Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

May Have Had PWS-Type Malware Onboard


  • This topic is locked This topic is locked
20 replies to this topic

#1 Ex_Brit

Ex_Brit

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toronto, Canada
  • Local time:09:37 AM

Posted 03 February 2014 - 06:53 AM

Hi, my name is Peter.  McAfee failed to catch something that came loaded with  a hyperlink friends sent me. 

I think I have cleared it running various tools (MBAM Free, AdwCleaner, Junkware Removal Tool, McAfee RootkitRemover etc. - only MBAM found anything - log attached) but want to make sure I'm clean.

I understand you guys are really busy so I do not expect a quick answer.

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 6:48:25 AM, on 03/02/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16526)

FIREFOX: 26.0 (en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe
C:\Users\Peter\AppData\Local\TheWeatherNetwork\WeatherEye\weathereye.exe
C:\Program Files (x86)\Stickies\stickies.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files (x86)\IncrediMail\bin\ImApp.exe
C:\ProgramData\BOINC\projects\docking.cis.udel.edu\charmm34_6.23_windows_x86_64
C:\Program Files (x86)\IncrediMail\bin\IncMail.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
C:\Users\Peter\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: dTPodcastBHO - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Users\Peter\AppData\Local\TheWeatherNetwork\WeatherEye\weathereye.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3319989130-4013550696-144202481-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\RunOnce: [{91140000-0011-0000-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [{90140000-00BA-0409-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [{90140000-00A1-0409-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [{90140000-001A-0409-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [{90140000-0018-0409-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [{90140000-0019-0409-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [{90140000-001B-0409-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [{91140000-0011-0000-1000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'Default user')
O4 - Global Startup: iReboot 1.1.1.lnk = C:\Program Files (x86)\NeoSmart Technologies\iReboot\iReboot.exe
O4 - Global Startup: Stickies.lnk = C:\Program Files (x86)\Stickies\stickies.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files (x86)\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CLHNServiceForPowerDVD12 - CyberLink Corp. - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Diskeeper - Condusiv Technologies - C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iReboot Background Service (iReboot) - Unknown owner - C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files (x86)\Retrospect\Retrospect Express HD 2.5\retrorun.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16676 bytes
 

Attached Files


Edited by Ex_Brit, 04 February 2014 - 04:59 AM.

Peter
Toronto, Canada

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 AM

Posted 08 February 2014 - 06:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/523027 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Ex_Brit

Ex_Brit
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toronto, Canada
  • Local time:09:37 AM

Posted 09 February 2014 - 09:32 AM

Thank you - I never received notification that a response had been posted.  I just would like an opinion of whether or not you think my machine looks OK from the above log.  DDS log follows and Attach log is attached.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16526  BrowserJavaVersion: 10.51.2
Run by Peter at 9:34:44 on 2014-02-09
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.2.1033.18.12278.7038 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Retrospect\Retrospect Express HD 2.5\retrorun.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files\eFMer\TThrottle\TThrottle64.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Peter\AppData\Local\TheWeatherNetwork\WeatherEye\weathereye.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\NeoSmart Technologies\iReboot\iReboot.exe
C:\Program Files (x86)\Stickies\stickies.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\IncrediMail\bin\ImApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\ehome\ehRecvr.exe
C:\ProgramData\BOINC\projects\www.cosmologyathome.org\camb_2.16_windows_intelx86.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\ProgramData\BOINC\projects\www.cosmologyathome.org\camb_2.16_windows_intelx86.exe
C:\Program Files (x86)\IncrediMail\bin\IncMail.exe
C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_fahv_vina_7.06_windows_x86_64
C:\ProgramData\BOINC\projects\docking.cis.udel.edu\charmm34_6.23_windows_x86_64
C:\ProgramData\BOINC\projects\docking.cis.udel.edu\charmm34_6.23_windows_x86_64
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\ProgramData\BOINC\projects\boincsimap.org_boincsimap\simap_5.12_windows_x86_64.exe
C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_fahv_vina_7.06_windows_x86_64
C:\ProgramData\BOINC\projects\boinc.fzk.de_poem\poempp_1.6_windows_intelx86
C:\ProgramData\BOINC\projects\boinc.fzk.de_poem\poempp_1.6_windows_intelx86
C:\ProgramData\BOINC\projects\boinc.fzk.de_poem\poempp_1.6_windows_intelx86
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_fahv_vina_prod_64.exe.7.06
C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_fahv_vina_prod_64.exe.7.06
C:\ProgramData\BOINC\projects\www.malariacontrol.net\openMalariaB_6.68_windows_intelx86
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
mWinlogon: Userinit = userinit.exe,
BHO: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [IE New Window Maximizer] C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe
uRun: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WeatherEye] C:\Users\Peter\AppData\Local\TheWeatherNetwork\WeatherEye\weathereye.exe
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [{91140000-0011-0000-1000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-0044-0409-1000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-006E-0409-1000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-0015-0409-1000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-0016-0409-1000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-00BA-0409-1000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-00A1-0409-1000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-001A-0409-1000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-0018-0409-1000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-0019-0409-1000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-001B-0409-1000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IREBOO~1.LNK - C:\Program Files (x86)\NeoSmart Technologies\iReboot\iReboot.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Stickies.lnk - C:\Program Files (x86)\Stickies\stickies.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM
IE: Se&nd to OneNote - C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 192.168.0.2
TCP: Interfaces\{844F1E32-7C7B-4E21-99B2-032526271FE4} : DHCPNameServer = 192.168.0.2
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"
x64-Run: [SoundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe" /tray
x64-Run: [EFMER_TThrottle] C:\Program Files\eFMer\TThrottle\TThrottle64.exe
x64-Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
x64-Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - C:\Windows\System32\soundschemes.exe /AddRegistration
x64-mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - C:\Windows\System32\soundschemes2.exe /AddRegistration
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\2o1rkvf8.default\
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Caminova\Document Express DjVu Plug-in\npdjvu.dll
FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npatgpc.dll
FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Users\Peter\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - plugin: C:\Users\Peter\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DKDFM;Device Filter Manager Driver;C:\Windows\System32\drivers\DKDFM.sys [2013-6-25 40752]
R0 DKTLFSMF;Telemetry File System Mini Filter Driver;C:\Windows\System32\drivers\DKTLFSMF.sys [2013-6-25 106832]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2013-6-26 210016]
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2013-6-26 141920]
R1 cputemperature;cputemperature;C:\Windows\System32\drivers\cputemperature.sys [2013-6-25 30144]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-8-7 343696]
R1 VBoxDrv;VirtualBox Service;C:\Windows\System32\drivers\VBoxDrv.sys [2013-12-18 252688]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\System32\drivers\VBoxUSBMon.sys [2013-12-18 126736]
R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2013/06/23 16:12:36];C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2013-3-4 130320]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2008-10-13 8192]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2013-6-23 89864]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2013-6-23 77576]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2013-6-23 294664]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-8-27 328928]
R2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2012-12-20 14952]
R2 iReboot;iReboot Background Service;C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe [2009-9-15 17408]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-25 418376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-8-27 328928]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-8-27 178048]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-8-27 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-8-27 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-8-27 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-8-27 328928]
R2 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-8-7 311120]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-8-27 1025232]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-8-27 219272]
R2 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-8-7 782616]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-8-27 184800]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
R2 ntk_PowerDVD12;ntk_PowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2013-6-23 83704]
R2 SymAFR;SymAFR;C:\Windows\System32\drivers\SymAFR.sys [2013-6-25 18992]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-8-7 70112]
R3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2013-6-25 52048]
R3 hcw89;hcw89 service;C:\Windows\System32\drivers\hcw89.sys [2009-11-19 1562624]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-25 25928]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-8-7 519576]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2013-11-26 411944]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-2 31744]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-10-26 75264]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-10-26 176640]
R3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\System32\drivers\point64.sys [2011-8-1 45416]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;C:\Windows\System32\drivers\VBoxNetFlt.sys [2013-12-18 154896]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2007-12-6 391680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-25 701512]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-4-11 89920]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-1-15 197704]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2013-11-26 96112]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\System32\drivers\VBoxNetAdp.sys [2013-12-18 140560]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
.
=============== File Associations ===============
.
FileExt: .reg: regfile=regedit.exe "%1" [UserChoice]
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-02-05 14:47:08    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 14:47:08    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-24 01:21:40    2531328    ----a-w-    C:\Windows\Mars Exploration Rovers.scr
2014-01-21 01:19:59    99384    ----a-w-    C:\Users\Peter\AppData\Roaming\inst.exe
2014-01-21 01:19:59    82816    ----a-w-    C:\Users\Peter\AppData\Roaming\pcouffin.sys
2014-01-14 18:28:56    86054176    ----a-w-    C:\Windows\System32\mrt.exe
2013-12-19 02:09:39    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-19 02:04:13    264616    ----a-w-    C:\Windows\SysWow64\javaws.exe
2013-12-19 02:04:09    175016    ----a-w-    C:\Windows\SysWow64\javaw.exe
2013-12-19 02:03:46    174504    ----a-w-    C:\Windows\SysWow64\java.exe
2013-12-18 22:19:54    252688    ----a-w-    C:\Windows\System32\drivers\VBoxDrv.sys
2013-12-18 22:16:44    154896    ----a-w-    C:\Windows\System32\drivers\VBoxNetFlt.sys
2013-12-18 22:16:44    140560    ----a-w-    C:\Windows\System32\drivers\VBoxNetAdp.sys
2013-12-18 22:16:44    126736    ----a-w-    C:\Windows\System32\drivers\VBoxUSBMon.sys
2013-12-18 22:13:30    204048    ----a-w-    C:\Windows\System32\VBoxNetFltNobj.dll
2013-12-18 11:13:56    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2013-12-05 21:51:38    70112    ----a-w-    C:\Windows\System32\drivers\cfwids.sys
2013-12-05 21:45:18    343696    ----a-w-    C:\Windows\System32\drivers\mfewfpk.sys
2013-12-05 21:44:56    184800    ----a-w-    C:\Windows\System32\mfevtps.exe
2013-12-05 21:41:04    782616    ----a-w-    C:\Windows\System32\drivers\mfehidk.sys
2013-12-05 21:39:08    519576    ----a-w-    C:\Windows\System32\drivers\mfefirek.sys
2013-12-05 21:37:34    311120    ----a-w-    C:\Windows\System32\drivers\mfeavfk.sys
2013-12-05 21:36:50    179792    ----a-w-    C:\Windows\System32\drivers\mfeapfk.sys
2013-11-27 03:07:44    10856    ----a-w-    C:\Windows\System32\drivers\mfeclnrk.sys
2013-11-27 03:07:22    96112    ----a-w-    C:\Windows\System32\drivers\mfencrk.sys
2013-11-27 03:07:02    411944    ----a-w-    C:\Windows\System32\drivers\mfencbdc.sys
2013-11-26 14:46:14    138152    ----a-w-    C:\Windows\SysWow64\drivers\AnyDVD.sys
2013-11-26 14:46:14    138152    ----a-w-    C:\Windows\System32\drivers\AnyDVD.sys
2013-11-25 15:28:46    1086096    ----a-w-    C:\Windows\boinc.scr
2013-11-15 02:09:03    17847296    ----a-w-    C:\Windows\System32\mshtml.dll
2013-11-15 01:42:57    10926080    ----a-w-    C:\Windows\System32\ieframe.dll
2013-11-15 01:37:29    2334720    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-15 01:29:33    1347072    ----a-w-    C:\Windows\System32\urlmon.dll
2013-11-15 01:29:03    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-15 01:28:41    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-15 01:28:00    237056    ----a-w-    C:\Windows\System32\url.dll
2013-11-15 01:25:24    85504    ----a-w-    C:\Windows\System32\jsproxy.dll
2013-11-15 01:22:21    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-15 01:20:47    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-11-15 01:20:45    816640    ----a-w-    C:\Windows\System32\jscript.dll
2013-11-15 01:19:54    2147840    ----a-w-    C:\Windows\System32\iertutil.dll
2013-11-15 01:19:47    729088    ----a-w-    C:\Windows\System32\msfeeds.dll
2013-11-15 01:18:24    96768    ----a-w-    C:\Windows\System32\mshtmled.dll
2013-11-15 01:18:03    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-15 01:12:57    248320    ----a-w-    C:\Windows\System32\ieui.dll
2013-11-14 23:13:33    12344320    ----a-w-    C:\Windows\SysWow64\mshtml.dll
2013-11-14 22:50:50    1806848    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-14 22:50:06    9739264    ----a-w-    C:\Windows\SysWow64\ieframe.dll
2013-11-14 22:43:24    1105408    ----a-w-    C:\Windows\SysWow64\urlmon.dll
2013-11-14 22:42:41    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-14 22:42:32    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-14 22:41:18    231936    ----a-w-    C:\Windows\SysWow64\url.dll
2013-11-14 22:40:04    65024    ----a-w-    C:\Windows\SysWow64\jsproxy.dll
2013-11-14 22:38:54    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-11-14 22:38:35    717824    ----a-w-    C:\Windows\SysWow64\jscript.dll
2013-11-14 22:38:16    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-11-14 22:37:32    607744    ----a-w-    C:\Windows\SysWow64\msfeeds.dll
2013-11-14 22:36:16    1796096    ----a-w-    C:\Windows\SysWow64\iertutil.dll
2013-11-14 22:36:08    73216    ----a-w-    C:\Windows\SysWow64\mshtmled.dll
2013-11-14 22:35:52    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-14 22:32:56    176640    ----a-w-    C:\Windows\SysWow64\ieui.dll
2013-11-11 15:02:02    6674208    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-11-11 15:02:02    3490080    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-11-11 15:01:59    922912    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-11-11 15:01:59    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-11-11 15:01:59    2559776    ----a-w-    C:\Windows\System32\nvsvcr.dll
2013-11-11 15:01:59    219424    ----a-w-    C:\Windows\System32\nvmctray.dll
.
============= FINISH:  9:35:11.54 ===============

Attached File  attach.zip   3.62KB   0 downloads

 


Edited by Ex_Brit, 09 February 2014 - 09:38 AM.

Peter
Toronto, Canada

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:37 AM

Posted 09 February 2014 - 07:41 PM

Greetings Peter and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Ex_Brit

Ex_Brit
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toronto, Canada
  • Local time:09:37 AM

Posted 09 February 2014 - 07:54 PM

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-02-2014 03
Ran by Peter (administrator) on R2D2 on 09-02-2014 19:51:06
Running from C:\Users\Peter\Desktop
Windows Vista ™ Ultimate Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
() C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(EMC Corporation) C:\Program Files (x86)\Retrospect\Retrospect Express HD 2.5\retrorun.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Alienware Corporation) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
(eFMer) C:\Program Files\eFMer\TThrottle\TThrottle64.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe
(jiiSoft) C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Pelmorex Media Inc.) C:\Users\Peter\AppData\Local\TheWeatherNetwork\WeatherEye\weathereye.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(NeoSmart Technologies) C:\Program Files (x86)\NeoSmart Technologies\iReboot\iReboot.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\bin\ImApp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe
() C:\ProgramData\BOINC\projects\www.cosmologyathome.org\camb_2.16_windows_intelx86.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
() C:\ProgramData\BOINC\projects\www.cosmologyathome.org\camb_2.16_windows_intelx86.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\bin\IncMail.exe
() C:\ProgramData\BOINC\projects\docking.cis.udel.edu\charmm34_6.23_windows_x86_64
() C:\ProgramData\BOINC\projects\docking.cis.udel.edu\charmm34_6.23_windows_x86_64
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_fahv_vina_7.06_windows_x86_64
() C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_faah_7.15_windows_x86_64
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
() C:\ProgramData\BOINC\projects\boinc.fzk.de_poem\poempp_1.6_windows_intelx86
(GSF) C:\ProgramData\BOINC\projects\boincsimap.org_boincsimap\simap_5.12_windows_x86_64.exe
() C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_fahv_vina_prod_64.exe.7.06
() C:\ProgramData\BOINC\projects\www.malariacontrol.net\openMalariaB_6.68_windows_intelx86
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [AlienFX Controller] - C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe [79360 2008-10-17] (Alienware Corporation)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [SoundMAX] - C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [EFMER_TThrottle] - C:\Program Files\eFMer\TThrottle\TThrottle64.exe [3513264 2013-10-27] (eFMer)
HKLM\...\Run: [boinctray] - C:\Program Files\BOINC\boinctray.exe [73360 2013-11-25] (Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] - C:\Program Files\BOINC\boincmgr.exe [5878928 2013-11-25] (Space Sciences Laboratory)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2009-06-05] (Analog Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [{91140000-0011-0000-1000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\RunOnce: [{90140000-0044-0409-1000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\RunOnce: [{90140000-006E-0409-1000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\RunOnce: [{90140000-0015-0409-1000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\RunOnce: [{90140000-0016-0409-1000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\RunOnce: [{90140000-00BA-0409-1000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\RunOnce: [{90140000-00A1-0409-1000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\RunOnce: [{90140000-001A-0409-1000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\RunOnce: [{90140000-0018-0409-1000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\RunOnce: [{90140000-0019-0409-1000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\RunOnce: [{90140000-001B-0409-1000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3319989130-4013550696-144202481-1000\...\Run: [IE New Window Maximizer] - C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe [356352 2005-02-08] (jiiSoft)
HKU\S-1-5-21-3319989130-4013550696-144202481-1000\...\Run: [IncrediMail] - C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [251336 2009-09-07] (IncrediMail, Ltd.)
HKU\S-1-5-21-3319989130-4013550696-144202481-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3319989130-4013550696-144202481-1000\...\Run: [WeatherEye] - C:\Users\Peter\AppData\Local\TheWeatherNetwork\WeatherEye\weathereye.exe [310920 2012-08-30] (Pelmorex Media Inc.)
HKU\S-1-5-21-3319989130-4013550696-144202481-1001\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
BHO-x32: PodcastBHO Class - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\2o1rkvf8.default
FF NewTab: hxxp://www.google.ca
FF SearchEngineOrder.1: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @caminova.com/DjVuPlugin - C:\Program Files (x86)\Caminova\Document Express DjVu Plug-in\npdjvu.dll (Caminova, Inc.)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @doubletwist.com/NPPodcast - C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Peter\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Peter\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: British English Dictionary (Updated) - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\2o1rkvf8.default\Extensions\en-gb@flyingtophat.co.uk [2013-10-23]
FF Extension: LavaFox V2 - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\2o1rkvf8.default\Extensions\info@djzig.com [2014-01-13]
FF Extension: Windows Media Player Extension for Firefox - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\2o1rkvf8.default\Extensions\jid0-nRwp7VvCqZcSRTppwWz2npqGEKw@jetpack [2013-07-01]
FF Extension: WOT - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\2o1rkvf8.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Wiktionary and Google Translate - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\2o1rkvf8.default\Extensions\googledictionary@toptip.ca.xpi [2013-08-08]
FF Extension: No Name - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\2o1rkvf8.default\Extensions\Magnifier@girishsharma.xpi [2013-07-03]
FF Extension: Google Translator for Firefox - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\2o1rkvf8.default\Extensions\translator@zoli.bod.xpi [2013-09-06]
FF Extension: deskCut - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\2o1rkvf8.default\Extensions\{9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA}.xpi [2013-06-25]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-08-27]

Chrome:
=======
CHR HomePage:
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.4.1311_0\McChPlg.dll (McAfee, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Users\Peter\AppData\Roaming\Mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Peter\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DjVu Plugin Viewer) - C:\Program Files (x86)\Caminova\Document Express DjVu Plug-in\npdjvu.dll (Caminova, Inc.)
CHR Plugin: (doubletwist Plugin 1, 3, 0, 0) - C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Extension: (Google Translate) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-08-04]
CHR Extension: (Google Docs) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-04]
CHR Extension: (Google Drive) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-04]
CHR Extension: (WOT) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-08-04]
CHR Extension: (James White) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm [2013-08-04]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-04]
CHR Extension: (Google Search) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-04]
CHR Extension: (SiteAdvisor) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-08-04]
CHR Extension: (Google Wallet) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-04]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-08-27]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation)
R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-03-04] (CyberLink Corp.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-03-04] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-03-04] (CyberLink)
R2 Diskeeper; C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe [2721656 2012-07-27] (Condusiv Technologies)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 iReboot; C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe [17408 2009-09-15] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-11-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-12-05] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [184800 2013-12-05] (McAfee, Inc.)
R2 RetroExpLauncher; C:\Program Files (x86)\Retrospect\Retrospect Express HD 2.5\retrorun.exe [107800 2008-07-16] (EMC Corporation)

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138152 2013-11-26] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138152 2013-11-26] (SlySoft, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-12-05] (McAfee, Inc.)
R1 cputemperature; C:\Windows\System32\Drivers\cputemperature.sys [30144 2012-07-15] (eFMer)
R0 DKDFM; C:\Windows\System32\drivers\DKDFM.sys [40752 2012-04-05] (Condusiv Technologies)
R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [52048 2012-06-18] (Condusiv Technologies)
R0 DKTLFSMF; C:\Windows\System32\drivers\DKTLFSMF.sys [106832 2012-07-09] (Condusiv Technologies)
R3 hcw89; C:\Windows\System32\DRIVERS\hcw89.sys [1562624 2013-06-21] (Hauppauge Computer Works, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mfeapfk; C:/Windows/System32/drivers/mfeapfk.sys [179792 2013-12-05] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-12-05] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-12-05] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782616 2013-12-05] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-12-05] (McAfee, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2013-06-21] ()
R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-09-10] (Cyberlink Corp.)
R2 SymAFR; C:\Windows\System32\DRIVERS\SymAFR.sys [18992 2013-06-25] (Windows ® Codename Longhorn DDK provider)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-06-26] (Acronis)
R2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [130320 2013-03-04] (CyberLink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MFE_RR; \??\C:\Users\Peter\AppData\Local\Temp\mfe_rr.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-09 19:51 - 2014-02-09 19:51 - 00029868 _____ () C:\Users\Peter\Desktop\FRST.txt
2014-02-09 19:51 - 2014-02-09 19:51 - 00000000 ___SH () C:\DkHyperbootSync
2014-02-09 19:50 - 2014-02-09 19:51 - 00000000 ____D () C:\FRST
2014-02-09 19:49 - 2014-02-09 19:49 - 02170880 _____ (Farbar) C:\Users\Peter\Desktop\FRST64.exe
2014-02-05 09:28 - 2014-02-05 09:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-05 07:40 - 2014-02-05 07:40 - 00000648 _____ () C:\Windows\PFRO.log
2014-02-04 04:35 - 2014-02-04 04:35 - 00000013 _____ () C:\Users\Peter\Desktop\zzbladedtracking.txt
2014-02-03 18:18 - 2014-02-03 18:18 - 04285472 _____ (LG Software Innovations ) C:\Users\Peter\Downloads\1clickbluraycopysetup1.0.1.7.exe
2014-02-03 09:39 - 2014-02-03 09:39 - 00000094 _____ () C:\Users\Peter\Desktop\zzzDHLAI.url
2014-02-03 09:23 - 2014-02-03 09:23 - 00000112 _____ () C:\Users\Peter\Desktop\zzzBCmyThread.url
2014-01-31 10:27 - 2014-01-31 10:27 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-31 10:27 - 2014-01-31 10:27 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-01-31 10:27 - 2014-01-31 10:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-25 07:28 - 2014-01-25 07:28 - 10630080 _____ () C:\Users\Peter\Downloads\SetupAnyDVD7420.exe
2014-01-24 12:09 - 2014-01-24 12:38 - 00000145 _____ () C:\Users\Peter\Desktop\MSFN Forum.url
2014-01-23 20:22 - 2014-01-23 20:21 - 02531328 _____ () C:\Windows\Mars Exploration Rovers.scr
2014-01-23 20:21 - 2014-01-23 20:21 - 02531328 _____ () C:\Users\Peter\Downloads\mer_setup.exe
2014-01-22 20:59 - 2014-01-22 21:00 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-22 20:59 - 2014-01-22 21:00 - 00000000 ____D () C:\Program Files\iTunes
2014-01-22 20:59 - 2014-01-22 21:00 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-22 20:59 - 2014-01-22 20:59 - 00000000 ____D () C:\Program Files\iPod
2014-01-20 20:17 - 2014-01-20 20:17 - 32201624 _____ (VSO Software ) C:\Users\Peter\Downloads\vsoConvertXtoDVD5_setup.exe
2014-01-20 14:06 - 2014-01-20 14:06 - 00000000 ____D () C:\Users\Peter\AppData\Local\Nero
2014-01-20 14:05 - 2014-01-20 14:05 - 00000000 ____D () C:\Users\Peter\AppData\Local\Nero_AG
2014-01-20 13:31 - 2014-01-20 13:31 - 05269192 _____ (LG Software Innovations ) C:\Users\Peter\Downloads\1clickdvdcopysetupnt5.9.8.6.exe
2014-01-19 06:04 - 2014-01-19 06:04 - 12492864 _____ () C:\Users\Peter\Downloads\IncrediMail26395254Setup.exe
2014-01-19 05:57 - 2014-01-19 06:23 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\uTorrent
2014-01-18 05:32 - 2014-01-18 05:32 - 10608376 _____ () C:\Users\Peter\Downloads\SetupAnyDVD7410.exe
2014-01-16 07:24 - 2014-01-16 07:24 - 00000147 _____ () C:\Users\Peter\Desktop\Incredimail Forums.url
2014-01-15 08:01 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-01-14 18:04 - 2014-01-14 18:04 - 00005250 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-14 18:04 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-14 18:04 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-14 18:04 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-14 18:04 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-13 18:04 - 2014-01-13 18:04 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\IBKPRO

==================== One Month Modified Files and Folders =======

2014-02-09 19:51 - 2014-02-09 19:51 - 00029868 _____ () C:\Users\Peter\Desktop\FRST.txt
2014-02-09 19:51 - 2014-02-09 19:51 - 00000000 ___SH () C:\DkHyperbootSync
2014-02-09 19:51 - 2014-02-09 19:50 - 00000000 ____D () C:\FRST
2014-02-09 19:49 - 2014-02-09 19:49 - 02170880 _____ (Farbar) C:\Users\Peter\Desktop\FRST64.exe
2014-02-09 19:49 - 2013-06-25 06:38 - 00000000 ____D () C:\ProgramData\BOINC
2014-02-09 18:47 - 2006-11-02 10:21 - 00005520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-09 18:47 - 2006-11-02 10:21 - 00005520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-09 18:05 - 2013-11-29 07:00 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ceecfa9dead0d0.job
2014-02-09 17:47 - 2013-06-21 14:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-09 17:07 - 2013-12-25 10:29 - 00000147 _____ () C:\Users\Peter\Desktop\zzzMcLast.url
2014-02-09 13:11 - 2013-09-10 09:24 - 01762771 _____ () C:\Windows\WindowsUpdate.log
2014-02-09 09:59 - 2013-06-21 12:29 - 00003670 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6B10E392-5710-4201-966B-5F1A9BFC6891}
2014-02-09 09:55 - 2013-08-12 11:01 - 00000009 _____ () C:\Users\Peter\Desktop\zzzzSC.txt
2014-02-09 07:05 - 2013-11-29 07:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ceecfa9c85e9a0.job
2014-02-08 19:38 - 2013-06-25 12:46 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-02-08 09:57 - 2013-09-14 05:19 - 00000000 ____D () C:\Users\Peter\.VirtualBox
2014-02-08 04:54 - 2006-11-02 07:46 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-08 04:48 - 2013-06-25 13:07 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\stickies
2014-02-08 04:48 - 2006-11-02 10:06 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-02-08 04:47 - 2006-11-02 10:40 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-07 21:17 - 2013-06-21 10:39 - 00002140 _____ () C:\Windows\bthservsdp.dat
2014-02-07 21:17 - 2006-11-02 10:40 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-06 21:50 - 2013-06-25 06:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-06 12:19 - 2013-07-02 13:33 - 00000000 ____D () C:\Users\Peter\AppData\Local\1Click Bluray Copy
2014-02-06 12:19 - 2013-06-25 06:28 - 00000000 ____D () C:\ProgramData\1click dvd copy
2014-02-06 11:24 - 2013-09-26 13:10 - 00000000 ____D () C:\Users\Peter\AppData\Local\1Click DVD Copy
2014-02-05 16:47 - 2013-06-21 14:54 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 09:47 - 2013-06-21 14:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 09:47 - 2013-06-21 14:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 09:35 - 2013-06-21 14:49 - 00000000 ____D () C:\Users\Peter\AppData\Local\Adobe
2014-02-05 09:28 - 2014-02-05 09:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-05 07:41 - 2013-08-27 05:27 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-02-05 07:40 - 2014-02-05 07:40 - 00000648 _____ () C:\Windows\PFRO.log
2014-02-05 06:14 - 2006-11-02 10:06 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-02-04 04:35 - 2014-02-04 04:35 - 00000013 _____ () C:\Users\Peter\Desktop\zzbladedtracking.txt
2014-02-03 18:18 - 2014-02-03 18:18 - 04285472 _____ (LG Software Innovations ) C:\Users\Peter\Downloads\1clickbluraycopysetup1.0.1.7.exe
2014-02-03 09:39 - 2014-02-03 09:39 - 00000094 _____ () C:\Users\Peter\Desktop\zzzDHLAI.url
2014-02-03 09:23 - 2014-02-03 09:23 - 00000112 _____ () C:\Users\Peter\Desktop\zzzBCmyThread.url
2014-02-03 06:47 - 2013-06-21 10:51 - 00000000 ____D () C:\Users\Peter\AppData\Local\VirtualStore
2014-01-31 10:30 - 2013-06-26 03:53 - 00000000 ____D () C:\Users\Peter\AppData\Local\CrashDumps
2014-01-31 10:30 - 2013-06-21 14:31 - 00000000 ____D () C:\Windows\Panther
2014-01-31 10:27 - 2014-01-31 10:27 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-31 10:27 - 2014-01-31 10:27 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-01-31 10:27 - 2014-01-31 10:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-29 14:13 - 2013-06-21 10:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-01-29 14:05 - 2013-11-21 06:34 - 00000000 ____D () C:\AdwCleaner
2014-01-27 20:37 - 2006-11-02 10:21 - 00381024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-27 17:03 - 2013-07-01 14:49 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\webex
2014-01-26 10:11 - 2013-06-21 10:51 - 00101648 _____ () C:\Users\Peter\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-25 07:28 - 2014-01-25 07:28 - 10630080 _____ () C:\Users\Peter\Downloads\SetupAnyDVD7420.exe
2014-01-24 12:38 - 2014-01-24 12:09 - 00000145 _____ () C:\Users\Peter\Desktop\MSFN Forum.url
2014-01-23 20:21 - 2014-01-23 20:22 - 02531328 _____ () C:\Windows\Mars Exploration Rovers.scr
2014-01-23 20:21 - 2014-01-23 20:21 - 02531328 _____ () C:\Users\Peter\Downloads\mer_setup.exe
2014-01-22 21:18 - 2013-09-14 18:55 - 00000000 ____D () C:\Users\Peter\AppData\Local\C8077D5A-9DB2-446F-BB5C-645C8C12E68C.aplzod
2014-01-22 21:18 - 2013-06-22 06:18 - 00000000 ____D () C:\Users\Peter\Documents\Outlook Files
2014-01-22 21:00 - 2014-01-22 20:59 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-22 21:00 - 2014-01-22 20:59 - 00000000 ____D () C:\Program Files\iTunes
2014-01-22 21:00 - 2014-01-22 20:59 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-22 20:59 - 2014-01-22 20:59 - 00000000 ____D () C:\Program Files\iPod
2014-01-22 20:54 - 2013-06-25 08:21 - 00000000 ____D () C:\ProgramData\Apple
2014-01-20 20:27 - 2013-06-22 06:18 - 00000542 _____ () C:\Users\Peter\Documents\ConvertXtoDVDLicense.txt
2014-01-20 20:19 - 2013-06-25 06:45 - 00099384 _____ () C:\Users\Peter\AppData\Roaming\inst.exe
2014-01-20 20:19 - 2013-06-25 06:45 - 00082816 _____ (VSO Software) C:\Users\Peter\AppData\Roaming\pcouffin.sys
2014-01-20 20:19 - 2013-06-25 06:45 - 00007859 _____ () C:\Users\Peter\AppData\Roaming\pcouffin.cat
2014-01-20 20:19 - 2013-06-25 06:45 - 00000055 _____ () C:\Users\Peter\AppData\Roaming\pcouffin.log
2014-01-20 20:19 - 2013-06-25 06:45 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Vso
2014-01-20 20:17 - 2014-01-20 20:17 - 32201624 _____ (VSO Software ) C:\Users\Peter\Downloads\vsoConvertXtoDVD5_setup.exe
2014-01-20 16:46 - 2013-06-22 06:17 - 00000000 ____D () C:\Users\Peter\Documents\ConvertXToDVD
2014-01-20 16:31 - 2013-09-26 10:12 - 00000000 ____D () C:\ProgramData\vsosdk
2014-01-20 14:06 - 2014-01-20 14:06 - 00000000 ____D () C:\Users\Peter\AppData\Local\Nero
2014-01-20 14:05 - 2014-01-20 14:05 - 00000000 ____D () C:\Users\Peter\AppData\Local\Nero_AG
2014-01-20 13:36 - 2013-11-29 11:37 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Nero
2014-01-20 13:33 - 2013-06-25 06:29 - 00000000 ____D () C:\Users\Public\Documents\LGSI
2014-01-20 13:31 - 2014-01-20 13:31 - 05269192 _____ (LG Software Innovations ) C:\Users\Peter\Downloads\1clickdvdcopysetupnt5.9.8.6.exe
2014-01-19 06:23 - 2014-01-19 05:57 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\uTorrent
2014-01-19 06:04 - 2014-01-19 06:04 - 12492864 _____ () C:\Users\Peter\Downloads\IncrediMail26395254Setup.exe
2014-01-18 05:32 - 2014-01-18 05:32 - 10608376 _____ () C:\Users\Peter\Downloads\SetupAnyDVD7410.exe
2014-01-16 07:24 - 2014-01-16 07:24 - 00000147 _____ () C:\Users\Peter\Desktop\Incredimail Forums.url
2014-01-16 07:10 - 2013-08-27 05:21 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-01-14 19:08 - 2013-06-25 13:20 - 00002573 _____ () C:\Users\Peter\Desktop\Microsoft Word 2010.lnk
2014-01-14 18:04 - 2014-01-14 18:04 - 00005250 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-14 18:04 - 2013-10-17 06:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-14 18:04 - 2013-06-21 14:47 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-14 13:31 - 2013-07-10 12:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-14 13:28 - 2006-11-02 07:35 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-13 18:04 - 2014-01-13 18:04 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\IBKPRO

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-09 17:03

==================== End Of Log ============================

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-02-2014 03
Ran by Peter at 2014-02-09 19:52:11
Running from C:\Users\Peter\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

1Click Bluray Copy 1.0.1.7 (x32 Version:  - LG Software Innovations)
1Click DVD Copy 5.9.8.6 (x32 Version:  - LG Software Innovations)
3Planesoft Screensaver Manager 1.4 (x32 Version: 1.4 - 3Planesoft)
64 bit Windows Card Reader Driver (x32 Version: 1.1.0.0 - TEAC)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Acoustica Effects Pack (x32 Version: 1.0 - Acoustica, Inc)
Acronis True Image WD Edition (x32 Version: 13.0.14184 - Acronis)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.5.146 - Adobe Systems, Inc.)
AIDA64 Extreme Edition v3.00 (x32 Version: 3.00 - FinalWire Ltd.)
AnyDVD (x32 Version: 7.4.2.0 - SlySoft)
Apple Application Support (x32 Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ASUSUpdate (x32 Version: 7.17.17 - ASUSTeK Computer Inc.)
Belarc Advisor 8.4 (x32 Version: 8.4.0.0 - Belarc Inc.)
Belkin USB-to-Serial Adapter (x32 Version: 1.00.001 - Belkin)
BOINC (Version: 7.2.33 - Space Sciences Laboratory, U.C. Berkeley)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 1.0 (x32 Version:  - )
Canon MX300 series (Version:  - )
Canon Utilities Easy-PhotoPrint EX (x32 Version:  - )
Canon Utilities My Printer (x32 Version:  - )
Canon Utilities Solution Menu (x32 Version:  - )
CCleaner (Version: 4.10 - Piriform)
Cisco WebEx Meeting Center for Firefox or Chrome (x32 Version: 28.12.1.16851 - Cisco WebEx LLC)
Cisco WebEx Meetings (HKCU Version:  - Cisco WebEx LLC)
Command Center (Version: 1.0.30.0 - Alienware Corp.) Hidden
Command Center (x32 Version:  - )
Convert (x32 Version: 4.10 - Joshua F. Madison)
ConvertXtoDVD 4 english manual (x32 Version:  - VSO Software SARL)
CyberLink PowerDVD 12 (x32 Version: 12.0.2625.57 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.2625.57 - CyberLink Corp.) Hidden
Data Lifeguard Diagnostic for Windows 1.24 (x32 Version:  - Western Digital Corporation)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (Version:  - Microsoft)
Desktop Magnify v1.5 (x32 Version: 1.5 - eyeClaxton Software)
Diskeeper 12 Professional (Version: 16.0.1017.64 - Condusiv Technologies)
Document Express DjVu Plug-in (x32 Version: 6.1.31831 - Caminova, Inc.)
doubleTwist (x32 Version: 3.2.2.17028 - doubleTwist Corporation)
EasyBCD 2.2 (x32 Version: 2.2 - NeoSmart Technologies)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HandBrake 0.9.9.1 (x32 Version: 0.9.9.1 - )
Highway Pursuit v1.1 (x32 Version:  - Adam Dawes)
Host OpenAL (ADI) (x32 Version:  - )
iCloud (Version: 2.1.3.25 - Apple Inc.)
IE New Window Maximizer 2.4 (x32 Version:  - jiiSoft, Jonatan Dahl)
ieSpell (x32 Version: 2.6.4 (build 573) - Red Egg Software)
ImgBurn (x32 Version: 2.5.8.0 - LIGHTNING UK!)
IncrediMail (x32 Version:  5.8.6.4332 - IncrediMail Ltd.)
IP Address Lookup v2.0.092606 (x32 Version:  - Softnik Technologies)
iReboot 1.1.1 (x32 Version: 1.1.1 - NeoSmart Technologies)
iTunes (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LightScribe System Software (x32 Version: 1.18.27.10 - LightScribe)
LightScribe Template Labeler (x32 Version: 1.18.27.10 - LightScribe)
LogonStudio (x32 Version:  - )
LSI PCI-SV92PP Soft Modem (Version: 2.2.98 - LSI Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Mars Exploration Rovers Screen Saver (x32 Version:  - )
McAfee All Access – Total Protection (x32 Version: 12.8.908 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (x32 Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0 (x86 en-US) (x32 Version: 27.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 27.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (x32 Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Nero 12 (x32 Version: 12.0.02000 - Nero AG)
Nero 12 Content Pack (x32 Version: 12.0.00400 - Nero AG)
Nero Abstract Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp (x32 Version: 12.5.7000 - Nero AG) Hidden
Nero BackItUp Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20030 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.9000 - Nero AG) Hidden
Nero Burning ROM (x32 Version: 12.5.6000 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Cliparts (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.21800 - Nero AG) Hidden
Nero Disc Menus 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus 2 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus 3 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Express (x32 Version: 12.5.7000 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden
Nero Family and Events Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Football (Soccer) Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Holiday and Sports Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Image Samples (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Kwik Media (x32 Version: 1.18.20100 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero PiP Effects 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero PiP Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Platinum Effects 12 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Prerequisite Installer 2.0 (x32 Version: 12.0.01000 - Nero AG)
Nero Recode (x32 Version: 12.5.6000 - Nero AG) Hidden
Nero Recode Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.11000 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Retro Film Themes (x32 Version: 12.0.11700 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Nero Video (x32 Version: 12.5.4000 - Nero AG) Hidden
Nero Video Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Video Samples (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Video Transitions 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Norton UAC Tool (Version:  - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 331.82 (Version: 331.82 - NVIDIA Corporation)
NVIDIA Control Panel 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.7.1 (Version: 1.7.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.82 (Version: 331.82 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Update 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation) Hidden
Oracle VM VirtualBox 4.3.6 (Version: 4.3.6 - Oracle Corporation)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Retrospect Express HD 2.5 (x32 Version: 2.5.113 - EMC)
SereneScreen Marine Aquarium 3 (x32 Version: 3.2 - Prolific Publishing, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
SoundMAX (x32 Version: 6.10.2.6585 - Analog Devices)
Spin It Again (x32 Version:  - Acoustica)
SpywareBlaster 5.0 (x32 Version: 5.0.0 - BrightFort LLC)
Stickies 7.1d (x32 Version:  - Zhorn Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (x32 Version: 4.5.13.0 - Husdawg, LLC)
The Complete National Geographic (x32 Version: 1.66 - National Geographic)
The Complete National Geographic (x32 Version: 1.66 build 1251 - National Geographic Society) Hidden
The Complete National Geographic (x32 Version: 1.66.1251 - National Geographic Society) Hidden
TThrottle (32/64 Bit): Temperature Throttle by eFMer V 7.2.2 (Version: 7.2.2 - eFMer)
Ultimate Extras sounds from Microsoft® Tinker™ (Version:  - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (Version:  - Microsoft)
VoipStunt (x32 Version: 4.13 build 737 - Finarea S.A. Switzerland)
VSO ConvertXToDVD (x32 Version: 5.1.0.2 - VSO Software)
WeatherEye (HKCU Version:  - )
Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden
Western Railway 3D Screensaver 2.0 (x32 Version: 2.0 - 3Planesoft)
WIDCOMM Bluetooth Software 6.0.1.4300 (Version: 6.0.1.4300 - Dell)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
Windows Sound Schemes (Version:  - Microsoft Corporation)
WOT for Internet Explorer (Version: 12.8.2.0 - WOT Services Oy)

==================== Restore Points  =========================

05-02-2014 10:31:42 Good
07-02-2014 11:04:04 Windows Update
08-02-2014 10:48:22 Scheduled Checkpoint

==================== Hosts content: ==========================

2006-11-02 07:34 - 2006-09-18 16:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0625568F-1A10-4B49-9949-E2E465B67C0D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {13C7C44D-FD01-4E42-98D7-0BD787244CE8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {34DBFB40-624A-47C4-9AA9-01624506C623} - System32\Tasks\SpywareBlaster AutoUpdate => C:\Program Files (x86)\SpywareBlaster\sbautoupdate.exe [2013-03-01] ()
Task: {4C1DD9BA-694A-4A36-947E-A2BF7E10E01E} - System32\Tasks\GoogleUpdateTaskMachineCore1ceecfa9c85e9a0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-04] (Google Inc.)
Task: {51450C60-9AAB-4154-9C2E-4E08761235DD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {519E6ECF-AAF8-40CA-BE1E-E10E5E8D6EE8} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {7F6855D2-BD7E-4984-99A2-EDFDEEEE6D4E} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {8FBA4F36-5CF8-4C82-AACD-F8F746D5AEDD} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Peter => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {92467EE3-C762-4200-AF39-8E8707969256} - System32\Tasks\GoogleUpdateTaskMachineUA1ceecfa9dead0d0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-04] (Google Inc.)
Task: {9475DD97-BB54-4FD8-A31A-032B4833F6AA} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {9A441CE9-6C4F-4991-954B-EDCB9256D04F} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {AA105019-BFFB-4713-B627-81B47F4419F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {C0B38178-CA76-4475-90EB-B2F41221156B} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {C28278BF-1ABF-4595-BB2A-15201DDF25E3} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {C41E9FD5-A5DB-4DEF-9715-E4F7BAFEE730} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {E07A095E-57EC-411D-9D82-63B578FD8B6F} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {F0B2D802-7473-4BE1-BF7A-D6891F00FADF} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ceecfa9c85e9a0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ceecfa9dead0d0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-10-31 13:47 - 2013-10-31 13:47 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2013-10-31 13:47 - 2013-10-31 13:47 - 00021320 _____ () C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreamsPS64.dll
2012-10-19 13:18 - 2012-10-19 13:18 - 00079872 _____ () C:\Program Files\BOINC\zlib1.dll
2013-06-25 14:04 - 2013-06-25 14:04 - 01794048 _____ () C:\ProgramData\BOINC\projects\www.cosmologyathome.org\camb_2.16_windows_intelx86.exe
2013-06-25 14:04 - 2013-06-25 14:04 - 05355520 _____ () C:\ProgramData\BOINC\projects\docking.cis.udel.edu\charmm34_6.23_windows_x86_64
2013-07-28 18:29 - 2013-07-28 18:29 - 00643584 _____ () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_fahv_vina_7.06_windows_x86_64
2013-07-28 18:30 - 2013-07-28 18:30 - 01551360 _____ () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_faah_7.15_windows_x86_64
2013-06-25 14:06 - 2013-06-25 14:06 - 05989253 _____ () C:\ProgramData\BOINC\projects\boinc.fzk.de_poem\poempp_1.6_windows_intelx86
2013-07-28 18:29 - 2013-07-28 18:29 - 01126400 _____ () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_fahv_vina_prod_64.exe.7.06
2014-02-06 11:21 - 2014-02-06 11:21 - 03465216 _____ () C:\ProgramData\BOINC\projects\www.malariacontrol.net\openMalariaB_6.68_windows_intelx86
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-22 07:04 - 2013-06-22 07:04 - 00058880 _____ () C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.23.0__bebb3c8816410241\AlienLabsTools.dll
2013-06-22 07:04 - 2013-06-22 07:04 - 00018944 _____ () C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.21.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll
2013-06-25 12:42 - 2013-06-25 12:42 - 00049152 _____ () C:\Program Files (x86)\Stickies\shook70.dll
2009-09-07 16:29 - 2009-09-07 16:29 - 00073728 _____ () C:\Program Files (x86)\IncrediMail\bin\ImAppRU.dll
2009-09-07 16:27 - 2009-09-07 16:27 - 00110592 _____ () C:\Program Files (x86)\IncrediMail\bin\ImComUtlU.dll
2009-09-07 16:27 - 2009-09-07 16:27 - 00172032 _____ () C:\Program Files (x86)\IncrediMail\bin\ImLookExU.dll
2008-10-14 11:13 - 2008-10-14 11:13 - 00146944 _____ () C:\Program Files\Alienware\Command Center\AlienFusionDomain.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-02-05 09:28 - 2014-02-05 09:28 - 03583600 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-02-05 09:35 - 2014-02-05 09:35 - 16287624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Peter\Downloads\Acoustica Order Confirmation Order ST81654229.eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Documents\Introducing WinZip 12_0 - Now with JPEG Compression.eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Documents\WinZip 12_0 - Now with JPEG Compression.eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Documents\WinZip12 Registration Info.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 355C Bluetooth 2.0 + EDR module
Description: Dell Wireless 355C Bluetooth 2.0 + EDR module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2
Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonx64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Device (RFCOMM Protocol TDI)
Description: Bluetooth Device (RFCOMM Protocol TDI)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RFCOMM
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/02/2014 05:53:50 AM) (Source: Application Error) (User: )
Description: Faulting application ehRecvr.exe, version 6.0.6001.18000, time stamp 0x47919dfb, faulting module msvidctl.dll, version 6.5.6002.18005, time stamp 0x49e0418c, exception code 0xc0000005, fault offset 0x0000000000189f3d,
process id 0x17ac, application start time 0xehRecvr.exe0.

Error: (02/01/2014 11:28:34 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ALL ACCESS – TOTAL PROTECTION.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (02/01/2014 11:28:34 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ALL ACCESS – TOTAL PROTECTION.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (01/30/2014 05:31:47 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\PETER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\2O1RKVF8.DEFAULT\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (01/30/2014 05:31:46 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\PETER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\2O1RKVF8.DEFAULT\SAFEBROWSING-BACKUP> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)


System errors:
=============
Error: (02/05/2014 05:24:53 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted during detection.

Error: (02/02/2014 05:53:58 AM) (Source: Service Control Manager) (User: )
Description: Windows Media Center Receiver Service1100001Restart the service

Error: (02/01/2014 02:41:15 PM) (Source: DCOM) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (01/31/2014 06:21:29 AM) (Source: Schannel) (User: )
Description: An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (01/30/2014 03:54:17 PM) (Source: DCOM) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (01/30/2014 00:51:37 PM) (Source: Print) (User: R2D2)
Description: The document Full page photo, owned by Peter, failed to print on printer Canon MX300 series Printer. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 655360. Number of bytes printed: 581228. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\R2D2. Win32 error code returned by the print processor: Full page photo0. Full page photo1

Error: (01/30/2014 00:48:03 PM) (Source: Print) (User: R2D2)
Description: The document file:///C:/Users/Peter/AppData/Local/IM/Runtime/Message/4B75E1, owned by Peter, failed to print on printer Canon MX300 series Printer. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 720896. Number of bytes printed: 576572. Total number of pages in the document: 4. Number of pages printed: 0. Client computer: \\R2D2. Win32 error code returned by the print processor: file:///C:/Users/Peter/AppData/Local/IM/Runtime/Message/4B75E10. file:///C:/Users/Peter/AppData/Local/IM/Runtime/Message/4B75E11


Microsoft Office Sessions:
=========================
Error: (02/02/2014 05:53:50 AM) (Source: Application Error)(User: )
Description: ehRecvr.exe6.0.6001.1800047919dfbmsvidctl.dll6.5.6002.1800549e0418cc00000050000000000189f3d17ac01cf20050e1a8d9f

Error: (02/01/2014 11:28:34 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ALL ACCESS – TOTAL PROTECTION.LNK

Error: (02/01/2014 11:28:34 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ALL ACCESS – TOTAL PROTECTION.LNK

Error: (01/30/2014 05:31:47 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\PETER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\2O1RKVF8.DEFAULT\SAFEBROWSING-TO_DELETE

Error: (01/30/2014 05:31:46 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\PETER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\2O1RKVF8.DEFAULT\SAFEBROWSING-BACKUP


CodeIntegrity Errors:
===================================
  Date: 2014-02-01 09:21:21.102
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-01 09:21:21.052
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-01 09:21:20.989
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-01 09:21:20.938
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-01 09:21:20.886
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-01 09:21:20.836
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-01 09:21:20.762
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_0f6c030d3823f645\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-01 09:21:20.713
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_0f6c030d3823f645\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-01 09:21:20.661
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_0f6c030d3823f645\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-01 09:21:20.612
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_0f6c030d3823f645\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 12278.18 MB
Available physical RAM: 6677.07 MB
Total Pagefile: 24481.38 MB
Available Pagefile: 18936.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Vista Ult SP2) (Fixed) (Total:232.88 GB) (Free:127.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:232.88 GB) (Free:232.76 GB) NTFS
Drive l: (Win 7 Ult SP1) (Fixed) (Total:232.88 GB) (Free:136.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive m: () (Fixed) (Total:232.88 GB) (Free:232.75 GB) NTFS
Drive n: (Win 8.1 Pro w/MC) (Fixed) (Total:249 GB) (Free:129.67 GB) NTFS
Drive o: () (Fixed) (Total:682.51 GB) (Free:681.41 GB) NTFS
Drive t: (LaCie) (Fixed) (Total:465.76 GB) (Free:215.16 GB) NTFS
Drive u: () (Fixed) (Total:465.75 GB) (Free:465.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 0CD509A9)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: D917BB37)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 2362ECED)
Partition 1: (Not Active) - (Size=249 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=683 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 932 GB) (Disk ID: 0D06F35F)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 


Peter
Toronto, Canada

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:37 AM

Posted 09 February 2014 - 09:51 PM

Hi Peter,

Are you currently having any issues with Windows Mail?

Do you recoginze these entries:

2014-02-03 09:39 - 2014-02-03 09:39 - 00000094 _____ () C:\Users\Peter\Desktop\zzzDHLAI.url
2014-02-03 09:23 - 2014-02-03 09:23 - 00000112 _____ () C:\Users\Peter\Desktop\zzzBCmyThread.url


Please run this to delete some entries. This is really an exercise in mopping up rather than addressing malware.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Windows Mail
  • Recognize entries
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Ex_Brit

Ex_Brit
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toronto, Canada
  • Local time:09:37 AM

Posted 10 February 2014 - 06:02 AM

Hi Gary,

 

I hope this is everything you asked.  I'm battling an extremely heavy head cold and am having trouble concentrating.

 

No I'm not having issues with Windows Mail, not that I ever use it.  It's merely there if I need it.  

 

Those desktop entries were created by me and are shortcuts I need temporarily.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-02-2014 03
Ran by Peter at 2014-02-10 06:30:00 Run:1
Running from C:\Users\Peter\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCR\PROTOCOLS\Handler\belarc => Key deleted successfully.
HKCR\CLSID\{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} => Key not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

==== End of Fixlog ====


Edited by Ex_Brit, 10 February 2014 - 07:49 AM.

Peter
Toronto, Canada

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:37 AM

Posted 10 February 2014 - 09:34 AM

Hi Peter,

Sorry to hear you are not feeling well. This really seems to be going around.

Thanks for the follow up on the items.

I believe you computer is free of malware, although often times residuals are left behind. Please run the following to mop up any leftovers.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Ex_Brit

Ex_Brit
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toronto, Canada
  • Local time:09:37 AM

Posted 10 February 2014 - 12:46 PM

It's going to be a long time before I post.   It's only at 11% and it's been 3 hours.   It's found something in my download folder, I suspect it may be a false finding, but we can go over that when I post the log.

 

I've also had to abandon a whole bunch of my Grid Computing (BOINC) projects as they were by now past deadline and that uses up too many resources to be allowed to run when a scanner is running.


Edited by Ex_Brit, 10 February 2014 - 02:45 PM.

Peter
Toronto, Canada

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:37 AM

Posted 10 February 2014 - 03:57 PM

Sorry Peter, ESET is typically a lengthy and thorough scan. If you need to wait to run it over night or at a more convenient time by all means please do so.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Ex_Brit

Ex_Brit
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toronto, Canada
  • Local time:09:37 AM

Posted 10 February 2014 - 04:13 PM

Don't apologise, it's not your fault that ESET takes forever to scan (takes an age just to open a compressed file for instance).  It's now at 36% after 6H 19M  - I expect it to finish by tomorrow morning.

The trouble is that it's scanning all my drive letters and I have 3 with complete OS's onboard, others are just storage or unused.

At least it gives me a good weapon to use the next time someone complains about a McAfee taking a long time because this one is way longer.   (I Mod there).

Thanks, I'll report back whenever I get a result.


Peter
Toronto, Canada

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:37 AM

Posted 10 February 2014 - 04:34 PM

Thanks Peter, I appreciate your understanding and patience.  :)  Typically ESET will speed up as it gets closer to the end.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Ex_Brit

Ex_Brit
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toronto, Canada
  • Local time:09:37 AM

Posted 10 February 2014 - 04:41 PM

As long as it ends in my lifetime, I'm not too worried.  :lol:

 

Thanks.


Peter
Toronto, Canada

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:37 AM

Posted 10 February 2014 - 05:14 PM

I hope you are very young (thanks for the laugh).
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Ex_Brit

Ex_Brit
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toronto, Canada
  • Local time:09:37 AM

Posted 10 February 2014 - 06:14 PM

Well 72 and counting....  It's reached 56% so there is hope.... ;-)


Peter
Toronto, Canada




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users