 . 2014-01-01 15:51    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-01 15:51 . 2014-01-01 15:51    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-01 15:51 . 2014-01-01 15:51    --------    d-----w-    c:\windows\system32\Macromed
2014-01-01 03:22 . 2014-01-01 03:22    --------    d-----w-    c:\users\Linda\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-19 17:51 . 2013-04-05 12:08    380    ----a-w-    c:\users\Linda\AppData\Roaming\sp_data.sys
2014-01-15 20:26 . 2013-04-14 02:43    86054176    ----a-w-    c:\windows\system32\MRT.exe
2013-11-26 11:54 . 2013-12-11 20:36    23183360    ----a-w-    c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-11 20:36    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-11 20:36    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-11 20:36    66048    ----a-w-    c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-11 20:36    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-11 20:36    2764288    ----a-w-    c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-11 20:36    53760    ----a-w-    c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-11 20:36    33792    ----a-w-    c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-11 20:36    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-11 20:36    574976    ----a-w-    c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-11 20:36    139264    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-11 20:36    111616    ----a-w-    c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-11 20:36    708608    ----a-w-    c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-11 20:36    218624    ----a-w-    c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-11 20:36    5769216    ----a-w-    c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-11 20:36    553472    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-11 20:36    4243968    ----a-w-    c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-11 20:36    1995264    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-11 20:36    12996608    ----a-w-    c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-11 20:36    1928192    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-11 20:36    2334208    ----a-w-    c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-11 20:36    1395200    ----a-w-    c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-11 20:36    817664    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-11 20:36    1820160    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-11 19:47    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 19:47    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-11-22 03:32 . 2013-11-22 03:32    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-11-22 03:32 . 2013-11-22 03:32    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-22 03:32 . 2013-11-22 03:32    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-22 03:32 . 2013-11-22 03:32    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2013-11-22 03:32 . 2013-11-22 03:32    235008    ----a-w-    c:\windows\system32\elshyph.dll
2013-11-22 03:32 . 2013-11-22 03:32    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-11-22 03:32 . 2013-11-22 03:32    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-11-22 03:32 . 2013-11-22 03:32    61952    ----a-w-    c:\windows\SysWow64\iesetup.dll
2013-11-22 03:32 . 2013-11-22 03:32    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-22 03:32 . 2013-11-22 03:32    337408    ----a-w-    c:\windows\SysWow64\html.iec
2013-11-22 03:32 . 2013-11-22 03:32    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-11-22 03:32 . 2013-11-22 03:32    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-11-22 03:32 . 2013-11-22 03:32    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-11-22 03:32 . 2013-11-22 03:32    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-11-22 03:32 . 2013-11-22 03:32    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-11-22 03:32 . 2013-11-22 03:32    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-22 03:32 . 2013-11-22 03:32    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2013-11-22 03:32 . 2013-11-22 03:32    51200    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2013-11-22 03:32 . 2013-11-22 03:32    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-11-22 03:32 . 2013-11-22 03:32    454656    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-11-22 03:32 . 2013-11-22 03:32    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-11-22 03:32 . 2013-11-22 03:32    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-11-22 03:32 . 2013-11-22 03:32    112128    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-11-22 03:32 . 2013-11-22 03:32    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-11-22 03:32 . 2013-11-22 03:32    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2013-11-22 03:32 . 2013-11-22 03:32    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-11-22 03:32 . 2013-11-22 03:32    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-11-22 03:32 . 2013-11-22 03:32    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-11-22 03:32 . 2013-11-22 03:32    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-11-22 03:32 . 2013-11-22 03:32    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-11-22 03:32 . 2013-11-22 03:32    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-11-22 03:32 . 2013-11-22 03:32    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-11-22 03:32 . 2013-11-22 03:32    413696    ----a-w-    c:\windows\system32\html.iec
2013-11-22 03:32 . 2013-11-22 03:32    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-22 03:32 . 2013-11-22 03:32    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2013-11-22 03:32 . 2013-11-22 03:32    247808    ----a-w-    c:\windows\system32\msls31.dll
2013-11-22 03:32 . 2013-11-22 03:32    195584    ----a-w-    c:\windows\system32\msrating.dll
2013-11-22 03:32 . 2013-11-22 03:32    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-11-22 03:32 . 2013-11-22 03:32    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-11-22 03:32 . 2013-11-22 03:32    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2013-11-22 03:32 . 2013-11-22 03:32    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2013-11-22 03:32 . 2013-11-22 03:32    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2013-11-22 03:32 . 2013-11-22 03:32    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-11-22 03:32 . 2013-11-22 03:32    774144    ----a-w-    c:\windows\system32\jscript.dll
2013-11-22 03:32 . 2013-11-22 03:32    626176    ----a-w-    c:\windows\system32\msfeeds.dll
2013-11-22 03:32 . 2013-11-22 03:32    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2013-11-22 03:32 . 2013-11-22 03:32    548352    ----a-w-    c:\windows\system32\vbscript.dll
2013-11-22 03:32 . 2013-11-22 03:32    48128    ----a-w-    c:\windows\system32\imgutil.dll
2013-11-22 03:32 . 2013-11-22 03:32    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2013-11-22 03:32 . 2013-11-22 03:32    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-11-22 03:32 . 2013-11-22 03:32    243200    ----a-w-    c:\windows\system32\webcheck.dll
2013-11-22 03:32 . 2013-11-22 03:32    235520    ----a-w-    c:\windows\system32\url.dll
2013-11-22 03:32 . 2013-11-22 03:32    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-11-22 03:32 . 2013-11-22 03:32    147968    ----a-w-    c:\windows\system32\occache.dll
2013-11-22 03:32 . 2013-11-22 03:32    143872    ----a-w-    c:\windows\system32\wextract.exe
2013-11-22 03:32 . 2013-11-22 03:32    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-11-22 03:32 . 2013-11-22 03:32    135680    ----a-w-    c:\windows\system32\iepeers.dll
2013-11-22 03:32 . 2013-11-22 03:32    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-11-22 03:32 . 2013-11-22 03:32    101376    ----a-w-    c:\windows\system32\inseng.dll
2013-11-19 10:21 . 2013-04-12 01:41    267936    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-12 02:23 . 2013-12-11 19:47    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 19:47    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-10-30 02:32 . 2013-12-11 19:47    335360    ----a-w-    c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-11 19:47    301568    ----a-w-    c:\windows\SysWow64\msieftp.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-09-03 40312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-18 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-03-30 5138032]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-07 291608]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-02-16 322176]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
"CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2011-05-23 84464]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-07 102568]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2012-06-12 3058304]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-20 107816]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Corel Reminder"="c:\program files (x86)\Corel\Graphics10\Register\NAVBrowser.exe" [2000-10-04 208896]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2010-10-26 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-23 152392]
.
c:\users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Psi.lnk - c:\program files\Psi\Psi.exe [2012-10-3 9345536]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-2-18 549040]
WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2013-4-11 118784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x]
S2 AsusUacSvc;Asus process privilege adjust service;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [x]
S2 FanChkService;Fan Filter Checker Service;c:\program files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe;c:\program files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 03:12    1210320    ----a-w-    c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 07:37]
.
2014-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 07:37]
.
2014-01-19 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2013-12-23 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09    227840    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09    227840    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 20:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 20:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 20:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 20:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 20:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2012-03-28 373248]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
TCP: DhcpNameServer = 192.168.0.1 192.168.1.1
FF - ProfilePath - c:\users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\3zwcdwdb.default-1367292270194\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL -
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf} - c:\progra~3\FASTAN~1\FASTAN~1.DLL
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-01-19  13:17:07 - machine was rebooted
ComboFix-quarantined-files.txt  2014-01-19 18:17
ComboFix2.txt  2014-01-19 01:51
.
Pre-Run: 625,009,270,784 bytes free
Post-Run: 624,688,328,704 bytes free
.
- - End Of File - - E58EF356D609A97D7887C90C1E2A8BF1
 

 

3. I updated and then ran Malwarebytes and ran a quick scan. Here's the log:

 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.19.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Linda :: LINDA-PC [administrator]

Protection: Enabled

19/01/2014 1:29:43 PM
mbam-log-2014-01-19 (13-29-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 261841
Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

I've re-enabled virus protection etc. and everything seems to be running OK.

 

Thanks.



#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:06 AM

Posted 19 January 2014 - 02:54 PM

Hello again,
 
Very well done! :) From the Combofix log:
 

- - - - ORPHANS REMOVED - - - -
.
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf} - c:\progra~3\FASTAN~1\FASTAN~1.DLL

Could you please verify that Fast And Safe is no longer visible in your Add/Remove Programs list?
 
As for the Proxy, we have also successfully removed the entry from your reports as well now! Very well done!
 
==========
 
Now let's run an online scan for leftovers:

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Note2: This scan may take some time due to the size of your drive and the speed of your internet connection!

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Now click on: EOLS4.gif

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

==========

Anything that needs to be addressed in the above log, we will remove with a batch! :) Any other problems that you think I should know about, please let me know!

bloopie



#9 lhamilton

lhamilton
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 20 January 2014 - 10:04 AM

Hi,

 

Glad to hear that the proxy setting is OK now. I'm rather curious how I ended up with it set that way....

 

 

 

So -- I disabled my security settings and ran the long, long ESET scan with the settings you specified and here is the report:

 

 

C:\Qoobox\Quarantine\C\ProgramData\Fast And Safe\FastAndSafeSvc.dll.vir    a variant of Win32/SProtector.D application
C:\Users\Linda\Documents\APNSetup.exe    a variant of Win32/Bundled.Toolbar.Ask.E application
C:\Users\Linda\Downloads\CuteWriter.exe    a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Windows\Installer\MSI5D50.tmp    a variant of Win32/Bundled.Toolbar.Ask.F application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ARS3[1].7z    a variant of Win32/Bundled.Toolbar.Ask.F application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ARS3[2].7z    a variant of Win32/Bundled.Toolbar.Ask.F application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ARS3[3].7z    a variant of Win32/Bundled.Toolbar.Ask.F application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ARS3[4].7z    a variant of Win32/Bundled.Toolbar.Ask.F application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ARS3[5].7z    a variant of Win32/Bundled.Toolbar.Ask.F application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ARS3[6].7z    a variant of Win32/Bundled.Toolbar.Ask.F application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ARS3[7].7z    a variant of Win32/Bundled.Toolbar.Ask.F application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ARS3[1].7z    a variant of Win32/Bundled.Toolbar.Ask.F application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ARS3[2].7z    a variant of Win32/Bundled.Toolbar.Ask.F application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ARS3[3].7z    a variant of Win32/Bundled.Toolbar.Ask.F application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ARS3[4].7z    a variant of Win32/Bundled.Toolbar.Ask.F application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ARS3[5].7z    a variant of Win32/Bundled.Toolbar.Ask.F application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ARS3[6].7z    a variant of Win32/Bundled.Toolbar.Ask.F application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ARS3[7].7z    a variant of Win32/Bundled.Toolbar.Ask.F application
D:\lhamilto\install\MusicNotessuite.exe    Win32/OpenCandy application
D:\lhamilto\install\tools v6.0.4.exe    Win32/InstalleRex.I application
D:\lhamilto\install\picpick\picpick.exe    a variant of Win32/Bundled.Toolbar.Ask application
D:\LINDA-PC\Backup Set 2013-04-08 235155\Backup Files 2013-04-14 224757\Backup files 1.zip    multiple threats
D:\LINDA-PC\Backup Set 2013-04-08 235155\Backup Files 2013-04-28 234245\Backup files 1.zip    Win32/Adware.MultiPlug.H application
D:\LINDA-PC\Backup Set 2013-04-08 235155\Backup Files 2013-05-07 181607\Backup files 14.zip    Win32/Adware.MultiPlug.H application
D:\LINDA-PC\Backup Set 2013-07-28 221940\Backup Files 2013-07-28 221940\Backup files 1.zip    a variant of Win32/Bundled.Toolbar.Ask.E application
D:\LINDA-PC\Backup Set 2013-07-28 221940\Backup Files 2013-07-28 221940\Backup files 19.zip    a variant of Win32/Bundled.Toolbar.Ask.D application
D:\LINDA-PC\Backup Set 2013-09-16 225627\Backup Files 2013-09-16 225627\Backup files 1.zip    a variant of Win32/Bundled.Toolbar.Ask.E application
D:\LINDA-PC\Backup Set 2013-09-16 225627\Backup Files 2013-09-16 225627\Backup files 20.zip    a variant of Win32/Bundled.Toolbar.Ask.D application
D:\LINDA-PC\Backup Set 2014-01-05 204122\Backup Files 2014-01-05 204122\Backup files 1.zip    a variant of Win32/Bundled.Toolbar.Ask.E application
D:\LINDA-PC\Backup Set 2014-01-05 204122\Backup Files 2014-01-05 204122\Backup files 29.zip    a variant of Win32/Bundled.Toolbar.Ask.D application
 

 

As far as Fast and Safe, my Control Panel Program Removal can't find it. I can see the title in the list of programs but it can't find anything to remove:

 

 

There was a problem starting
C:\PROGRA~3\FASTAN~1\FASTAN~1.DLL

The specified module could not be found

 

I've re-enabled my security settings.

 

Thanks.

 

Linda


Edited by lhamilton, 20 January 2014 - 10:07 AM.


#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:06 AM

Posted 20 January 2014 - 12:26 PM

Hello again,
 

Glad to hear that the proxy setting is OK now. I'm rather curious how I ended up with it set that way....

It could be any number of reasons, but the important thing is that it's taken care of now. :)

 

==========

Now, lets remove what was found in the ESET scan with a batch, and then we'll get you updated:

Step :step1:

  • Hold the "Windows0d8a4985-b5e2-41a6-a1b6-e4bafb517937_92." key and press "R" to open the runbox and type in notepad and click Ok.
  • Copy the text in the code box below then paste it into the blank Notepad and save it to your Desktop as DelFile.bat
@echo off
echo Deleting files... >result.txt
echo. >>result.txt
del /f /s /q "C:\Users\Linda\Documents\APNSetup.exe" >>result.txt 2>&1
del /f /s /q "C:\Users\Linda\Downloads\CuteWriter.exe" >>result.txt 2>&1
del /f /s /q "C:\Windows\Installer\MSI5D50.tmp" >>result.txt 2>&1
del /f /s /q "D:\lhamilto\install\MusicNotessuite.exe" >>result.txt 2>&1
del /f /s /q "D:\lhamilto\install\tools v6.0.4.exe" >>result.txt 2>&1
del /f /s /q "D:\lhamilto\install\picpick\picpick.exe" >>result.txt 2>&1
del /f /s /q "D:\LINDA-PC\Backup Set 2013-04-08 235155\Backup Files 2013-04-14 224757\Backup files 1.zip" >>result.txt 2>&1
del /f /s /q "D:\LINDA-PC\Backup Set 2013-04-08 235155\Backup Files 2013-04-28 234245\Backup files 1.zip" >>result.txt 2>&1
del /f /s /q "D:\LINDA-PC\Backup Set 2013-04-08 235155\Backup Files 2013-05-07 181607\Backup files 14.zip" >>result.txt 2>&1
del /f /s /q "D:\LINDA-PC\Backup Set 2013-07-28 221940\Backup Files 2013-07-28 221940\Backup files 1.zip" >>result.txt 2>&1
del /f /s /q "D:\LINDA-PC\Backup Set 2013-07-28 221940\Backup Files 2013-07-28 221940\Backup files 19.zip" >>result.txt 2>&1
del /f /s /q "D:\LINDA-PC\Backup Set 2013-09-16 225627\Backup Files 2013-09-16 225627\Backup files 1.zip" >>result.txt 2>&1
del /f /s /q "D:\LINDA-PC\Backup Set 2013-09-16 225627\Backup Files 2013-09-16 225627\Backup files 20.zip" >>result.txt 2>&1
del /f /s /q "D:\LINDA-PC\Backup Set 2014-01-05 204122\Backup Files 2014-01-05 204122\Backup files 1.zip" >>result.txt 2>&1
del /f /s /q "D:\LINDA-PC\Backup Set 2014-01-05 204122\Backup Files 2014-01-05 204122\Backup files 29.zip" >>result.txt 2>&1
del /f /s /q "C:\PROGRA~3\FASTAN~1\FASTAN~1.DLL" >>result.txt 2>&1
echo. >>result.txt
echo Finished >>result.txt
start notepad result.txt
  • ---->>The batch file should now look like this: batwin7.png<--in Windows Vista/7 and this:batxp.png<--in Windows XP
  • Now double click on the DelFile.bat on your Desktop and the batch will quickly run
  • A file result.txt will open (a copy of the file will also be saved on your desktop).
  • Copy and paste the contents of the result.txt into your next reply, then reboot the machine. <--Important!

==========

Step :step2:
Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!

==========

Step :step3:

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the otlicon.png icon on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
    :commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [CLEARALLRESTOREPOINTS]
    [CREATERESTOREPOINT]
    
  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

==========

In your next reply, please include the following:

  • The result.txt
  • Let me know if you had any problems updating
  • The OTL report
  • Confirm the machine is still running okay!

bloopie



#11 lhamilton

lhamilton
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 20 January 2014 - 02:36 PM

Hi,

 

1. I ran the .bat file and here are the results:

 

 

Deleting files...
 
Deleted file - C:\Users\Linda\Documents\APNSetup.exe
Deleted file - C:\Users\Linda\Downloads\CuteWriter.exe
C:\Windows\Installer\MSI5D50.tmp
Access is denied.
Deleted file - D:\lhamilto\install\MusicNotessuite.exe
Deleted file - D:\lhamilto\install\tools v6.0.4.exe
 

 

2. I then updated my Adobe reader. It had been bugging me for the past few days to update but I didn't since I didn't want to change the system in the middle of things. It's updated now.

 

3. Here is the OTL log. It asked for a reboot and provided the log. No "OK"button showed up though.

 

Here's the log:

 

 

All processes killed
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: lhamilton
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 195 bytes
 
User: Linda
->Temp folder emptied: 68153813 bytes
->Temporary Internet Files folder emptied: 291056462 bytes
->FireFox cache emptied: 258669178 bytes
->Flash cache emptied: 45491 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33734 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42305994 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 630.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: lhamilton
 
User: Linda
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: lhamilton
 
User: Linda
 
User: Public
 
User: UpdatusUser
 
Total Java Files Cleaned = 0.00 mb
 
Restore point Set: OTL Restore Point
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 01202014_141619

Files\Folders moved on Reboot...
C:\Users\Linda\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

 

Things seem OK so far.

 

Linda



#12 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:06 AM

Posted 20 January 2014 - 03:50 PM

Hello again Linda,
 
Okay, good work! Now, I'd like to check and see if you're getting any errors on startup like before, or is that resolved now as well?
 
Other than that, I have some good news for you:

Your machine appears to be clean! :thumbsup:

Let's do some housekeeping now:



The following steps will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.


Step :step1:

DeFogger:

Note** This only needs to be run if it was run before - If not then skip it.

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

Your Emulation drivers are now re-enabled.

==========

Step :step2:

Uninstall ComboFix:

  • Turn off all active protection software.
  • Hold the "Windows0d8a4985-b5e2-41a6-a1b6-e4bafb517937_92." key and press "R" to open the runbox, then copy/paste ComboFix /Uninstall into the box and click Ok.
  • Note the space between the X and the /Uninstall, it needs to be there.

CF-Uninstall.png


==========

Step :step3:

Uninstall adwCleaner:

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

==========

Step :step4:

Download and Run TFC:

Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run as Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

  • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
    • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
    Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.

==========

Step :step5:

Now we will remove most of our tools from the cleaning process

Our work has left considerable leftovers on your machine, so let's clean those up real quick:

  • Reopen otlicon.png on your desktop.
  • Click on cleanup.png
  • You will be prompted to reboot your system. Please do so.

==============================


Are you having any additional problems at this point? If so, please let me know. Otherwise feel free to enjoy use of your repaired machine :thumbup2:


Useful information!
Below is some more information and useful tools and tips about how to keep your computer safe in the future.



The most common cause of an infected machine is the Trojan Horse, or programs which appear to be legitimate but which contain malicious payloads, or which are simply malicious in and of themselves. No antivirus, firewall, host-based intrusion prevention system (HIPS), or other security software can fully protect you against this kind of attack. The best way to project yourself is not to run email attachments from untrusted sources, and avoid software downloaded from the internet wherever possible. Remember, when you run an application, you are giving that application permission to do to your machine anything you can do the machine, including create, modify, or destroy files or other data. In the Windows (and most other systems' such as Unix) security model, applications don't have privileges, users do.

The second most common cause of infection is out of date software. Leaving your system unpatched leaves holes through which attackers can execute code on your behalf without your consent. This goes for far more than common targets such as Windows and Internet Explorer. Most recent threats target other third party software, such as Adobe's Adobe Reader, Shockwave Player, or Flash Player, or Oracle's Java browser plugins. you can check your system for out of date software manually, or by using automated tools such as Secunia's Personal Software Inspector. This goes doubly for security applications such as antivirus and other antimalware products based on definition lists, where out of date lists mean no detection of newer malware.

Finally, occasionally you will be forced to run some potentially infected binary, or attackers will use a hole which is unpatched by software vendors, so a last line of defense is needed. That means turning on a firewall (Windows Firewall included with Windows XP SP2 or later is fine) and leaving it on, and using and keeping up to date an antivirus solution such as Norton AntiVirus. Antiviral solutions don't even have to cost money; for instance Microsoft Secuity Essentials provides perfectly acceptable protection for free. If for some reason you don't like MSE, there are other free products available as well:

  • Avast (home use only)
  • Avira (shows nag screen to purchase full product when updating, home use only)

That should be fine for the majority of users. However, if you absolutely want additional protection, consider one or more of the following products:

If you want more information on methods malware use to infect your computer, consider browsing our How did I get infected? topic.

Please respond to this post so I can close the thread unless you have any other questions.


Best of regards, and happy surfing!! :wink:

bloopie



#13 lhamilton

lhamilton
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 20 January 2014 - 04:22 PM

Thanks! It's good to know my machine is finally clean! I actually never had startup errors, just popups from Malwarebytes alerts which stopped when I ran rkill before I scanned.

1. No DefFogger was installed.

2. ComboFix now uninstalled.

3. ADWCleaner uninstalled.

4 TFC ran (and didn't need a reboot). I've rebooted.

5.OTL Cleanup completed.

 

Thanks!

 

Linda



#14 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:06 AM

Posted 20 January 2014 - 04:36 PM

It was my pleasure Linda, glad I could help! :)

 

You followed all my instructions very well and were a pleasure to help!

 

Again well done, and stay safe! :thumbsup2:

 

bloopie



#15 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:06 AM

Posted 20 January 2014 - 04:37 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users