Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe surrogate processes running in excess


  • This topic is locked This topic is locked
40 replies to this topic

#1 e5569

e5569

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 07 March 2014 - 02:48 PM

I have read other with the same problems so I ill post my two text files from FRST tool

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2014 01
Ran by Ed (administrator) on MININT-QOLVUQG on 07-03-2014 14:43:46
Running from C:\Users\Ed\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Versant Corporation) C:\Program Files\Leica Geosystems\Cyclone\FastObjectsServer64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
() C:\Users\Ed\AppData\Roaming\Dropbox\WINA91B.exe
() C:\Users\Ed\AppData\Roaming\Apple Computer\WIN4153.exe
(Dropbox, Inc.) C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
() C:\Users\Ed\AppData\Local\Temp\2BD6.tmp
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer [194432 2011-12-12] (DivX, LLC)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$cecadfe130eeaddb8e73be628d393988\n. ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-3809163117-2575297278-2665058674-1002\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-3809163117-2575297278-2665058674-1002\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKU\S-1-5-21-3809163117-2575297278-2665058674-1002\...\Run: [YmPack] - regsvr32.exe C:\Users\Ed\AppData\Local\YmPack\wxpMouseTor.dll <===== ATTENTION
HKU\S-1-5-21-3809163117-2575297278-2665058674-1002\...\Run: [GameServer52E] - C:\Users\Ed\AppData\Roaming\Dropbox\WINA91B.exe [200192 2014-02-27] ()
HKU\S-1-5-21-3809163117-2575297278-2665058674-1002\...\Run: [GameServer531] - C:\Users\Ed\AppData\Roaming\Apple Computer\WIN4153.exe [206336 2014-03-06] ()
HKU\S-1-5-21-3809163117-2575297278-2665058674-1002\...\Run: [mitxwqh] - regsvr32.exe "C:\ProgramData\mitxwqh.dat"
HKU\S-1-5-21-3809163117-2575297278-2665058674-1002\...\Run: [Windows Update Server] - C:\Users\Ed\ck6qhtnp57ya-12913.exe [307200 2014-03-07] ()
HKU\S-1-5-21-3809163117-2575297278-2665058674-1002\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3809163117-2575297278-2665058674-1002\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-3809163117-2575297278-2665058674-1002\...\MountPoints2: {01dee419-cb34-11e1-8164-bc77378a128f} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3809163117-2575297278-2665058674-1002\...\MountPoints2: {0cc64636-d4d4-11e2-84fd-bc77378a128f} - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-3809163117-2575297278-2665058674-1002\...\MountPoints2: {6433636f-6655-11e1-8a48-bc77378a128f} - G:\wubi.exe
HKU\S-1-5-21-3809163117-2575297278-2665058674-1002\...\MountPoints2: {cd366475-74eb-11e1-8a6b-bc77378a128f} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3809163117-2575297278-2665058674-1002\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Ed\AppData\Local\{cecadfe1-30ee-addb-8e73-be628d393988}\n. ATTENTION! ====> ZeroAccess/Alureon?
HKU\S-1-5-21-3809163117-2575297278-2665058674-1002\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume1\Users\Ed\AppData\Local\Temp\sxipdxe\sqvqvef\wow.dll ATTENTION! ====> ZeroAccess?
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-02-18] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2011-02-18] (NVIDIA Corporation)
Startup: C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\i2eljwf.lnk
ShortcutTarget: i2eljwf.lnk -> C:\PROGRA~3\fwjle2i.dss (No File)
Startup: C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKCU - {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = http://www.bing.com/search?q={searchTerms}
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: No Name - {6E13D095-45C3-4271-9475-F3B48227DD9F} -  No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: LeicaGeosystems.Truview.BHOIEContextMenu - {bf06358f-9f26-4fd8-be6f-553ba6bf665b} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {5911488E-9D1E-40ec-8CBB-06B231CC153F} -  No File
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://client.vpn.lsu.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {CC679CB8-DC4B-458B-B817-D447B3B6AC31} https://client.vpn.lsu.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\xf8g1e7x.default
FF user.js: detected! => C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\xf8g1e7x.default\user.js
FF SelectedSearchEngine: search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Ed\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Ed\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\Ed\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\xf8g1e7x.default\searchplugins\search.xml
FF Extension: Yahoo! Toolbar - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\xf8g1e7x.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-09-02]
FF Extension: Windows SideShow - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\xf8g1e7x.default\Extensions\{E94DE9CE-3FF8-64C4-DC0F-D7FA54835A4C} [2013-11-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-09-05]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-09-05]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-04-29]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll ()
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Skype Click to Call) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-07]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-10-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) =================

S4 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1161072 2012-03-29] (Lavasoft Limited)
S4 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-26] (CyberLink)
R2 CycloneLicenseServer; C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe [1077520 2012-12-05] ()
S2 cyclonepceservice.Service; C:\Program Files\Leica Geosystems\Cyclone\pcebin\cyclonepceservice.exe [111616 2012-12-05] (Leica Geosystems )
R2 Leica HDS Server; C:\Program Files\Leica Geosystems\Cyclone\FastObjectsServer64.exe [550912 2012-12-05] (Versant Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 MSSQL$SQLCADZONE2; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLCADZONE2\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
S4 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2804280 2011-05-17] (Sunbelt Software)
S4 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 SQLAgent$SQLCADZONE2; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLCADZONE2\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation)
S4 ati2mtaa; %systemroot%\system32\dlcg_device.dll [X]
S4 BUFADPT; %systemroot%\system32\lightscribeservice.dll [X]
S4 ctxcpusched; %systemroot%\system32\dac2w2k.dll [X]
S4 eloggersvc6; %systemroot%\system32\USBDongle.dll [X]
S4 HSFHWICH; %systemroot%\system32\hpzius12.dll [X]
S4 incdfs; %systemroot%\system32\rdpcdd.dll [X]
S4 Intel_MIPMNMP; %systemroot%\system32\avhook.dll [X]
S4 ipcsvc; %systemroot%\system32\incdrm.dll [X]
S4 ivscheduler; %systemroot%\system32\ofcpfwsvc.dll [X]
S4 MaRdPnp; %systemroot%\system32\DgiVecp.dll [X]
S4 MQAC; %systemroot%\system32\dcomlaunch.dll [X]
S4 NWDNS; %systemroot%\system32\statusagent4.dll [X]
S4 ovt519; %systemroot%\system32\enxpsvc.dll [X]
S4 samfilt; %systemroot%\system32\orbpvr.dll [X]
S4 spupdsvc; %systemroot%\system32\btwdins.dll [X]
S4 TPwSav; %systemroot%\system32\http.dll [X]
S4 USBDongle; %systemroot%\system32\VAIOMediaPlatform-VideoServer-UPnP.dll [X]
S4 UWProSys; %systemroot%\system32\MpFilter.dll [X]
S4 vaiomediaplatform-videoserver-appserver; %systemroot%\system32\sgeclient.dll [X]
S4 vmkbd2; %systemroot%\system32\ctdvda2k.dll [X]
S4 vmodem; %systemroot%\system32\kbfiltr.dll [X]
S4 winpower; %systemroot%\system32\beatjamupnpmusicserver.dll [X]
S4 wpshelper; %systemroot%\system32\a016mdfl.dll [X]
S4 XDva004; %systemroot%\system32\lvhidsvc.dll [X]

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-03-04] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MEMSWEEP2; C:\Windows\system32\AE0B.tmp [6144 2011-05-12] (Sophos Plc)
S1 SAVRKBootTasks; C:\Windows\SysWOW64\SAVRKBootTasks.sys [18816 2011-05-12] (Sophos Group)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [72280 2011-05-11] (Sunbelt Software)
R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [253528 2011-04-05] (Sunbelt Software, Inc.)
S3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
R3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [60504 2011-04-05] (Sunbelt Software, Inc.)
R1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [55384 2011-04-29] (Sunbelt Software)
R1 SBRE; C:\Windows\SysWOW64\drivers\SBREdrv.sys [101720 2011-04-29] (Sunbelt Software)
R1 SbTis; C:\Windows\System32\drivers\sbtis.sys [94296 2011-04-05] (Sunbelt Software, Inc.)
S3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0; \??\c:\gencotst\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

NETSVC: Intel_MIPMNMP -> C:\Windows\system32\avhook.dll ==> No File.
NETSVC: spupdsvc -> C:\Windows\system32\btwdins.dll ==> No File.
NETSVC: vmodem -> C:\Windows\system32\kbfiltr.dll ==> No File.
NETSVC: USBDongle -> C:\Windows\system32\VAIOMediaPlatform-VideoServer-UPnP.dll ==> No File.
NETSVC: HSFHWICH -> C:\Windows\system32\hpzius12.dll ==> No File.
NETSVC: vmkbd2 -> C:\Windows\system32\ctdvda2k.dll ==> No File.
NETSVC: eloggersvc6 -> C:\Windows\system32\USBDongle.dll ==> No File.
NETSVC: XDva004 -> C:\Windows\system32\lvhidsvc.dll ==> No File.
NETSVC: winpower -> C:\Windows\system32\beatjamupnpmusicserver.dll ==> No File.
NETSVC: ivscheduler -> C:\Windows\system32\ofcpfwsvc.dll ==> No File.
NETSVC: BUFADPT -> C:\Windows\system32\lightscribeservice.dll ==> No File.
NETSVC: MaRdPnp -> C:\Windows\system32\DgiVecp.dll ==> No File.
NETSVC: vaiomediaplatform-videoserver-appserver -> C:\Windows\system32\sgeclient.dll ==> No File.
NETSVC: ati2mtaa -> C:\Windows\system32\dlcg_device.dll ==> No File.
NETSVC: NWDNS -> C:\Windows\system32\statusagent4.dll ==> No File.
NETSVC: UWProSys -> C:\Windows\system32\MpFilter.dll ==> No File.
NETSVC: wpshelper -> C:\Windows\system32\a016mdfl.dll ==> No File.
NETSVC: MQAC -> C:\Windows\system32\dcomlaunch.dll ==> No File.
NETSVC: ovt519 -> C:\Windows\system32\enxpsvc.dll ==> No File.
NETSVC: samfilt -> C:\Windows\system32\orbpvr.dll ==> No File.
NETSVC: ipcsvc -> C:\Windows\system32\incdrm.dll ==> No File.
NETSVC: ctxcpusched -> C:\Windows\system32\dac2w2k.dll ==> No File.
NETSVC: TPwSav -> C:\Windows\system32\http.dll ==> No File.

==================== One Month Created Files and Folders ========

2014-03-07 14:43 - 2014-03-07 14:44 - 00031003 _____ () C:\Users\Ed\Downloads\FRST.txt
2014-03-07 14:43 - 2014-03-07 14:43 - 00000000 ____D () C:\FRST
2014-03-07 14:42 - 2014-03-07 14:43 - 02156544 _____ (Farbar) C:\Users\Ed\Downloads\FRST64.exe
2014-03-07 14:36 - 2014-03-07 14:36 - 00307200 ___SH () C:\Users\Ed\ck6qhtnp57ya-12913.exe
2014-03-07 14:36 - 2014-03-07 14:36 - 00001720 _____ () C:\Users\Ed\Desktop\Computer.lnk
2014-03-07 14:36 - 2014-03-07 14:36 - 00000288 _____ () C:\Users\Ed\AppData\Roaming\E547082.reg
2014-03-07 14:36 - 2014-03-07 12:18 - 01480704 _____ (David J. Binette) C:\Users\Ed\AppData\Roaming\ScanDisc.exe
2014-03-07 13:07 - 2014-03-07 11:36 - 02489024 _____ (Sysinternals - www.sysinternals.com) C:\Users\Ed\Desktop\Procmon.exe
2014-03-07 12:19 - 2014-03-07 12:19 - 00242584 _____ (Microsoft Corporation) C:\ProgramData\mitxwqh.dat
2014-03-07 10:05 - 2014-03-07 10:05 - 00262144 _____ () C:\Windows\Minidump\030714-17316-01.dmp
2014-03-07 10:03 - 2014-03-07 10:03 - 00000488 _____ () C:\Windows\WindowsUpdate.log
2014-03-07 09:46 - 2014-03-07 09:46 - 00001176 _____ () C:\Windows\PFRO.log
2014-03-07 07:17 - 2014-03-07 10:05 - 00000168 _____ () C:\Windows\setupact.log
2014-03-07 07:17 - 2014-03-07 07:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-07 00:13 - 2014-03-07 10:05 - 571176639 _____ () C:\Windows\MEMORY.DMP
2014-03-07 00:13 - 2014-03-07 00:13 - 00274640 _____ () C:\Windows\Minidump\030714-19968-01.dmp
2014-03-06 23:53 - 2014-03-06 23:53 - 00231534 _____ () C:\Users\Ed\Documents\cc_20140306_235258.reg
2014-03-06 22:29 - 2014-03-06 22:29 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-06 22:29 - 2014-03-06 22:29 - 00000828 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2014-03-06 19:50 - 2014-03-07 12:20 - 00000000 ____D () C:\Users\Ed\AppData\Local\CrashDumps
2014-03-06 19:49 - 2014-03-06 19:49 - 00003224 _____ () C:\Users\Ed\Desktop\RKreport[0]_S_03062014_194915.txt
2014-03-06 18:57 - 2014-03-06 19:49 - 00000000 ____D () C:\Users\Ed\Desktop\RK_Quarantine
2014-03-06 17:09 - 2014-03-06 17:09 - 00378368 _____ (Cloud Company) C:\Users\Ed\3027973.exe
2014-02-27 01:10 - 2014-02-27 22:02 - 00000000 ____D () C:\Users\Ed\Desktop\true views
2014-02-24 16:03 - 2014-02-27 11:00 - 00000000 ____D () C:\Users\Ed\Desktop\c10 download
2014-02-24 15:59 - 2014-02-24 15:59 - 00000000 ____D () C:\Users\Ed\Desktop\texas2

==================== One Month Modified Files and Folders =======

2014-03-07 14:44 - 2014-03-07 14:43 - 00031003 _____ () C:\Users\Ed\Downloads\FRST.txt
2014-03-07 14:43 - 2014-03-07 14:43 - 00000000 ____D () C:\FRST
2014-03-07 14:43 - 2014-03-07 14:42 - 02156544 _____ (Farbar) C:\Users\Ed\Downloads\FRST64.exe
2014-03-07 14:36 - 2014-03-07 14:36 - 00307200 ___SH () C:\Users\Ed\ck6qhtnp57ya-12913.exe
2014-03-07 14:36 - 2014-03-07 14:36 - 00001720 _____ () C:\Users\Ed\Desktop\Computer.lnk
2014-03-07 14:36 - 2014-03-07 14:36 - 00000288 _____ () C:\Users\Ed\AppData\Roaming\E547082.reg
2014-03-07 14:36 - 2011-10-29 08:10 - 00000000 ____D () C:\Users\Ed
2014-03-07 14:30 - 2012-03-15 12:54 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\Skype
2014-03-07 13:10 - 2009-07-13 23:13 - 00871470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-07 12:20 - 2014-03-06 19:50 - 00000000 ____D () C:\Users\Ed\AppData\Local\CrashDumps
2014-03-07 12:19 - 2014-03-07 12:19 - 00242584 _____ (Microsoft Corporation) C:\ProgramData\mitxwqh.dat
2014-03-07 12:18 - 2014-03-07 14:36 - 01480704 _____ (David J. Binette) C:\Users\Ed\AppData\Roaming\ScanDisc.exe
2014-03-07 11:36 - 2014-03-07 13:07 - 02489024 _____ (Sysinternals - www.sysinternals.com) C:\Users\Ed\Desktop\Procmon.exe
2014-03-07 10:30 - 2013-12-07 10:29 - 00000000 ____D () C:\Users\Ed\Documents\Leica Geosystems
2014-03-07 10:23 - 2012-03-19 17:04 - 00000000 ___RD () C:\Users\Ed\Dropbox
2014-03-07 10:23 - 2012-03-19 17:02 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\Dropbox
2014-03-07 10:12 - 2009-07-13 22:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-07 10:12 - 2009-07-13 22:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-07 10:05 - 2014-03-07 10:05 - 00262144 _____ () C:\Windows\Minidump\030714-17316-01.dmp
2014-03-07 10:05 - 2014-03-07 07:17 - 00000168 _____ () C:\Windows\setupact.log
2014-03-07 10:05 - 2014-03-07 00:13 - 571176639 _____ () C:\Windows\MEMORY.DMP
2014-03-07 10:05 - 2012-05-03 18:09 - 00000000 ____D () C:\Windows\Minidump
2014-03-07 10:03 - 2014-03-07 10:03 - 00000488 _____ () C:\Windows\WindowsUpdate.log
2014-03-07 09:46 - 2014-03-07 09:46 - 00001176 _____ () C:\Windows\PFRO.log
2014-03-07 07:17 - 2014-03-07 07:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-07 00:13 - 2014-03-07 00:13 - 00274640 _____ () C:\Windows\Minidump\030714-19968-01.dmp
2014-03-07 00:09 - 2013-11-21 01:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-06 23:53 - 2014-03-06 23:53 - 00231534 _____ () C:\Users\Ed\Documents\cc_20140306_235258.reg
2014-03-06 23:38 - 2012-04-30 14:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-06 23:38 - 2012-03-04 18:16 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\DAEMON Tools Lite
2014-03-06 23:38 - 2011-11-14 07:10 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-06 23:38 - 2011-11-10 17:21 - 00000000 ____D () C:\Users\Ed\Tracing
2014-03-06 23:37 - 2011-07-21 08:56 - 00000000 ____D () C:\Windows\Panther
2014-03-06 22:29 - 2014-03-06 22:29 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-06 22:29 - 2014-03-06 22:29 - 00000828 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2014-03-06 22:29 - 2011-12-05 07:44 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-06 19:49 - 2014-03-06 19:49 - 00003224 _____ () C:\Users\Ed\Desktop\RKreport[0]_S_03062014_194915.txt
2014-03-06 19:49 - 2014-03-06 18:57 - 00000000 ____D () C:\Users\Ed\Desktop\RK_Quarantine
2014-03-06 18:56 - 2012-06-25 14:07 - 00000000 ____D () C:\Users\Ed\Desktop\Spyware Tools
2014-03-06 17:11 - 2011-10-29 13:27 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\Apple Computer
2014-03-06 17:09 - 2014-03-06 17:09 - 00378368 _____ (Cloud Company) C:\Users\Ed\3027973.exe
2014-02-28 11:31 - 2012-05-13 22:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-27 22:02 - 2014-02-27 01:10 - 00000000 ____D () C:\Users\Ed\Desktop\true views
2014-02-27 13:25 - 2012-12-07 13:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-27 11:00 - 2014-02-24 16:03 - 00000000 ____D () C:\Users\Ed\Desktop\c10 download
2014-02-26 21:59 - 2012-12-19 10:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-24 15:59 - 2014-02-24 15:59 - 00000000 ____D () C:\Users\Ed\Desktop\texas2
2014-02-24 15:08 - 2013-12-12 09:33 - 00000000 ____D () C:\Users\Ed\Desktop\cyclone databases

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3809163117-2575297278-2665058674-1002\$cecadfe130eeaddb8e73be628d393988

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$cecadfe130eeaddb8e73be628d393988

ZeroAccess:
C:\Users\Ed\AppData\Local\{cecadfe1-30ee-addb-8e73-be628d393988}

Files to move or delete:
====================
C:\ProgramData\gifnocsm.pad
C:\ProgramData\i2eljwf.bxx
C:\ProgramData\i2eljwf.fvv
C:\ProgramData\i2eljwf.reg
C:\ProgramData\mitxwqh.dat
C:\Users\Ed\3027973.exe
C:\Users\Ed\ck6qhtnp57ya-12913.exe


Some content of TEMP:
====================
C:\Users\Ed\AppData\Local\Temp\ahiim.exe
C:\Users\Ed\AppData\Local\Temp\fflfawkd.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64


LastRegBack: 2012-11-07 07:54

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-03-2014 01
Ran by Ed at 2014-03-07 14:44:15
Running from C:\Users\Ed\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Ad-Aware Antivirus (HKLM-x32\...\{cc937cbc-4be2-4227-9660-ff2f2a1d9467}) (Version: 10.0.185.3207 - Lavasoft Limited)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 0.9.0.2 - Lavasoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.0.0.4080 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.0.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.4.402.287 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.3.2291.0 - Microsoft Corporation)
Bing Bar Platform (x32 Version: 6.3.2291.0 - Microsoft Corporation) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)
Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version:  - Treyarch)
CAMEO Version 2.2 (HKLM-x32\...\CAMEO_is1) (Version:  - NOAA,EPA)
Canon Auto Update Service (HKLM-x32\...\Auto Update Service) (Version: 1.1.0.13 - Canon Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.9.0.8 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.8.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.9.0.6 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.6.0.11 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM-x32\...\CameraWindowLauncher) (Version: 7.6.0.1 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.5.0.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.8.0.10 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.6.0.15 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{F82C81F9-ADB5-42BD-AFE9-DD5DFDD215E3}) (Version: 1.0.135 - Citrix)
Crash Zone 9 (HKLM-x32\...\InstallShield_{306F3C18-8109-4186-8C96-71E8758D194D}) (Version: 9.4.81 - The CAD Zone)
Crash Zone 9 (x32 Version: 9.4.81 - The CAD Zone) Hidden
Crime Zone 9 (HKLM-x32\...\InstallShield_{680280A7-CF0C-4449-B05B-CD7C4C14A13B}) (Version: 9.4.0 - The CAD Zone)
Crime Zone 9 (x32 Version: 9.4.0 - The CAD Zone) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.3426 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.3.0297 - DT Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A606DAFB-9991-4C9F-9348-E04B5237DEB9}) (Version:  - Microsoft)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Diagram Viewer 8 (HKLM-x32\...\InstallShield_{0B67F370-8772-49D6-95C2-435BDCD03DE7}) (Version: 8.5.0 - The CAD Zone, Inc.)
Diagram Viewer 8 (x32 Version: 8.5.0 - The CAD Zone, Inc.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKCU\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
Fire Zone 9 (HKLM-x32\...\InstallShield_{4519D428-3DFE-4FEB-A7B7-5FFFB7D24B4B}) (Version: 9.1.5 - The CAD Zone)
Fire Zone 9 (x32 Version: 9.1.5 - The CAD Zone) Hidden
First Look Pro 5 (HKLM-x32\...\InstallShield_{2925592A-74DC-49BD-B9DB-1741D3EA7C42}) (Version: 5.0.2.0 - The CAD Zone)
First Look Pro 5 (x32 Version: 5.0.2.0 - The CAD Zone) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 23.0.1271.64 - Google Inc.)
Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.4.3230.2052 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.123 - Google Inc.) Hidden
GoToMeeting 5.7.0.1172 (HKCU\...\GoToMeeting) (Version: 5.7.0.1172 - CitrixOnline)
GPSBabel 1.4.2 (HKLM-x32\...\{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1) (Version:  - GPSBabel)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.8.208 - SurfRight B.V.)
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version:  - Christian Kindahl)
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2253 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Leica Cyclone 8.0 (HKLM-x32\...\{73A41B75-926C-43F5-B981-C633F6FB3C5C}) (Version: 8.0.0 - Leica Geosystems)
Leica pcE RunTime 2.1.0.7360 (HKLM-x32\...\InstallShield_{5A99D3FB-A210-7360-831A-49ED49A7BFC5}) (Version: 2.1.0.7360 - Leica Geosystems)
Leica pcE RunTime 2.1.0.7360 (Version: 2.1.0.7360 - Leica Geosystems) Hidden
Leica TruView 3.0 (HKLM-x32\...\{6DC0D03D-03E4-47EC-B2E0-737745088E42}) (Version: 3.0 - Leica Geosystems)
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Marketsplash Shortcuts (HKLM-x32\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard)
MARPLOT Version 4.2.1 (HKLM-x32\...\MARPLOT_is1) (Version:  - NOAA,EPA)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 3.0.131.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{2180B33F-3225-423E-BBC1-7798CFD3CD1F}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Mozilla Thunderbird 17.0.8 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 17.0.8 (x86 en-US)) (Version: 17.0.8 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Display Control Panel (HKLM\...\{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 6.14.12.6721 - NVIDIA Corporation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.10 - Dell Inc.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6267 - Realtek Semiconductor Corp.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (HKLM-x32\...\{083988D7-BDA9-4244-983B-409A634BBC09}) (Version: 13.0.1.220 - SAP)
SketchUp 8 (HKLM-x32\...\{779D8CA1-03DD-4AD4-B21F-3E20BFE7BEDE}) (Version: 3.0.15158 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.9 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.9.106 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sophos Anti-Rootkit 1.5.20 (HKLM-x32\...\Sophos-AntiRootkit) (Version: 1.5.20 - Sophos Plc)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.2 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 4.6 (HKLM-x32\...\SpywareBlaster_is1) (Version: 4.6.1 - BrightFort LLC)
SQL Server 2008 R2 Common Files (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated)
The CAD Zone (HKLM\...\The CAD Zone) (Version:  - )
Tixati (HKLM-x32\...\tixati) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{15058154-469F-4794-ACD5-94F8420F9B80}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{995A7832-B512-46D5-87C9-2D71FB541435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C06ABC7E-8923-4BB1-A7A2-197F5A3E0973}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{06ABCB4E-77D8-4420-B2EA-EF51558DBFD1}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{06ABCB4E-77D8-4420-B2EA-EF51558DBFD1}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38990592-F6A1-4A26-96C7-0600E36AE794}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{5EBDE1DE-3B28-4134-AB00-85CFF2B4F94D}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Windows Driver Package - KEYLOK (usbkey) USB  (06/10/2010 64.0.0.0) (HKLM\...\B048A6D4B0188E5A802ADFF30A7C78FA4AD99BE0) (Version: 06/10/2010 64.0.0.0 - KEYLOK)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Toolbar (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D7}) (Version: 17.0.10283 - WinZip Computing, S.L. )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Restore Points  =========================


==================== Scheduled Tasks (whitelisted) =============

Task: {1DE3942E-0794-44E7-B1EF-DD538CB94A3E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-29] (Google Inc.)
Task: {27E9F956-9324-4524-A4CE-A7646F687472} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2012-03-29] (Lavasoft Limited)
Task: {4F94CE4F-865E-4E90-AC69-F64502E067B6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {632CFEFA-64F0-4E23-917B-DA0931CFDFEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-29] (Google Inc.)
Task: {AD74EF23-6D6C-40D0-B9E5-9B912BD4338A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-07] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FaxApplications.exe_{0A4C0E57-A458-4636-9606-4239C8E092A3}.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Officejet Pro 8600.exe_{8F207044-753B-47AA-97D3-914C3E9DE707}.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HP Officejet Pro 8600.exe
Task: C:\Windows\Tasks\HPCustPartic.exe_{1945D01E-2E63-4054-BF08-2837BB8E0392}.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\Windows\Tasks\ScanToPCActivationApp.exe_{F025664E-43F1-4AC3-A75E-FDD37F8498E2}.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
Task: C:\Windows\Tasks\Toolbox.exe_{E4B0BAFB-855A-491F-B456-DE6581787ABA}.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\Toolbox.exe

==================== Loaded Modules (whitelisted) =============

2011-10-31 19:50 - 2010-12-10 09:24 - 00087040 _____ () C:\Windows\System32\custmon64.dll
2011-05-02 13:41 - 2011-05-02 13:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-12-07 10:28 - 2012-12-05 15:41 - 01077520 _____ () C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe
2011-03-16 23:07 - 2011-03-16 23:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-11-10 21:53 - 2010-11-10 21:53 - 00817136 _____ () C:\Program Files\Roxio\Roxio Burn\RBVirtualFolder64.dll
2014-03-07 14:36 - 2014-03-07 14:36 - 00307200 __RSH () C:\Users\Ed\AppData\Local\Temp\ibamom16c8vol-12913.tmp
2011-05-02 13:41 - 2011-05-02 13:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2014-02-27 21:54 - 2014-02-27 21:54 - 00200192 _____ () C:\Users\Ed\AppData\Roaming\Dropbox\WINA91B.exe
2014-03-06 17:11 - 2014-03-06 17:11 - 00206336 _____ () C:\Users\Ed\AppData\Roaming\Apple Computer\WIN4153.exe
2014-03-07 12:18 - 2014-03-07 12:18 - 00110440 _____ () C:\Users\Ed\AppData\Local\Temp\2BD6.tmp
2011-09-27 05:23 - 2011-09-27 05:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 05:22 - 2011-09-27 05:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-21 00:31 - 2013-11-21 00:31 - 00018432 _____ () C:\Users\Ed\AppData\Local\YmPack\wxpMouseTor.dll
2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-10-18 17:55 - 2013-10-18 17:55 - 25100288 _____ () C:\Users\Ed\AppData\Roaming\Dropbox\bin\libcef.dll
2014-03-07 14:36 - 2014-03-07 14:36 - 00160768 __RSH () C:\Users\Ed\AppData\Local\Temp\1nk7bct7m4uu7-12913.tmp
2012-12-19 10:41 - 2014-02-26 21:59 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\25196108.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\25196108.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: Ad-Aware Service => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: aspnet_state => 3
MSCONFIG\Services: ati2mtaa => 2
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: AudioSrv => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Browser => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: BUFADPT => 2
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: CLKMSVC10_9EC60124 => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: ctxcpusched => 2
MSCONFIG\Services: cvhsvc => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: Dnscache => 2
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: EapHost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: eloggersvc6 => 2
MSCONFIG\Services: eventlog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: HSFHWICH => 2
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: incdfs => 2
MSCONFIG\Services: Intel_MIPMNMP => 2
MSCONFIG\Services: IPBusEnum => 3
MSCONFIG\Services: ipcsvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: ivscheduler => 2
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: MaRdPnp => 2
MSCONFIG\Services: Microsoft SharePoint Workspace Audit Service => 3
MSCONFIG\Services: MMCSS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MQAC => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: msiserver => 3
MSCONFIG\Services: MSSQL$SQLCADZONE2 => 2
MSCONFIG\Services: napagent => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: NVSvc => 2
MSCONFIG\Services: NWDNS => 2
MSCONFIG\Services: ose => 3
MSCONFIG\Services: osppsvc => 3
MSCONFIG\Services: ovt519 => 2
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 2
MSCONFIG\Services: Power => 2
MSCONFIG\Services: ProtectedStorage => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: RoxMediaDB12OEM => 3
MSCONFIG\Services: RoxWatch12 => 2
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: samfilt => 2
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: SBAMSvc => 2
MSCONFIG\Services: SBSDWSCService => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: SeaPort => 2
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: sftlist => 2
MSCONFIG\Services: sftvsa => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: sppuinotify => 3
MSCONFIG\Services: spupdsvc => 2
MSCONFIG\Services: SQLBrowser => 2
MSCONFIG\Services: SQLWriter => 2
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TBS => 3
MSCONFIG\Services: TermService => 2
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TPwSav => 2
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: USBDongle => 2
MSCONFIG\Services: UWProSys => 2
MSCONFIG\Services: UxSms => 2
MSCONFIG\Services: vaiomediaplatform-videoserver-appserver => 2
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: vmkbd2 => 2
MSCONFIG\Services: vmodem => 2
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: WatAdminSvc => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: winpower => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: Wlansvc => 2
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: wpshelper => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wudfsvc => 2
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\Services: XDva004 => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^Users^Ed^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Ad-Aware Antivirus => "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
MSCONFIG\startupreg: Ad-Aware Browsing Protection => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NVHotkey => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: StartNowToolbarHelper => "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/11/2012 06:30:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/09/2012 10:28:53 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/08/2012 09:56:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/08/2012 09:53:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/08/2012 08:56:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/08/2012 08:39:25 PM) (Source: Microsoft-Windows-RestartManager) (User: MININT-QOLVUQG)
Description: Application or service 'Internet Explorer' could not be shut down.

Error: (11/08/2012 08:38:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16450, time stamp: 0x503723f6
Faulting module name: QuickTime.qts, version: 7.71.80.42, time stamp: 0x4ea5d656
Exception code: 0xc0000005
Fault offset: 0x00145689
Faulting process id: 0x1664
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/08/2012 02:05:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (11/08/2012 02:00:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (11/08/2012 09:24:57 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.


System errors:
=============
Error: (03/07/2014 10:18:58 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/07/2014 10:18:48 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/07/2014 10:18:32 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/07/2014 10:17:26 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/07/2014 10:05:56 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/07/2014 10:05:52 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/07/2014 10:05:52 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/07/2014 10:05:45 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SAVRKBootTasks

Error: (03/07/2014 10:05:43 AM) (Source: Service Control Manager) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.

Error: (03/07/2014 10:05:43 AM) (Source: Service Control Manager) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.


Microsoft Office Sessions:
=========================
Error: (11/11/2012 06:30:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/09/2012 10:28:53 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/08/2012 09:56:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/08/2012 09:53:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/08/2012 08:56:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/08/2012 08:39:25 PM) (Source: Microsoft-Windows-RestartManager)(User: MININT-QOLVUQG)
Description: 1C:\Program Files (x86)\Internet Explorer\iexplore.exeInternet Explorer0111757320

Error: (11/08/2012 08:38:29 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.16450503723f6QuickTime.qts7.71.80.424ea5d656c000000500145689166401cdbdc415ca49daC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qts8afa5279-2a16-11e2-8336-bc77378a128f

Error: (11/08/2012 02:05:50 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (11/08/2012 02:00:06 PM) (Source: SideBySide)(User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (11/08/2012 09:24:57 AM) (Source: CVHSVC)(User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.


==================== Memory info ===========================

Percentage of memory in use: 63%
Total physical RAM: 8106.17 MB
Available physical RAM: 2989.31 MB
Total Pagefile: 30994.69 MB
Available Pagefile: 24069.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:684.96 GB) (Free:448.43 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:7.3 GB) NTFS
Drive e: (DVD_VIDEO_RECORDER) (CDROM) (Total:1.19 GB) (Free:0 GB) UDF
Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive i: () (Removable) (Total:3.81 GB) (Free:1.16 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: FFA0B6ED)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: D5F5B405)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 

 

ThankYou!



BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:40 AM

Posted 07 March 2014 - 03:03 PM

Hello,

this doesn't look too good. There is lots of malware running on your computer!
Let's see what we can do:


Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#3 e5569

e5569
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 07 March 2014 - 06:21 PM

ComboFix 14-03-05.01 - Ed 03/07/2014  16:38:10.1.8 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8106.6721 [GMT -6:00]
Running from: c:\users\Ed\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\programdata\gifnocsm.pad
c:\programdata\mitxwqh.dat
c:\programdata\Roaming
c:\users\Ed\3027973.exe
c:\users\Ed\AppData\Roaming\E547082.reg
c:\users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\xf8g1e7x.default\searchplugins\search.xml
c:\users\Ed\AppData\Roaming\ScanDisc.exe
c:\users\Ed\ck6qhtnp57ya-12913.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-07 to 2014-03-07  )))))))))))))))))))))))))))))))
.
.
2014-03-07 22:53 . 2014-03-07 22:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-07 22:43 . 2014-03-07 22:43 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC862478-F911-4D05-A6E7-1A0A01E6CA87}\offreg.dll
2014-03-07 20:43 . 2014-03-07 20:44 -------- d-----w- C:\FRST
2014-03-07 01:50 . 2014-03-07 23:25 -------- d-----w- c:\users\Ed\AppData\Local\CrashDumps
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-07 18:40 . 2012-04-24 11:58 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-07 18:40 . 2011-10-29 18:27 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{bf06358f-9f26-4fd8-be6f-553ba6bf665b}]
2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-02 20472992]
"YmPack"="c:\users\Ed\AppData\Local\YmPack\wxpMouseTor.dll" [2013-11-21 18432]
"GameServer52E"="c:\users\Ed\AppData\Roaming\Dropbox\WINA91B.exe" [2014-02-28 200192]
"GameServer531"="c:\users\Ed\AppData\Roaming\Apple Computer\WIN4153.exe" [2014-03-06 206336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]
i2eljwf.lnk - c:\windows\System32\rundll32.exe c:\progra~3\fwjle2i.dss,FFZ0 [2009-7-13 45568]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys;c:\windows\SYSNATIVE\SAVRKBootTasks.sys [x]
R2 CycloneLicenseServer;Cyclone License Server;c:\program files\Leica Geosystems\Cyclone\CyraLicense.exe;c:\program files\Leica Geosystems\Cyclone\CyraLicense.exe [x]
R2 cyclonepceservice.Service;cyclonepceservice.Service;c:\program files\Leica Geosystems\Cyclone\pcebin\cyclonepceservice.exe;c:\program files\Leica Geosystems\Cyclone\pcebin\cyclonepceservice.exe [x]
R2 Leica HDS Server;Leica HDS Server;c:\program files\Leica Geosystems\Cyclone\FastObjectsServer64.exe;c:\program files\Leica Geosystems\Cyclone\FastObjectsServer64.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\AE0B.tmp;c:\windows\SYSNATIVE\AE0B.tmp [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms;c:\gencotst\pcdsrvc_x64.pkms [x]
R3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys;c:\windows\SYSNATIVE\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys;c:\windows\SYSNATIVE\drivers\sbhips.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R4 CLKMSVC10_9EC60124;CyberLink Product - 2011/07/21 07:13;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R4 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R4 MSSQL$SQLCADZONE2;SQL Server (SQLCADZONE2);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLCADZONE2\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.SQLCADZONE2\MSSQL\Binn\sqlservr.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0150.sys [x]
R4 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [x]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
R4 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R4 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R4 SQLAgent$SQLCADZONE2;SQL Server Agent (SQLCADZONE2);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLCADZONE2\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.SQLCADZONE2\MSSQL\Binn\SQLAGENT.EXE [x]
R4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys;c:\windows\SYSNATIVE\drivers\SbFw.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys;c:\windows\SYSNATIVE\drivers\sbtis.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys;c:\windows\SYSNATIVE\DRIVERS\SBFWIM.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-14 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 17:44]
.
2014-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 18:40]
.
2013-10-15 c:\windows\Tasks\FaxApplications.exe_{0A4C0E57-A458-4636-9606-4239C8E092A3}.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe [2012-10-17 09:34]
.
2014-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-29 18:47]
.
2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-29 18:47]
.
2013-10-15 c:\windows\Tasks\HP Officejet Pro 8600.exe_{8F207044-753B-47AA-97D3-914C3E9DE707}.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HP Officejet Pro 8600.exe [2012-10-17 09:40]
.
2013-10-15 c:\windows\Tasks\HPCustPartic.exe_{1945D01E-2E63-4054-BF08-2837BB8E0392}.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17 09:34]
.
2013-10-15 c:\windows\Tasks\ScanToPCActivationApp.exe_{F025664E-43F1-4AC3-A75E-FDD37F8498E2}.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2012-10-17 09:29]
.
2013-10-15 c:\windows\Tasks\Toolbox.exe_{E4B0BAFB-855A-491F-B456-DE6581787ABA}.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\Toolbox.exe [2012-10-17 09:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Intel_MIPMNMP
spupdsvc
vmodem
USBDongle
HSFHWICH
vmkbd2
eloggersvc6
XDva004
winpower
ivscheduler
BUFADPT
MaRdPnp
vaiomediaplatform-videoserver-appserver
ati2mtaa
NWDNS
UWProSys
wpshelper
MQAC
ovt519
samfilt
ipcsvc
ctxcpusched
TPwSav
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://client.vpn.lsu.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://client.vpn.lsu.edu/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\xf8g1e7x.default\
FF - user.js: general.useragent.extra.brc - BRI/1
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{6E13D095-45C3-4271-9475-F3B48227DD9F} - (no file)
Toolbar-Locked - (no file)
Toolbar-{5911488E-9D1E-40ec-8CBB-06B231CC153F} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-mitxwqh - c:\programdata\mitxwqh.dat
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-25196108.sys
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\AE0B.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]
"ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:51,66,7a,6c,4c,1d,38,12,81,47,e9,
   25,5f,79,3d,08,e4,19,c9,c9,d6,7c,d4,7c
"{5911488E-9D1E-40EC-8CBB-06B231CC153F}"=hex:51,66,7a,6c,4c,1d,38,12,e0,4b,02,
   5d,2c,d3,82,05,f3,ad,45,f2,34,92,51,2b
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
   eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
   06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7,
   23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
   57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,
   6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
   6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}"=hex:51,66,7a,6c,4c,1d,38,12,ae,8e,49,
   e5,24,cb,cf,07,fe,fc,9f,d4,e9,44,8b,04
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:8d,d3,f2,69,1c,ab,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-07  16:57:38
ComboFix-quarantined-files.txt  2014-03-07 22:57
.
Pre-Run: 496,839,376,896 bytes free
Post-Run: 497,507,442,688 bytes free
.
- - End Of File - - 3FDB44598E0E4EC9DD6F6A44B0633002
 

 

Thanks for taking the time!!!!



#4 e5569

e5569
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 07 March 2014 - 08:44 PM

Definately running better.  :)



#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:40 AM

Posted 08 March 2014 - 02:46 PM

Yes it's looking better. But we're not done yet. :)


Step 1

Please download this attached Attached File  CFScript.txt   514bytes   7 downloads and save it in the same directory as Combofix.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Drag and drop CFSkript.txt into Combofix.exe as is illustrated in the following picture:
    CFScriptB-4.gif
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.

 

 

 

Step 2

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#6 e5569

e5569
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 08 March 2014 - 09:53 PM

ok will do, thank you.  Still seeing some issues



#7 e5569

e5569
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 08 March 2014 - 10:48 PM

had to run combo fix again due to the short becoming corrupt after moving it into a folder on my desktop.  Hope it doesn't screw things up. 

 

ComboFix 14-03-05.01 - Ed 03/08/2014  21:33:31.3.8 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8106.6730 [GMT -6:00]
Running from: c:\users\Ed\Downloads\ComboFix.exe
Command switches used :: c:\users\Ed\Downloads\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
FILE ::
"c:\users\Ed\AppData\Roaming\Apple Computer\WIN4153.exe"
"c:\users\Ed\AppData\Roaming\Dropbox\WINA91B.exe"
"c:\users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\i2eljwf.lnk"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ed\AppData\Local\YmPack
c:\users\Ed\AppData\Local\YmPack\wxpMouseTor.dat
c:\users\Ed\AppData\Local\YmPack\wxpMouseTor.dll
c:\users\Ed\AppData\Roaming\Apple Computer\WIN4153.exe
c:\users\Ed\AppData\Roaming\Dropbox\WINA91B.exe
c:\users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\i2eljwf.lnk
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-09 to 2014-03-09  )))))))))))))))))))))))))))))))
.
.
2014-03-09 03:43 . 2014-03-09 03:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-08 00:07 . 2014-02-17 07:32 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7CC37F6-FADC-4631-AF43-7CE71EAA4976}\mpengine.dll
2014-03-07 20:43 . 2014-03-07 20:44 -------- d-----w- C:\FRST
2014-03-07 01:50 . 2014-03-09 02:55 -------- d-----w- c:\users\Ed\AppData\Local\CrashDumps
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-03 18:20 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-01-07 18:40 . 2012-04-24 11:58 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-07 18:40 . 2011-10-29 18:27 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{bf06358f-9f26-4fd8-be6f-553ba6bf665b}]
2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-02 20472992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys;c:\windows\SYSNATIVE\SAVRKBootTasks.sys [x]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R2 CycloneLicenseServer;Cyclone License Server;c:\program files\Leica Geosystems\Cyclone\CyraLicense.exe;c:\program files\Leica Geosystems\Cyclone\CyraLicense.exe [x]
R2 cyclonepceservice.Service;cyclonepceservice.Service;c:\program files\Leica Geosystems\Cyclone\pcebin\cyclonepceservice.exe;c:\program files\Leica Geosystems\Cyclone\pcebin\cyclonepceservice.exe [x]
R2 Leica HDS Server;Leica HDS Server;c:\program files\Leica Geosystems\Cyclone\FastObjectsServer64.exe;c:\program files\Leica Geosystems\Cyclone\FastObjectsServer64.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\AE0B.tmp;c:\windows\SYSNATIVE\AE0B.tmp [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms;c:\gencotst\pcdsrvc_x64.pkms [x]
R3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys;c:\windows\SYSNATIVE\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys;c:\windows\SYSNATIVE\drivers\sbhips.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R4 CLKMSVC10_9EC60124;CyberLink Product - 2011/07/21 07:13;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R4 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R4 MSSQL$SQLCADZONE2;SQL Server (SQLCADZONE2);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLCADZONE2\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.SQLCADZONE2\MSSQL\Binn\sqlservr.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0150.sys [x]
R4 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [x]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
R4 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R4 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R4 SQLAgent$SQLCADZONE2;SQL Server Agent (SQLCADZONE2);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLCADZONE2\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.SQLCADZONE2\MSSQL\Binn\SQLAGENT.EXE [x]
R4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys;c:\windows\SYSNATIVE\drivers\SbFw.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys;c:\windows\SYSNATIVE\drivers\sbtis.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys;c:\windows\SYSNATIVE\DRIVERS\SBFWIM.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-08 04:27 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-14 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 17:44]
.
2014-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 18:40]
.
2013-10-15 c:\windows\Tasks\FaxApplications.exe_{0A4C0E57-A458-4636-9606-4239C8E092A3}.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe [2012-10-17 09:34]
.
2014-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-29 18:47]
.
2014-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-29 18:47]
.
2013-10-15 c:\windows\Tasks\HP Officejet Pro 8600.exe_{8F207044-753B-47AA-97D3-914C3E9DE707}.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HP Officejet Pro 8600.exe [2012-10-17 09:40]
.
2013-10-15 c:\windows\Tasks\HPCustPartic.exe_{1945D01E-2E63-4054-BF08-2837BB8E0392}.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17 09:34]
.
2013-10-15 c:\windows\Tasks\ScanToPCActivationApp.exe_{F025664E-43F1-4AC3-A75E-FDD37F8498E2}.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2012-10-17 09:29]
.
2013-10-15 c:\windows\Tasks\Toolbox.exe_{E4B0BAFB-855A-491F-B456-DE6581787ABA}.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\Toolbox.exe [2012-10-17 09:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://client.vpn.lsu.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://client.vpn.lsu.edu/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\xf8g1e7x.default\
FF - user.js: general.useragent.extra.brc - BRI/1
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{6E13D095-45C3-4271-9475-F3B48227DD9F} - (no file)
Toolbar-Locked - (no file)
Toolbar-{5911488E-9D1E-40ec-8CBB-06B231CC153F} - (no file)
Wow6432Node-HKCU-Run-YmPack - c:\users\Ed\AppData\Local\YmPack\wxpMouseTor.dll
Wow6432Node-HKCU-Run-GameServer52E - c:\users\Ed\AppData\Roaming\Dropbox\WINA91B.exe
Wow6432Node-HKCU-Run-GameServer531 - c:\users\Ed\AppData\Roaming\Apple Computer\WIN4153.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\AE0B.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]
"ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:51,66,7a,6c,4c,1d,38,12,81,47,e9,
   25,5f,79,3d,08,e4,19,c9,c9,d6,7c,d4,7c
"{5911488E-9D1E-40EC-8CBB-06B231CC153F}"=hex:51,66,7a,6c,4c,1d,38,12,e0,4b,02,
   5d,2c,d3,82,05,f3,ad,45,f2,34,92,51,2b
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
   eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
   06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7,
   23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
   57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,
   6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
   6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}"=hex:51,66,7a,6c,4c,1d,38,12,ae,8e,49,
   e5,24,cb,cf,07,fe,fc,9f,d4,e9,44,8b,04
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:8d,d3,f2,69,1c,ab,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-08  21:45:08
ComboFix-quarantined-files.txt  2014-03-09 03:45
ComboFix2.txt  2014-03-09 03:23
ComboFix3.txt  2014-03-07 22:57
.
Pre-Run: 495,503,831,040 bytes free
Post-Run: 495,421,460,480 bytes free
.
- - End Of File - - 7FD93A3EEDE7CC0D99B916B4659F1AE3
 



#8 e5569

e5569
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 08 March 2014 - 10:55 PM

Having a problem downloading the FRST tool.  Error saying my current security setting do not allow this file to be downloaded.  I will have to do it from another computer.  Will be back soon.  Thank YOU!



#9 e5569

e5569
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 09 March 2014 - 06:41 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2014
Ran by Ed (administrator) on MININT-QOLVUQG on 09-03-2014 18:02:39
Running from C:\Users\Ed\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

 

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer [194432 2011-12-12] (DivX, LLC)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3809163117-2575297278-2665058674-1002\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-02-19] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2011-02-19] (NVIDIA Corporation)
Startup: C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKCU - {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = http://www.bing.com/search?q={searchTerms}
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: No Name - {6E13D095-45C3-4271-9475-F3B48227DD9F} -  No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: LeicaGeosystems.Truview.BHOIEContextMenu - {bf06358f-9f26-4fd8-be6f-553ba6bf665b} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {5911488E-9D1E-40ec-8CBB-06B231CC153F} -  No File
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://client.vpn.lsu.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {CC679CB8-DC4B-458B-B817-D447B3B6AC31} https://client.vpn.lsu.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\xf8g1e7x.default
FF user.js: detected! => C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\xf8g1e7x.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Ed\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Ed\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\Ed\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Yahoo! Toolbar - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\xf8g1e7x.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-09-02]
FF Extension: Windows SideShow - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\xf8g1e7x.default\Extensions\{E94DE9CE-3FF8-64C4-DC0F-D7FA54835A4C} [2013-11-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-04-29]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll ()
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Skype Click to Call) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-07]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-10-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) =================

S4 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1161072 2012-03-29] (Lavasoft Limited)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
S4 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-26] (CyberLink)
S2 CycloneLicenseServer; C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe [1077520 2012-12-05] ()
S2 cyclonepceservice.Service; C:\Program Files\Leica Geosystems\Cyclone\pcebin\cyclonepceservice.exe [111616 2012-12-05] (Leica Geosystems )
S2 Leica HDS Server; C:\Program Files\Leica Geosystems\Cyclone\FastObjectsServer64.exe [550912 2012-12-05] (Versant Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 MSSQL$SQLCADZONE2; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLCADZONE2\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
S4 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2804280 2011-05-17] (Sunbelt Software)
S4 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 SQLAgent$SQLCADZONE2; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLCADZONE2\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation)
S4 ati2mtaa; %systemroot%\system32\dlcg_device.dll [X]
S4 BUFADPT; %systemroot%\system32\lightscribeservice.dll [X]
S4 ctxcpusched; %systemroot%\system32\dac2w2k.dll [X]
S4 eloggersvc6; %systemroot%\system32\USBDongle.dll [X]
S4 HSFHWICH; %systemroot%\system32\hpzius12.dll [X]
S4 incdfs; %systemroot%\system32\rdpcdd.dll [X]
S4 Intel_MIPMNMP; %systemroot%\system32\avhook.dll [X]
S4 ipcsvc; %systemroot%\system32\incdrm.dll [X]
S4 ivscheduler; %systemroot%\system32\ofcpfwsvc.dll [X]
S4 MaRdPnp; %systemroot%\system32\DgiVecp.dll [X]
S4 MQAC; %systemroot%\system32\dcomlaunch.dll [X]
S4 NWDNS; %systemroot%\system32\statusagent4.dll [X]
S4 ovt519; %systemroot%\system32\enxpsvc.dll [X]
S4 samfilt; %systemroot%\system32\orbpvr.dll [X]
S4 spupdsvc; %systemroot%\system32\btwdins.dll [X]
S4 TPwSav; %systemroot%\system32\http.dll [X]
S4 USBDongle; %systemroot%\system32\VAIOMediaPlatform-VideoServer-UPnP.dll [X]
S4 UWProSys; %systemroot%\system32\MpFilter.dll [X]
S4 vaiomediaplatform-videoserver-appserver; %systemroot%\system32\sgeclient.dll [X]
S4 vmkbd2; %systemroot%\system32\ctdvda2k.dll [X]
S4 vmodem; %systemroot%\system32\kbfiltr.dll [X]
S4 winpower; %systemroot%\system32\beatjamupnpmusicserver.dll [X]
S4 wpshelper; %systemroot%\system32\a016mdfl.dll [X]
S4 XDva004; %systemroot%\system32\lvhidsvc.dll [X]

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-03-04] (DT Soft Ltd)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MEMSWEEP2; C:\Windows\system32\AE0B.tmp [6144 2011-05-12] (Sophos Plc)
S1 SAVRKBootTasks; C:\Windows\SysWOW64\SAVRKBootTasks.sys [18816 2011-05-12] (Sophos Group)
S2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [72280 2011-05-11] (Sunbelt Software)
R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [253528 2011-04-05] (Sunbelt Software, Inc.)
S3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
R3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [60504 2011-04-05] (Sunbelt Software, Inc.)
R1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [55384 2011-04-29] (Sunbelt Software)
R1 SBRE; C:\Windows\SysWOW64\drivers\SBREdrv.sys [101720 2011-04-29] (Sunbelt Software)
R1 SbTis; C:\Windows\System32\drivers\sbtis.sys [94296 2011-04-05] (Sunbelt Software, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0; \??\c:\gencotst\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-09 18:02 - 2014-03-09 18:58 - 02157056 _____ (Farbar) C:\Users\Ed\Desktop\FRST64.exe
2014-03-09 18:02 - 2014-03-09 18:02 - 00013542 _____ () C:\Users\Ed\Desktop\FRST.txt
2014-03-08 22:45 - 2014-03-08 22:45 - 00028623 _____ () C:\ComboFix.txt
2014-03-08 22:07 - 2014-03-08 22:07 - 05187267 ____R (Swearware) C:\Users\Ed\Downloads\ComboFix.exe
2014-03-08 21:59 - 2014-03-08 21:59 - 00262144 _____ () C:\Windows\Minidump\030814-12760-01.dmp
2014-03-08 21:54 - 2014-03-08 21:54 - 00262144 _____ () C:\Windows\Minidump\030814-15366-01.dmp
2014-03-08 21:49 - 2014-03-08 21:49 - 00262144 _____ () C:\Windows\Minidump\030814-16208-01.dmp
2014-03-08 21:43 - 2014-03-08 21:45 - 00695168 _____ () C:\Windows\Minidump\030814-17472-01.dmp
2014-03-07 21:41 - 2014-03-07 21:41 - 00262144 _____ () C:\Windows\Minidump\030714-25178-01.dmp
2014-03-07 21:02 - 2014-03-07 21:02 - 00262144 _____ () C:\Windows\Minidump\030714-18985-01.dmp
2014-03-07 19:08 - 2014-03-07 19:08 - 00262144 _____ () C:\Windows\Minidump\030714-20966-01.dmp
2014-03-07 18:49 - 2014-03-07 18:49 - 00262144 _____ () C:\Windows\Minidump\030714-26894-01.dmp
2014-03-07 18:15 - 2014-03-07 18:15 - 00031945 _____ () C:\Users\Ed\Desktop\combofix.txt
2014-03-07 17:33 - 2014-03-07 17:33 - 00000000 ____D () C:\Users\Ed\Desktop\crime zone
2014-03-07 17:32 - 2014-03-07 17:32 - 00262144 _____ () C:\Windows\Minidump\030714-19983-01.dmp
2014-03-07 17:30 - 2014-03-08 22:45 - 00000000 ____D () C:\Qoobox
2014-03-07 17:30 - 2014-03-07 17:55 - 00000000 ____D () C:\Windows\erdnt
2014-03-07 17:30 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-07 17:30 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-07 17:30 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-07 17:30 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-07 17:30 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-07 17:30 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-07 17:30 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-07 17:30 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-07 15:44 - 2014-03-07 15:44 - 00051301 _____ () C:\Users\Ed\Downloads\Addition.txt
2014-03-07 15:43 - 2014-03-09 18:02 - 00000000 ____D () C:\FRST
2014-03-07 15:43 - 2014-03-07 15:44 - 00039693 _____ () C:\Users\Ed\Downloads\FRST.txt
2014-03-07 15:42 - 2014-03-07 15:43 - 02156544 _____ (Farbar) C:\Users\Ed\Downloads\FRST64.exe
2014-03-07 15:36 - 2014-03-07 15:36 - 00001720 _____ () C:\Users\Ed\Desktop\Computer.lnk
2014-03-07 14:07 - 2014-03-07 12:36 - 02489024 _____ (Sysinternals - www.sysinternals.com) C:\Users\Ed\Desktop\Procmon.exe
2014-03-07 11:05 - 2014-03-07 11:05 - 00262144 _____ () C:\Windows\Minidump\030714-17316-01.dmp
2014-03-07 11:03 - 2014-03-08 21:58 - 01956640 _____ () C:\Windows\WindowsUpdate.log
2014-03-07 10:46 - 2014-03-07 18:18 - 00001716 _____ () C:\Windows\PFRO.log
2014-03-07 08:17 - 2014-03-08 21:54 - 00000672 _____ () C:\Windows\setupact.log
2014-03-07 08:17 - 2014-03-07 08:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-07 01:13 - 2014-03-08 21:59 - 673898723 _____ () C:\Windows\MEMORY.DMP
2014-03-07 01:13 - 2014-03-07 01:13 - 00274640 _____ () C:\Windows\Minidump\030714-19968-01.dmp
2014-03-07 00:53 - 2014-03-07 00:53 - 00231534 _____ () C:\Users\Ed\Documents\cc_20140306_235258.reg
2014-03-06 23:29 - 2014-03-06 23:29 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-06 23:29 - 2014-03-06 23:29 - 00000828 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2014-03-06 20:50 - 2014-03-08 21:55 - 00000000 ____D () C:\Users\Ed\AppData\Local\CrashDumps
2014-03-06 20:49 - 2014-03-06 20:49 - 00003224 _____ () C:\Users\Ed\Desktop\RKreport[0]_S_03062014_194915.txt
2014-03-06 19:57 - 2014-03-06 20:49 - 00000000 ____D () C:\Users\Ed\Desktop\RK_Quarantine
2014-02-27 02:10 - 2014-02-27 23:02 - 00000000 ____D () C:\Users\Ed\Desktop\true views
2014-02-24 17:03 - 2014-02-27 12:00 - 00000000 ____D () C:\Users\Ed\Desktop\c10 download
2014-02-24 16:59 - 2014-02-24 16:59 - 00000000 ____D () C:\Users\Ed\Desktop\texas2

==================== One Month Modified Files and Folders =======

2014-03-09 18:58 - 2014-03-09 18:02 - 02157056 _____ (Farbar) C:\Users\Ed\Desktop\FRST64.exe
2014-03-09 18:02 - 2014-03-09 18:02 - 00013542 _____ () C:\Users\Ed\Desktop\FRST.txt
2014-03-09 18:02 - 2014-03-07 15:43 - 00000000 ____D () C:\FRST
2014-03-09 14:35 - 2012-12-07 14:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-08 22:53 - 2013-05-05 20:21 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\vlc
2014-03-08 22:50 - 2009-07-14 00:13 - 00871470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-08 22:45 - 2014-03-08 22:45 - 00028623 _____ () C:\ComboFix.txt
2014-03-08 22:45 - 2014-03-07 17:30 - 00000000 ____D () C:\Qoobox
2014-03-08 22:43 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-08 22:42 - 2012-03-19 18:02 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\Dropbox
2014-03-08 22:42 - 2011-10-29 14:27 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\Apple Computer
2014-03-08 22:42 - 2011-10-29 09:11 - 00000000 ___RD () C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-08 22:31 - 2012-06-25 15:07 - 00000000 ____D () C:\Users\Ed\Desktop\Spyware Tools
2014-03-08 22:07 - 2014-03-08 22:07 - 05187267 ____R (Swearware) C:\Users\Ed\Downloads\ComboFix.exe
2014-03-08 21:59 - 2014-03-08 21:59 - 00262144 _____ () C:\Windows\Minidump\030814-12760-01.dmp
2014-03-08 21:59 - 2014-03-07 01:13 - 673898723 _____ () C:\Windows\MEMORY.DMP
2014-03-08 21:59 - 2012-05-03 19:09 - 00000000 ____D () C:\Windows\Minidump
2014-03-08 21:58 - 2014-03-07 11:03 - 01956640 _____ () C:\Windows\WindowsUpdate.log
2014-03-08 21:56 - 2012-03-15 13:54 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\Skype
2014-03-08 21:55 - 2014-03-06 20:50 - 00000000 ____D () C:\Users\Ed\AppData\Local\CrashDumps
2014-03-08 21:55 - 2012-03-19 18:04 - 00000000 ___RD () C:\Users\Ed\Dropbox
2014-03-08 21:54 - 2014-03-08 21:54 - 00262144 _____ () C:\Windows\Minidump\030814-15366-01.dmp
2014-03-08 21:54 - 2014-03-07 08:17 - 00000672 _____ () C:\Windows\setupact.log
2014-03-08 21:54 - 2011-10-29 13:47 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-08 21:54 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-08 21:49 - 2014-03-08 21:49 - 00262144 _____ () C:\Windows\Minidump\030814-16208-01.dmp
2014-03-08 21:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-08 21:45 - 2014-03-08 21:43 - 00695168 _____ () C:\Windows\Minidump\030814-17472-01.dmp
2014-03-08 21:43 - 2011-10-29 13:47 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-07 22:43 - 2012-04-24 06:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-07 22:32 - 2013-08-30 00:34 - 00000000 ____D () C:\Users\Ed\Desktop\Sarajevo
2014-03-07 21:49 - 2009-07-13 23:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-07 21:49 - 2009-07-13 23:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-07 21:41 - 2014-03-07 21:41 - 00262144 _____ () C:\Windows\Minidump\030714-25178-01.dmp
2014-03-07 21:02 - 2014-03-07 21:02 - 00262144 _____ () C:\Windows\Minidump\030714-18985-01.dmp
2014-03-07 19:08 - 2014-03-07 19:08 - 00262144 _____ () C:\Windows\Minidump\030714-20966-01.dmp
2014-03-07 18:49 - 2014-03-07 18:49 - 00262144 _____ () C:\Windows\Minidump\030714-26894-01.dmp
2014-03-07 18:47 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\restore
2014-03-07 18:24 - 2012-04-24 06:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-07 18:20 - 2011-10-29 13:47 - 00003886 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-07 18:20 - 2011-10-29 13:47 - 00003634 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-07 18:19 - 2012-12-19 11:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-07 18:19 - 2012-03-15 13:54 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-07 18:19 - 2012-03-15 13:54 - 00000000 ____D () C:\ProgramData\Skype
2014-03-07 18:18 - 2014-03-07 10:46 - 00001716 _____ () C:\Windows\PFRO.log
2014-03-07 18:15 - 2014-03-07 18:15 - 00031945 _____ () C:\Users\Ed\Desktop\combofix.txt
2014-03-07 17:55 - 2014-03-07 17:30 - 00000000 ____D () C:\Windows\erdnt
2014-03-07 17:53 - 2011-10-29 09:10 - 00000000 ____D () C:\Users\Ed
2014-03-07 17:33 - 2014-03-07 17:33 - 00000000 ____D () C:\Users\Ed\Desktop\crime zone
2014-03-07 17:32 - 2014-03-07 17:32 - 00262144 _____ () C:\Windows\Minidump\030714-19983-01.dmp
2014-03-07 15:44 - 2014-03-07 15:44 - 00051301 _____ () C:\Users\Ed\Downloads\Addition.txt
2014-03-07 15:44 - 2014-03-07 15:43 - 00039693 _____ () C:\Users\Ed\Downloads\FRST.txt
2014-03-07 15:43 - 2014-03-07 15:42 - 02156544 _____ (Farbar) C:\Users\Ed\Downloads\FRST64.exe
2014-03-07 15:36 - 2014-03-07 15:36 - 00001720 _____ () C:\Users\Ed\Desktop\Computer.lnk
2014-03-07 12:36 - 2014-03-07 14:07 - 02489024 _____ (Sysinternals - www.sysinternals.com) C:\Users\Ed\Desktop\Procmon.exe
2014-03-07 11:30 - 2013-12-07 11:29 - 00000000 ____D () C:\Users\Ed\Documents\Leica Geosystems
2014-03-07 11:05 - 2014-03-07 11:05 - 00262144 _____ () C:\Windows\Minidump\030714-17316-01.dmp
2014-03-07 08:17 - 2014-03-07 08:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-07 01:13 - 2014-03-07 01:13 - 00274640 _____ () C:\Windows\Minidump\030714-19968-01.dmp
2014-03-07 01:09 - 2013-11-21 02:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-07 00:53 - 2014-03-07 00:53 - 00231534 _____ () C:\Users\Ed\Documents\cc_20140306_235258.reg
2014-03-07 00:38 - 2012-04-30 15:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-07 00:38 - 2012-03-04 19:16 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\DAEMON Tools Lite
2014-03-07 00:38 - 2011-11-14 08:10 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-07 00:38 - 2011-11-10 18:21 - 00000000 ____D () C:\Users\Ed\Tracing
2014-03-07 00:37 - 2011-07-21 09:56 - 00000000 ____D () C:\Windows\Panther
2014-03-06 23:29 - 2014-03-06 23:29 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-06 23:29 - 2014-03-06 23:29 - 00000828 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2014-03-06 23:29 - 2011-12-05 08:44 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-06 20:49 - 2014-03-06 20:49 - 00003224 _____ () C:\Users\Ed\Desktop\RKreport[0]_S_03062014_194915.txt
2014-03-06 20:49 - 2014-03-06 19:57 - 00000000 ____D () C:\Users\Ed\Desktop\RK_Quarantine
2014-02-28 12:31 - 2012-05-13 23:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-27 23:02 - 2014-02-27 02:10 - 00000000 ____D () C:\Users\Ed\Desktop\true views
2014-02-27 12:00 - 2014-02-24 17:03 - 00000000 ____D () C:\Users\Ed\Desktop\c10 download
2014-02-24 16:59 - 2014-02-24 16:59 - 00000000 ____D () C:\Users\Ed\Desktop\texas2
2014-02-24 16:08 - 2013-12-12 10:33 - 00000000 ____D () C:\Users\Ed\Desktop\cyclone databases

ZeroAccess:
C:\Users\Ed\AppData\Local\{cecadfe1-30ee-addb-8e73-be628d393988}

Alureon:
C:\Users\Ed\AppData\Local\Temp\sxipdxe\sqvqvef\wow.dll

Files to move or delete:
====================
C:\ProgramData\i2eljwf.bxx
C:\ProgramData\i2eljwf.fvv
C:\ProgramData\i2eljwf.reg

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64

LastRegBack: 2014-03-07 21:32

==================== End Of Log ============================



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:40 AM

Posted 10 March 2014 - 05:07 AM

Still some work to do..


Step 1

Please download this attached Attached File  fixlist.txt   2.11KB   4 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button. Allow a reboot if requested.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

 

 

Step 2

  • Start Malwarebytes Anti-Malware with administator privileges.
  • Open the tab Update and click on Check for Updates.
  • Open the tab Scanner, select Perform Quick Scan and press the Scan button.
  • When the scan is finished click on Show results.
  • Make sure that all the malware found is checked and click on Remove selected. Allow a reboot if one is required.
  • When finished MBAM shows a log file. (It can also be found under the Logs tab.)
    Please copy and paste the contents of this log file in your next reply.

 

 

 

Step 3

Start FRST with administator privileges.

  • Make sure the option Addition.txt (under Optional Scan) is checked.
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.


#11 e5569

e5569
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 10 March 2014 - 11:28 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2014
Ran by Ed (administrator) on MININT-QOLVUQG on 10-03-2014 10:42:52
Running from C:\Users\Ed\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe
(Leica Geosystems ) C:\Program Files\Leica Geosystems\Cyclone\pcebin\cyclonepceservice.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Versant Corporation) C:\Program Files\Leica Geosystems\Cyclone\FastObjectsServer64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\prevhost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer [194432 2011-12-12] (DivX, LLC)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3809163117-2575297278-2665058674-1002\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-02-19] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2011-02-19] (NVIDIA Corporation)
Startup: C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKCU - {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = http://www.bing.com/search?q={searchTerms}
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: No Name - {6E13D095-45C3-4271-9475-F3B48227DD9F} -  No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: LeicaGeosystems.Truview.BHOIEContextMenu - {bf06358f-9f26-4fd8-be6f-553ba6bf665b} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {5911488E-9D1E-40ec-8CBB-06B231CC153F} -  No File
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://client.vpn.lsu.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {CC679CB8-DC4B-458B-B817-D447B3B6AC31} https://client.vpn.lsu.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\xf8g1e7x.default
FF user.js: detected! => C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\xf8g1e7x.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Ed\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Ed\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Ed\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: Yahoo! Toolbar - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\xf8g1e7x.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-09-02]
FF Extension: Windows SideShow - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\xf8g1e7x.default\Extensions\{E94DE9CE-3FF8-64C4-DC0F-D7FA54835A4C} [2013-11-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-04-29]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Skype Click to Call) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-07]
CHR Extension: (Google Wallet) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-10]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-10-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) =================

S4 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1161072 2012-03-29] (Lavasoft Limited)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
S4 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-26] (CyberLink)
R2 CycloneLicenseServer; C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe [1077520 2012-12-05] ()
R2 cyclonepceservice.Service; C:\Program Files\Leica Geosystems\Cyclone\pcebin\cyclonepceservice.exe [111616 2012-12-05] (Leica Geosystems )
R2 Leica HDS Server; C:\Program Files\Leica Geosystems\Cyclone\FastObjectsServer64.exe [550912 2012-12-05] (Versant Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 MSSQL$SQLCADZONE2; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLCADZONE2\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
S4 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2804280 2011-05-17] (Sunbelt Software)
S4 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 SQLAgent$SQLCADZONE2; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLCADZONE2\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation)
S4 ati2mtaa; %systemroot%\system32\dlcg_device.dll [X]
S4 BUFADPT; %systemroot%\system32\lightscribeservice.dll [X]
S4 ctxcpusched; %systemroot%\system32\dac2w2k.dll [X]
S4 eloggersvc6; %systemroot%\system32\USBDongle.dll [X]
S4 HSFHWICH; %systemroot%\system32\hpzius12.dll [X]
S4 incdfs; %systemroot%\system32\rdpcdd.dll [X]
S4 Intel_MIPMNMP; %systemroot%\system32\avhook.dll [X]
S4 ipcsvc; %systemroot%\system32\incdrm.dll [X]
S4 ivscheduler; %systemroot%\system32\ofcpfwsvc.dll [X]
S4 MaRdPnp; %systemroot%\system32\DgiVecp.dll [X]
S4 MQAC; %systemroot%\system32\dcomlaunch.dll [X]
S4 NWDNS; %systemroot%\system32\statusagent4.dll [X]
S4 ovt519; %systemroot%\system32\enxpsvc.dll [X]
S4 samfilt; %systemroot%\system32\orbpvr.dll [X]
S4 spupdsvc; %systemroot%\system32\btwdins.dll [X]
S4 TPwSav; %systemroot%\system32\http.dll [X]
S4 USBDongle; %systemroot%\system32\VAIOMediaPlatform-VideoServer-UPnP.dll [X]
S4 UWProSys; %systemroot%\system32\MpFilter.dll [X]
S4 vaiomediaplatform-videoserver-appserver; %systemroot%\system32\sgeclient.dll [X]
S4 vmkbd2; %systemroot%\system32\ctdvda2k.dll [X]
S4 vmodem; %systemroot%\system32\kbfiltr.dll [X]
S4 winpower; %systemroot%\system32\beatjamupnpmusicserver.dll [X]
S4 wpshelper; %systemroot%\system32\a016mdfl.dll [X]
S4 XDva004; %systemroot%\system32\lvhidsvc.dll [X]

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-03-04] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MEMSWEEP2; C:\Windows\system32\AE0B.tmp [6144 2011-05-12] (Sophos Plc)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [72280 2011-05-11] (Sunbelt Software)
R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [253528 2011-04-05] (Sunbelt Software, Inc.)
S3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
R3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [60504 2011-04-05] (Sunbelt Software, Inc.)
R1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [55384 2011-04-29] (Sunbelt Software)
R1 SBRE; C:\Windows\SysWOW64\drivers\SBREdrv.sys [101720 2011-04-29] (Sunbelt Software)
R1 SbTis; C:\Windows\System32\drivers\sbtis.sys [94296 2011-04-05] (Sunbelt Software, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0; \??\c:\gencotst\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-10 09:15 - 2014-03-10 09:15 - 00000000 __SHD () C:\Users\Ed\Documents\cache
2014-03-10 09:15 - 2014-03-10 09:15 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\webex
2014-03-10 09:15 - 2014-03-10 09:15 - 00000000 ____D () C:\ProgramData\WebEx
2014-03-10 09:14 - 2014-03-10 09:14 - 00258928 _____ (Cisco WebEx LLC) C:\Users\Ed\Downloads\Cisco_WebEx_Add-On.exe
2014-03-10 09:06 - 2014-03-10 09:06 - 00695168 _____ () C:\Windows\Minidump\031014-19188-01.dmp
2014-03-09 20:55 - 2014-03-09 20:55 - 00000922 _____ () C:\Users\Ed\Desktop\Windows Mobile Device Center.lnk
2014-03-09 20:55 - 2014-03-09 20:55 - 00000818 _____ () C:\Users\Ed\Desktop\Documents on Ed's Device.LNK
2014-03-09 20:55 - 2014-03-09 20:55 - 00000000 ____D () C:\Users\Ed\Documents\Documents on Ed's Device
2014-03-09 20:41 - 2014-03-09 20:42 - 13054856 _____ (Microsoft Corporation) C:\Users\Ed\Downloads\drvupdate-amd64.exe
2014-03-09 20:33 - 2014-03-09 20:33 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-03-09 20:18 - 2014-03-09 20:18 - 00262144 _____ () C:\Windows\Minidump\030914-14976-01.dmp
2014-03-09 18:26 - 2014-03-09 18:26 - 00262144 _____ () C:\Windows\Minidump\030914-36270-01.dmp
2014-03-09 18:20 - 2014-03-09 18:21 - 00262144 _____ () C:\Windows\Minidump\030914-37845-01.dmp
2014-03-09 18:13 - 2014-03-09 18:13 - 00262144 _____ () C:\Windows\Minidump\030914-36831-01.dmp
2014-03-09 18:06 - 2014-03-09 18:06 - 00035964 _____ () C:\Users\Ed\Desktop\FRST1.txt
2014-03-09 18:02 - 2014-03-10 10:42 - 00017055 _____ () C:\Users\Ed\Desktop\FRST.txt
2014-03-09 18:02 - 2014-03-09 18:58 - 02157056 _____ (Farbar) C:\Users\Ed\Desktop\FRST64.exe
2014-03-08 22:45 - 2014-03-08 22:45 - 00028623 _____ () C:\ComboFix.txt
2014-03-08 22:07 - 2014-03-08 22:07 - 05187267 ____R (Swearware) C:\Users\Ed\Downloads\ComboFix.exe
2014-03-08 21:59 - 2014-03-08 21:59 - 00262144 _____ () C:\Windows\Minidump\030814-12760-01.dmp
2014-03-08 21:54 - 2014-03-08 21:54 - 00262144 _____ () C:\Windows\Minidump\030814-15366-01.dmp
2014-03-08 21:49 - 2014-03-08 21:49 - 00262144 _____ () C:\Windows\Minidump\030814-16208-01.dmp
2014-03-08 21:43 - 2014-03-08 21:45 - 00695168 _____ () C:\Windows\Minidump\030814-17472-01.dmp
2014-03-07 21:41 - 2014-03-07 21:41 - 00262144 _____ () C:\Windows\Minidump\030714-25178-01.dmp
2014-03-07 21:02 - 2014-03-07 21:02 - 00262144 _____ () C:\Windows\Minidump\030714-18985-01.dmp
2014-03-07 19:08 - 2014-03-07 19:08 - 00262144 _____ () C:\Windows\Minidump\030714-20966-01.dmp
2014-03-07 18:49 - 2014-03-07 18:49 - 00262144 _____ () C:\Windows\Minidump\030714-26894-01.dmp
2014-03-07 18:15 - 2014-03-07 18:15 - 00031945 _____ () C:\Users\Ed\Desktop\combofix.txt
2014-03-07 17:33 - 2014-03-07 17:33 - 00000000 ____D () C:\Users\Ed\Desktop\crime zone
2014-03-07 17:32 - 2014-03-07 17:32 - 00262144 _____ () C:\Windows\Minidump\030714-19983-01.dmp
2014-03-07 17:30 - 2014-03-08 22:45 - 00000000 ____D () C:\Qoobox
2014-03-07 17:30 - 2014-03-07 17:55 - 00000000 ____D () C:\Windows\erdnt
2014-03-07 17:30 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-07 17:30 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-07 17:30 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-07 17:30 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-07 17:30 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-07 17:30 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-07 17:30 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-07 17:30 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-07 15:44 - 2014-03-07 15:44 - 00051301 _____ () C:\Users\Ed\Downloads\Addition.txt
2014-03-07 15:43 - 2014-03-10 10:42 - 00000000 ____D () C:\FRST
2014-03-07 15:43 - 2014-03-07 15:44 - 00039693 _____ () C:\Users\Ed\Downloads\FRST.txt
2014-03-07 15:42 - 2014-03-07 15:43 - 02156544 _____ (Farbar) C:\Users\Ed\Downloads\FRST64.exe
2014-03-07 15:36 - 2014-03-07 15:36 - 00001720 _____ () C:\Users\Ed\Desktop\Computer.lnk
2014-03-07 14:07 - 2014-03-07 12:36 - 02489024 _____ (Sysinternals - www.sysinternals.com) C:\Users\Ed\Desktop\Procmon.exe
2014-03-07 11:05 - 2014-03-07 11:05 - 00262144 _____ () C:\Windows\Minidump\030714-17316-01.dmp
2014-03-07 11:03 - 2014-03-09 23:49 - 01463511 _____ () C:\Windows\WindowsUpdate.log
2014-03-07 10:46 - 2014-03-09 20:43 - 00004112 _____ () C:\Windows\PFRO.log
2014-03-07 08:17 - 2014-03-10 09:06 - 00001504 _____ () C:\Windows\setupact.log
2014-03-07 08:17 - 2014-03-07 08:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-07 01:13 - 2014-03-10 09:06 - 716053289 _____ () C:\Windows\MEMORY.DMP
2014-03-07 01:13 - 2014-03-07 01:13 - 00274640 _____ () C:\Windows\Minidump\030714-19968-01.dmp
2014-03-07 00:53 - 2014-03-07 00:53 - 00231534 _____ () C:\Users\Ed\Documents\cc_20140306_235258.reg
2014-03-06 23:29 - 2014-03-06 23:29 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-06 23:29 - 2014-03-06 23:29 - 00000828 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2014-03-06 20:50 - 2014-03-10 09:07 - 00000000 ____D () C:\Users\Ed\AppData\Local\CrashDumps
2014-03-06 20:49 - 2014-03-06 20:49 - 00003224 _____ () C:\Users\Ed\Desktop\RKreport[0]_S_03062014_194915.txt
2014-03-06 19:57 - 2014-03-06 20:49 - 00000000 ____D () C:\Users\Ed\Desktop\RK_Quarantine
2014-02-27 02:10 - 2014-02-27 23:02 - 00000000 ____D () C:\Users\Ed\Desktop\true views
2014-02-24 17:03 - 2014-02-27 12:00 - 00000000 ____D () C:\Users\Ed\Desktop\c10 download
2014-02-24 16:59 - 2014-02-24 16:59 - 00000000 ____D () C:\Users\Ed\Desktop\texas2

==================== One Month Modified Files and Folders =======

2014-03-10 10:43 - 2012-04-24 06:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-10 10:42 - 2014-03-09 18:02 - 00017055 _____ () C:\Users\Ed\Desktop\FRST.txt
2014-03-10 10:42 - 2014-03-07 15:43 - 00000000 ____D () C:\FRST
2014-03-10 10:28 - 2012-03-15 13:54 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\Skype
2014-03-10 10:25 - 2011-10-29 13:47 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-10 10:20 - 2012-06-25 15:07 - 00000000 ____D () C:\Users\Ed\Desktop\Spyware Tools
2014-03-10 09:15 - 2014-03-10 09:15 - 00000000 __SHD () C:\Users\Ed\Documents\cache
2014-03-10 09:15 - 2014-03-10 09:15 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\webex
2014-03-10 09:15 - 2014-03-10 09:15 - 00000000 ____D () C:\ProgramData\WebEx
2014-03-10 09:15 - 2011-11-04 21:39 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\Mozilla
2014-03-10 09:14 - 2014-03-10 09:14 - 00258928 _____ (Cisco WebEx LLC) C:\Users\Ed\Downloads\Cisco_WebEx_Add-On.exe
2014-03-10 09:13 - 2009-07-13 23:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-10 09:13 - 2009-07-13 23:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-10 09:10 - 2009-07-14 00:13 - 00871470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-10 09:07 - 2014-03-06 20:50 - 00000000 ____D () C:\Users\Ed\AppData\Local\CrashDumps
2014-03-10 09:07 - 2012-03-19 18:04 - 00000000 ___RD () C:\Users\Ed\Dropbox
2014-03-10 09:07 - 2012-03-19 18:02 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\Dropbox
2014-03-10 09:06 - 2014-03-10 09:06 - 00695168 _____ () C:\Windows\Minidump\031014-19188-01.dmp
2014-03-10 09:06 - 2014-03-07 08:17 - 00001504 _____ () C:\Windows\setupact.log
2014-03-10 09:06 - 2014-03-07 01:13 - 716053289 _____ () C:\Windows\MEMORY.DMP
2014-03-10 09:06 - 2012-05-03 19:09 - 00000000 ____D () C:\Windows\Minidump
2014-03-10 09:06 - 2011-10-29 13:47 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-10 09:06 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-09 23:49 - 2014-03-07 11:03 - 01463511 _____ () C:\Windows\WindowsUpdate.log
2014-03-09 21:16 - 2013-11-21 01:59 - 00000000 ____D () C:\Users\Ed\Desktop\from thumb
2014-03-09 20:55 - 2014-03-09 20:55 - 00000922 _____ () C:\Users\Ed\Desktop\Windows Mobile Device Center.lnk
2014-03-09 20:55 - 2014-03-09 20:55 - 00000818 _____ () C:\Users\Ed\Desktop\Documents on Ed's Device.LNK
2014-03-09 20:55 - 2014-03-09 20:55 - 00000000 ____D () C:\Users\Ed\Documents\Documents on Ed's Device
2014-03-09 20:43 - 2014-03-07 10:46 - 00004112 _____ () C:\Windows\PFRO.log
2014-03-09 20:42 - 2014-03-09 20:41 - 13054856 _____ (Microsoft Corporation) C:\Users\Ed\Downloads\drvupdate-amd64.exe
2014-03-09 20:33 - 2014-03-09 20:33 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-03-09 20:23 - 2012-04-24 06:57 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-03-09 20:21 - 2013-01-28 21:36 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\Electronic Arts
2014-03-09 20:20 - 2011-11-14 08:10 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-09 20:18 - 2014-03-09 20:18 - 00262144 _____ () C:\Windows\Minidump\030914-14976-01.dmp
2014-03-09 18:58 - 2014-03-09 18:02 - 02157056 _____ (Farbar) C:\Users\Ed\Desktop\FRST64.exe
2014-03-09 18:26 - 2014-03-09 18:26 - 00262144 _____ () C:\Windows\Minidump\030914-36270-01.dmp
2014-03-09 18:21 - 2014-03-09 18:20 - 00262144 _____ () C:\Windows\Minidump\030914-37845-01.dmp
2014-03-09 18:13 - 2014-03-09 18:13 - 00262144 _____ () C:\Windows\Minidump\030914-36831-01.dmp
2014-03-09 18:06 - 2014-03-09 18:06 - 00035964 _____ () C:\Users\Ed\Desktop\FRST1.txt
2014-03-09 14:35 - 2012-12-07 14:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-08 22:53 - 2013-05-05 20:21 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\vlc
2014-03-08 22:45 - 2014-03-08 22:45 - 00028623 _____ () C:\ComboFix.txt
2014-03-08 22:45 - 2014-03-07 17:30 - 00000000 ____D () C:\Qoobox
2014-03-08 22:43 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-08 22:42 - 2011-10-29 14:27 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\Apple Computer
2014-03-08 22:42 - 2011-10-29 09:11 - 00000000 ___RD () C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-08 22:07 - 2014-03-08 22:07 - 05187267 ____R (Swearware) C:\Users\Ed\Downloads\ComboFix.exe
2014-03-08 21:59 - 2014-03-08 21:59 - 00262144 _____ () C:\Windows\Minidump\030814-12760-01.dmp
2014-03-08 21:54 - 2014-03-08 21:54 - 00262144 _____ () C:\Windows\Minidump\030814-15366-01.dmp
2014-03-08 21:49 - 2014-03-08 21:49 - 00262144 _____ () C:\Windows\Minidump\030814-16208-01.dmp
2014-03-08 21:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-08 21:45 - 2014-03-08 21:43 - 00695168 _____ () C:\Windows\Minidump\030814-17472-01.dmp
2014-03-07 22:32 - 2013-08-30 00:34 - 00000000 ____D () C:\Users\Ed\Desktop\Sarajevo
2014-03-07 21:41 - 2014-03-07 21:41 - 00262144 _____ () C:\Windows\Minidump\030714-25178-01.dmp
2014-03-07 21:02 - 2014-03-07 21:02 - 00262144 _____ () C:\Windows\Minidump\030714-18985-01.dmp
2014-03-07 19:08 - 2014-03-07 19:08 - 00262144 _____ () C:\Windows\Minidump\030714-20966-01.dmp
2014-03-07 18:49 - 2014-03-07 18:49 - 00262144 _____ () C:\Windows\Minidump\030714-26894-01.dmp
2014-03-07 18:47 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\restore
2014-03-07 18:24 - 2012-04-24 06:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-07 18:20 - 2011-10-29 13:47 - 00003886 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-07 18:20 - 2011-10-29 13:47 - 00003634 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-07 18:19 - 2012-12-19 11:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-07 18:19 - 2012-03-15 13:54 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-07 18:19 - 2012-03-15 13:54 - 00000000 ____D () C:\ProgramData\Skype
2014-03-07 18:15 - 2014-03-07 18:15 - 00031945 _____ () C:\Users\Ed\Desktop\combofix.txt
2014-03-07 17:55 - 2014-03-07 17:30 - 00000000 ____D () C:\Windows\erdnt
2014-03-07 17:53 - 2011-10-29 09:10 - 00000000 ____D () C:\Users\Ed
2014-03-07 17:33 - 2014-03-07 17:33 - 00000000 ____D () C:\Users\Ed\Desktop\crime zone
2014-03-07 17:32 - 2014-03-07 17:32 - 00262144 _____ () C:\Windows\Minidump\030714-19983-01.dmp
2014-03-07 15:44 - 2014-03-07 15:44 - 00051301 _____ () C:\Users\Ed\Downloads\Addition.txt
2014-03-07 15:44 - 2014-03-07 15:43 - 00039693 _____ () C:\Users\Ed\Downloads\FRST.txt
2014-03-07 15:43 - 2014-03-07 15:42 - 02156544 _____ (Farbar) C:\Users\Ed\Downloads\FRST64.exe
2014-03-07 15:36 - 2014-03-07 15:36 - 00001720 _____ () C:\Users\Ed\Desktop\Computer.lnk
2014-03-07 12:36 - 2014-03-07 14:07 - 02489024 _____ (Sysinternals - www.sysinternals.com) C:\Users\Ed\Desktop\Procmon.exe
2014-03-07 11:30 - 2013-12-07 11:29 - 00000000 ____D () C:\Users\Ed\Documents\Leica Geosystems
2014-03-07 11:05 - 2014-03-07 11:05 - 00262144 _____ () C:\Windows\Minidump\030714-17316-01.dmp
2014-03-07 08:17 - 2014-03-07 08:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-07 01:13 - 2014-03-07 01:13 - 00274640 _____ () C:\Windows\Minidump\030714-19968-01.dmp
2014-03-07 01:09 - 2013-11-21 02:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-07 00:53 - 2014-03-07 00:53 - 00231534 _____ () C:\Users\Ed\Documents\cc_20140306_235258.reg
2014-03-07 00:38 - 2012-04-30 15:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-07 00:38 - 2012-03-04 19:16 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\DAEMON Tools Lite
2014-03-07 00:38 - 2011-11-10 18:21 - 00000000 ____D () C:\Users\Ed\Tracing
2014-03-07 00:37 - 2011-07-21 09:56 - 00000000 ____D () C:\Windows\Panther
2014-03-06 23:29 - 2014-03-06 23:29 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-06 23:29 - 2014-03-06 23:29 - 00000828 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2014-03-06 23:29 - 2011-12-05 08:44 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-06 20:49 - 2014-03-06 20:49 - 00003224 _____ () C:\Users\Ed\Desktop\RKreport[0]_S_03062014_194915.txt
2014-03-06 20:49 - 2014-03-06 19:57 - 00000000 ____D () C:\Users\Ed\Desktop\RK_Quarantine
2014-02-28 12:31 - 2012-05-13 23:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-27 23:02 - 2014-02-27 02:10 - 00000000 ____D () C:\Users\Ed\Desktop\true views
2014-02-27 12:00 - 2014-02-24 17:03 - 00000000 ____D () C:\Users\Ed\Desktop\c10 download
2014-02-24 16:59 - 2014-02-24 16:59 - 00000000 ____D () C:\Users\Ed\Desktop\texas2
2014-02-24 16:08 - 2013-12-12 10:33 - 00000000 ____D () C:\Users\Ed\Desktop\cyclone databases

ZeroAccess:
C:\Users\Ed\AppData\Local\{cecadfe1-30ee-addb-8e73-be628d393988}

Files to move or delete:
====================
C:\ProgramData\i2eljwf.bxx
C:\ProgramData\i2eljwf.fvv
C:\ProgramData\i2eljwf.reg

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64

LastRegBack: 2014-03-07 21:32

==================== End Of Log ============================



#12 e5569

e5569
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 10 March 2014 - 12:55 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.10.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ed :: MININT-QOLVUQG [administrator]

3/10/2014 11:29:26 AM
mbam-log-2014-03-10 (11-29-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236771
Time elapsed: 5 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)



#13 e5569

e5569
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 10 March 2014 - 01:00 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2014
Ran by Ed (administrator) on MININT-QOLVUQG on 10-03-2014 12:57:19
Running from C:\Users\Ed\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe
(Leica Geosystems ) C:\Program Files\Leica Geosystems\Cyclone\pcebin\cyclonepceservice.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Versant Corporation) C:\Program Files\Leica Geosystems\Cyclone\FastObjectsServer64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer [194432 2011-12-12] (DivX, LLC)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3809163117-2575297278-2665058674-1002\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-02-19] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2011-02-19] (NVIDIA Corporation)
Startup: C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKCU - {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = http://www.bing.com/search?q={searchTerms}
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: No Name - {6E13D095-45C3-4271-9475-F3B48227DD9F} -  No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: LeicaGeosystems.Truview.BHOIEContextMenu - {bf06358f-9f26-4fd8-be6f-553ba6bf665b} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {5911488E-9D1E-40ec-8CBB-06B231CC153F} -  No File
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://client.vpn.lsu.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {CC679CB8-DC4B-458B-B817-D447B3B6AC31} https://client.vpn.lsu.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\xf8g1e7x.default
FF user.js: detected! => C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\xf8g1e7x.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Ed\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Ed\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Ed\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: Yahoo! Toolbar - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\xf8g1e7x.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-09-02]
FF Extension: Windows SideShow - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\xf8g1e7x.default\Extensions\{E94DE9CE-3FF8-64C4-DC0F-D7FA54835A4C} [2013-11-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-04-29]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Skype Click to Call) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-07]
CHR Extension: (Google Wallet) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-10]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-10-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) =================

S4 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1161072 2012-03-29] (Lavasoft Limited)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
S4 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-26] (CyberLink)
R2 CycloneLicenseServer; C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe [1077520 2012-12-05] ()
R2 cyclonepceservice.Service; C:\Program Files\Leica Geosystems\Cyclone\pcebin\cyclonepceservice.exe [111616 2012-12-05] (Leica Geosystems )
R2 Leica HDS Server; C:\Program Files\Leica Geosystems\Cyclone\FastObjectsServer64.exe [550912 2012-12-05] (Versant Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 MSSQL$SQLCADZONE2; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLCADZONE2\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
S4 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2804280 2011-05-17] (Sunbelt Software)
S4 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 SQLAgent$SQLCADZONE2; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLCADZONE2\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation)
S4 ati2mtaa; %systemroot%\system32\dlcg_device.dll [X]
S4 BUFADPT; %systemroot%\system32\lightscribeservice.dll [X]
S4 ctxcpusched; %systemroot%\system32\dac2w2k.dll [X]
S4 eloggersvc6; %systemroot%\system32\USBDongle.dll [X]
S4 HSFHWICH; %systemroot%\system32\hpzius12.dll [X]
S4 incdfs; %systemroot%\system32\rdpcdd.dll [X]
S4 Intel_MIPMNMP; %systemroot%\system32\avhook.dll [X]
S4 ipcsvc; %systemroot%\system32\incdrm.dll [X]
S4 ivscheduler; %systemroot%\system32\ofcpfwsvc.dll [X]
S4 MaRdPnp; %systemroot%\system32\DgiVecp.dll [X]
S4 MQAC; %systemroot%\system32\dcomlaunch.dll [X]
S4 NWDNS; %systemroot%\system32\statusagent4.dll [X]
S4 ovt519; %systemroot%\system32\enxpsvc.dll [X]
S4 samfilt; %systemroot%\system32\orbpvr.dll [X]
S4 spupdsvc; %systemroot%\system32\btwdins.dll [X]
S4 TPwSav; %systemroot%\system32\http.dll [X]
S4 USBDongle; %systemroot%\system32\VAIOMediaPlatform-VideoServer-UPnP.dll [X]
S4 UWProSys; %systemroot%\system32\MpFilter.dll [X]
S4 vaiomediaplatform-videoserver-appserver; %systemroot%\system32\sgeclient.dll [X]
S4 vmkbd2; %systemroot%\system32\ctdvda2k.dll [X]
S4 vmodem; %systemroot%\system32\kbfiltr.dll [X]
S4 winpower; %systemroot%\system32\beatjamupnpmusicserver.dll [X]
S4 wpshelper; %systemroot%\system32\a016mdfl.dll [X]
S4 XDva004; %systemroot%\system32\lvhidsvc.dll [X]

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-03-04] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MEMSWEEP2; C:\Windows\system32\AE0B.tmp [6144 2011-05-12] (Sophos Plc)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [72280 2011-05-11] (Sunbelt Software)
R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [253528 2011-04-05] (Sunbelt Software, Inc.)
S3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
R3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [60504 2011-04-05] (Sunbelt Software, Inc.)
R1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [55384 2011-04-29] (Sunbelt Software)
R1 SBRE; C:\Windows\SysWOW64\drivers\SBREdrv.sys [101720 2011-04-29] (Sunbelt Software)
R1 SbTis; C:\Windows\System32\drivers\sbtis.sys [94296 2011-04-05] (Sunbelt Software, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0; \??\c:\gencotst\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-10 12:33 - 2014-03-10 12:34 - 00262144 _____ () C:\Windows\Minidump\031014-17924-01.dmp
2014-03-10 11:56 - 2014-03-10 11:56 - 00262144 _____ () C:\Windows\Minidump\031014-21372-01.dmp
2014-03-10 11:20 - 2014-03-10 11:20 - 00262144 _____ () C:\Windows\Minidump\031014-17565-01.dmp
2014-03-10 09:15 - 2014-03-10 09:15 - 00000000 __SHD () C:\Users\Ed\Documents\cache
2014-03-10 09:15 - 2014-03-10 09:15 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\webex
2014-03-10 09:15 - 2014-03-10 09:15 - 00000000 ____D () C:\ProgramData\WebEx
2014-03-10 09:14 - 2014-03-10 09:14 - 00258928 _____ (Cisco WebEx LLC) C:\Users\Ed\Downloads\Cisco_WebEx_Add-On.exe
2014-03-10 09:06 - 2014-03-10 09:06 - 00695168 _____ () C:\Windows\Minidump\031014-19188-01.dmp
2014-03-09 20:55 - 2014-03-09 20:55 - 00000922 _____ () C:\Users\Ed\Desktop\Windows Mobile Device Center.lnk
2014-03-09 20:55 - 2014-03-09 20:55 - 00000818 _____ () C:\Users\Ed\Desktop\Documents on Ed's Device.LNK
2014-03-09 20:55 - 2014-03-09 20:55 - 00000000 ____D () C:\Users\Ed\Documents\Documents on Ed's Device
2014-03-09 20:41 - 2014-03-09 20:42 - 13054856 _____ (Microsoft Corporation) C:\Users\Ed\Downloads\drvupdate-amd64.exe
2014-03-09 20:33 - 2014-03-09 20:33 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-03-09 20:18 - 2014-03-09 20:18 - 00262144 _____ () C:\Windows\Minidump\030914-14976-01.dmp
2014-03-09 18:26 - 2014-03-09 18:26 - 00262144 _____ () C:\Windows\Minidump\030914-36270-01.dmp
2014-03-09 18:20 - 2014-03-09 18:21 - 00262144 _____ () C:\Windows\Minidump\030914-37845-01.dmp
2014-03-09 18:13 - 2014-03-09 18:13 - 00262144 _____ () C:\Windows\Minidump\030914-36831-01.dmp
2014-03-09 18:06 - 2014-03-09 18:06 - 00035964 _____ () C:\Users\Ed\Desktop\FRST1.txt
2014-03-09 18:02 - 2014-03-10 12:57 - 00025133 _____ () C:\Users\Ed\Desktop\FRST.txt
2014-03-09 18:02 - 2014-03-09 18:58 - 02157056 _____ (Farbar) C:\Users\Ed\Desktop\FRST64.exe
2014-03-08 22:45 - 2014-03-08 22:45 - 00028623 _____ () C:\ComboFix.txt
2014-03-08 22:07 - 2014-03-08 22:07 - 05187267 ____R (Swearware) C:\Users\Ed\Downloads\ComboFix.exe
2014-03-08 21:59 - 2014-03-08 21:59 - 00262144 _____ () C:\Windows\Minidump\030814-12760-01.dmp
2014-03-08 21:54 - 2014-03-08 21:54 - 00262144 _____ () C:\Windows\Minidump\030814-15366-01.dmp
2014-03-08 21:49 - 2014-03-08 21:49 - 00262144 _____ () C:\Windows\Minidump\030814-16208-01.dmp
2014-03-08 21:43 - 2014-03-08 21:45 - 00695168 _____ () C:\Windows\Minidump\030814-17472-01.dmp
2014-03-07 21:41 - 2014-03-07 21:41 - 00262144 _____ () C:\Windows\Minidump\030714-25178-01.dmp
2014-03-07 21:02 - 2014-03-07 21:02 - 00262144 _____ () C:\Windows\Minidump\030714-18985-01.dmp
2014-03-07 19:08 - 2014-03-07 19:08 - 00262144 _____ () C:\Windows\Minidump\030714-20966-01.dmp
2014-03-07 18:49 - 2014-03-07 18:49 - 00262144 _____ () C:\Windows\Minidump\030714-26894-01.dmp
2014-03-07 18:15 - 2014-03-07 18:15 - 00031945 _____ () C:\Users\Ed\Desktop\combofix.txt
2014-03-07 17:33 - 2014-03-07 17:33 - 00000000 ____D () C:\Users\Ed\Desktop\crime zone
2014-03-07 17:32 - 2014-03-07 17:32 - 00262144 _____ () C:\Windows\Minidump\030714-19983-01.dmp
2014-03-07 17:30 - 2014-03-08 22:45 - 00000000 ____D () C:\Qoobox
2014-03-07 17:30 - 2014-03-07 17:55 - 00000000 ____D () C:\Windows\erdnt
2014-03-07 17:30 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-07 17:30 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-07 17:30 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-07 17:30 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-07 17:30 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-07 17:30 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-07 17:30 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-07 17:30 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-07 15:44 - 2014-03-07 15:44 - 00051301 _____ () C:\Users\Ed\Downloads\Addition.txt
2014-03-07 15:43 - 2014-03-10 12:57 - 00000000 ____D () C:\FRST
2014-03-07 15:43 - 2014-03-07 15:44 - 00039693 _____ () C:\Users\Ed\Downloads\FRST.txt
2014-03-07 15:42 - 2014-03-07 15:43 - 02156544 _____ (Farbar) C:\Users\Ed\Downloads\FRST64.exe
2014-03-07 15:36 - 2014-03-07 15:36 - 00001720 _____ () C:\Users\Ed\Desktop\Computer.lnk
2014-03-07 14:07 - 2014-03-07 12:36 - 02489024 _____ (Sysinternals - www.sysinternals.com) C:\Users\Ed\Desktop\Procmon.exe
2014-03-07 11:05 - 2014-03-07 11:05 - 00262144 _____ () C:\Windows\Minidump\030714-17316-01.dmp
2014-03-07 11:03 - 2014-03-10 12:37 - 01477566 _____ () C:\Windows\WindowsUpdate.log
2014-03-07 10:46 - 2014-03-09 20:43 - 00004112 _____ () C:\Windows\PFRO.log
2014-03-07 08:17 - 2014-03-10 12:33 - 00001672 _____ () C:\Windows\setupact.log
2014-03-07 08:17 - 2014-03-07 08:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-07 01:13 - 2014-03-10 12:33 - 569360671 _____ () C:\Windows\MEMORY.DMP
2014-03-07 01:13 - 2014-03-07 01:13 - 00274640 _____ () C:\Windows\Minidump\030714-19968-01.dmp
2014-03-07 00:53 - 2014-03-07 00:53 - 00231534 _____ () C:\Users\Ed\Documents\cc_20140306_235258.reg
2014-03-06 23:29 - 2014-03-06 23:29 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-06 23:29 - 2014-03-06 23:29 - 00000828 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2014-03-06 20:50 - 2014-03-10 12:35 - 00000000 ____D () C:\Users\Ed\AppData\Local\CrashDumps
2014-03-06 20:49 - 2014-03-06 20:49 - 00003224 _____ () C:\Users\Ed\Desktop\RKreport[0]_S_03062014_194915.txt
2014-03-06 19:57 - 2014-03-06 20:49 - 00000000 ____D () C:\Users\Ed\Desktop\RK_Quarantine
2014-02-27 02:10 - 2014-02-27 23:02 - 00000000 ____D () C:\Users\Ed\Desktop\true views
2014-02-24 17:03 - 2014-02-27 12:00 - 00000000 ____D () C:\Users\Ed\Desktop\c10 download
2014-02-24 16:59 - 2014-02-24 16:59 - 00000000 ____D () C:\Users\Ed\Desktop\texas2

==================== One Month Modified Files and Folders =======

2014-03-10 12:57 - 2014-03-09 18:02 - 00025133 _____ () C:\Users\Ed\Desktop\FRST.txt
2014-03-10 12:57 - 2014-03-07 15:43 - 00000000 ____D () C:\FRST
2014-03-10 12:43 - 2012-04-24 06:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-10 12:41 - 2009-07-13 23:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-10 12:41 - 2009-07-13 23:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-10 12:38 - 2009-07-14 00:13 - 00871470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-10 12:37 - 2014-03-07 11:03 - 01477566 _____ () C:\Windows\WindowsUpdate.log
2014-03-10 12:35 - 2014-03-06 20:50 - 00000000 ____D () C:\Users\Ed\AppData\Local\CrashDumps
2014-03-10 12:35 - 2012-03-19 18:04 - 00000000 ___RD () C:\Users\Ed\Dropbox
2014-03-10 12:35 - 2012-03-19 18:02 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\Dropbox
2014-03-10 12:35 - 2012-03-15 13:54 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\Skype
2014-03-10 12:34 - 2014-03-10 12:33 - 00262144 _____ () C:\Windows\Minidump\031014-17924-01.dmp
2014-03-10 12:34 - 2011-10-29 13:47 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-10 12:34 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-10 12:33 - 2014-03-07 08:17 - 00001672 _____ () C:\Windows\setupact.log
2014-03-10 12:33 - 2014-03-07 01:13 - 569360671 _____ () C:\Windows\MEMORY.DMP
2014-03-10 12:33 - 2012-05-03 19:09 - 00000000 ____D () C:\Windows\Minidump
2014-03-10 12:25 - 2011-10-29 13:47 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-10 11:56 - 2014-03-10 11:56 - 00262144 _____ () C:\Windows\Minidump\031014-21372-01.dmp
2014-03-10 11:20 - 2014-03-10 11:20 - 00262144 _____ () C:\Windows\Minidump\031014-17565-01.dmp
2014-03-10 10:20 - 2012-06-25 15:07 - 00000000 ____D () C:\Users\Ed\Desktop\Spyware Tools
2014-03-10 09:15 - 2014-03-10 09:15 - 00000000 __SHD () C:\Users\Ed\Documents\cache
2014-03-10 09:15 - 2014-03-10 09:15 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\webex
2014-03-10 09:15 - 2014-03-10 09:15 - 00000000 ____D () C:\ProgramData\WebEx
2014-03-10 09:15 - 2011-11-04 21:39 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\Mozilla
2014-03-10 09:14 - 2014-03-10 09:14 - 00258928 _____ (Cisco WebEx LLC) C:\Users\Ed\Downloads\Cisco_WebEx_Add-On.exe
2014-03-10 09:06 - 2014-03-10 09:06 - 00695168 _____ () C:\Windows\Minidump\031014-19188-01.dmp
2014-03-09 21:16 - 2013-11-21 01:59 - 00000000 ____D () C:\Users\Ed\Desktop\from thumb
2014-03-09 20:55 - 2014-03-09 20:55 - 00000922 _____ () C:\Users\Ed\Desktop\Windows Mobile Device Center.lnk
2014-03-09 20:55 - 2014-03-09 20:55 - 00000818 _____ () C:\Users\Ed\Desktop\Documents on Ed's Device.LNK
2014-03-09 20:55 - 2014-03-09 20:55 - 00000000 ____D () C:\Users\Ed\Documents\Documents on Ed's Device
2014-03-09 20:43 - 2014-03-07 10:46 - 00004112 _____ () C:\Windows\PFRO.log
2014-03-09 20:42 - 2014-03-09 20:41 - 13054856 _____ (Microsoft Corporation) C:\Users\Ed\Downloads\drvupdate-amd64.exe
2014-03-09 20:33 - 2014-03-09 20:33 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-03-09 20:23 - 2012-04-24 06:57 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-03-09 20:21 - 2013-01-28 21:36 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\Electronic Arts
2014-03-09 20:20 - 2011-11-14 08:10 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-09 20:18 - 2014-03-09 20:18 - 00262144 _____ () C:\Windows\Minidump\030914-14976-01.dmp
2014-03-09 18:58 - 2014-03-09 18:02 - 02157056 _____ (Farbar) C:\Users\Ed\Desktop\FRST64.exe
2014-03-09 18:26 - 2014-03-09 18:26 - 00262144 _____ () C:\Windows\Minidump\030914-36270-01.dmp
2014-03-09 18:21 - 2014-03-09 18:20 - 00262144 _____ () C:\Windows\Minidump\030914-37845-01.dmp
2014-03-09 18:13 - 2014-03-09 18:13 - 00262144 _____ () C:\Windows\Minidump\030914-36831-01.dmp
2014-03-09 18:06 - 2014-03-09 18:06 - 00035964 _____ () C:\Users\Ed\Desktop\FRST1.txt
2014-03-09 14:35 - 2012-12-07 14:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-08 22:53 - 2013-05-05 20:21 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\vlc
2014-03-08 22:45 - 2014-03-08 22:45 - 00028623 _____ () C:\ComboFix.txt
2014-03-08 22:45 - 2014-03-07 17:30 - 00000000 ____D () C:\Qoobox
2014-03-08 22:43 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-08 22:42 - 2011-10-29 14:27 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\Apple Computer
2014-03-08 22:42 - 2011-10-29 09:11 - 00000000 ___RD () C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-08 22:07 - 2014-03-08 22:07 - 05187267 ____R (Swearware) C:\Users\Ed\Downloads\ComboFix.exe
2014-03-08 21:59 - 2014-03-08 21:59 - 00262144 _____ () C:\Windows\Minidump\030814-12760-01.dmp
2014-03-08 21:54 - 2014-03-08 21:54 - 00262144 _____ () C:\Windows\Minidump\030814-15366-01.dmp
2014-03-08 21:49 - 2014-03-08 21:49 - 00262144 _____ () C:\Windows\Minidump\030814-16208-01.dmp
2014-03-08 21:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-08 21:45 - 2014-03-08 21:43 - 00695168 _____ () C:\Windows\Minidump\030814-17472-01.dmp
2014-03-07 22:32 - 2013-08-30 00:34 - 00000000 ____D () C:\Users\Ed\Desktop\Sarajevo
2014-03-07 21:41 - 2014-03-07 21:41 - 00262144 _____ () C:\Windows\Minidump\030714-25178-01.dmp
2014-03-07 21:02 - 2014-03-07 21:02 - 00262144 _____ () C:\Windows\Minidump\030714-18985-01.dmp
2014-03-07 19:08 - 2014-03-07 19:08 - 00262144 _____ () C:\Windows\Minidump\030714-20966-01.dmp
2014-03-07 18:49 - 2014-03-07 18:49 - 00262144 _____ () C:\Windows\Minidump\030714-26894-01.dmp
2014-03-07 18:47 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\restore
2014-03-07 18:24 - 2012-04-24 06:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-07 18:20 - 2011-10-29 13:47 - 00003886 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-07 18:20 - 2011-10-29 13:47 - 00003634 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-07 18:19 - 2012-12-19 11:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-07 18:19 - 2012-03-15 13:54 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-07 18:19 - 2012-03-15 13:54 - 00000000 ____D () C:\ProgramData\Skype
2014-03-07 18:15 - 2014-03-07 18:15 - 00031945 _____ () C:\Users\Ed\Desktop\combofix.txt
2014-03-07 17:55 - 2014-03-07 17:30 - 00000000 ____D () C:\Windows\erdnt
2014-03-07 17:53 - 2011-10-29 09:10 - 00000000 ____D () C:\Users\Ed
2014-03-07 17:33 - 2014-03-07 17:33 - 00000000 ____D () C:\Users\Ed\Desktop\crime zone
2014-03-07 17:32 - 2014-03-07 17:32 - 00262144 _____ () C:\Windows\Minidump\030714-19983-01.dmp
2014-03-07 15:44 - 2014-03-07 15:44 - 00051301 _____ () C:\Users\Ed\Downloads\Addition.txt
2014-03-07 15:44 - 2014-03-07 15:43 - 00039693 _____ () C:\Users\Ed\Downloads\FRST.txt
2014-03-07 15:43 - 2014-03-07 15:42 - 02156544 _____ (Farbar) C:\Users\Ed\Downloads\FRST64.exe
2014-03-07 15:36 - 2014-03-07 15:36 - 00001720 _____ () C:\Users\Ed\Desktop\Computer.lnk
2014-03-07 12:36 - 2014-03-07 14:07 - 02489024 _____ (Sysinternals - www.sysinternals.com) C:\Users\Ed\Desktop\Procmon.exe
2014-03-07 11:30 - 2013-12-07 11:29 - 00000000 ____D () C:\Users\Ed\Documents\Leica Geosystems
2014-03-07 11:05 - 2014-03-07 11:05 - 00262144 _____ () C:\Windows\Minidump\030714-17316-01.dmp
2014-03-07 08:17 - 2014-03-07 08:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-07 01:13 - 2014-03-07 01:13 - 00274640 _____ () C:\Windows\Minidump\030714-19968-01.dmp
2014-03-07 01:09 - 2013-11-21 02:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-07 00:53 - 2014-03-07 00:53 - 00231534 _____ () C:\Users\Ed\Documents\cc_20140306_235258.reg
2014-03-07 00:38 - 2012-04-30 15:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-07 00:38 - 2012-03-04 19:16 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\DAEMON Tools Lite
2014-03-07 00:38 - 2011-11-10 18:21 - 00000000 ____D () C:\Users\Ed\Tracing
2014-03-07 00:37 - 2011-07-21 09:56 - 00000000 ____D () C:\Windows\Panther
2014-03-06 23:29 - 2014-03-06 23:29 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-06 23:29 - 2014-03-06 23:29 - 00000828 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2014-03-06 23:29 - 2011-12-05 08:44 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-06 20:49 - 2014-03-06 20:49 - 00003224 _____ () C:\Users\Ed\Desktop\RKreport[0]_S_03062014_194915.txt
2014-03-06 20:49 - 2014-03-06 19:57 - 00000000 ____D () C:\Users\Ed\Desktop\RK_Quarantine
2014-02-28 12:31 - 2012-05-13 23:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-27 23:02 - 2014-02-27 02:10 - 00000000 ____D () C:\Users\Ed\Desktop\true views
2014-02-27 12:00 - 2014-02-24 17:03 - 00000000 ____D () C:\Users\Ed\Desktop\c10 download
2014-02-24 16:59 - 2014-02-24 16:59 - 00000000 ____D () C:\Users\Ed\Desktop\texas2
2014-02-24 16:08 - 2013-12-12 10:33 - 00000000 ____D () C:\Users\Ed\Desktop\cyclone databases

ZeroAccess:
C:\Users\Ed\AppData\Local\{cecadfe1-30ee-addb-8e73-be628d393988}

Files to move or delete:
====================
C:\ProgramData\i2eljwf.bxx
C:\ProgramData\i2eljwf.fvv
C:\ProgramData\i2eljwf.reg

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64

LastRegBack: 2014-03-10 11:12

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-03-2014
Ran by Ed at 2014-03-10 12:57:34
Running from C:\Users\Ed\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Ad-Aware Antivirus (HKLM-x32\...\{cc937cbc-4be2-4227-9660-ff2f2a1d9467}) (Version: 10.0.185.3207 - Lavasoft Limited)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 0.9.0.2 - Lavasoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.0.0.4080 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.0.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.4.402.287 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.3.2291.0 - Microsoft Corporation)
Bing Bar Platform (x32 Version: 6.3.2291.0 - Microsoft Corporation) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)
Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version:  - Treyarch)
Canon Auto Update Service (HKLM-x32\...\Auto Update Service) (Version: 1.1.0.13 - Canon Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.9.0.8 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.8.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.9.0.6 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.6.0.11 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM-x32\...\CameraWindowLauncher) (Version: 7.6.0.1 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.5.0.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.8.0.10 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.6.0.15 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{F82C81F9-ADB5-42BD-AFE9-DD5DFDD215E3}) (Version: 1.0.135 - Citrix)
Crash Zone 9 (HKLM-x32\...\InstallShield_{306F3C18-8109-4186-8C96-71E8758D194D}) (Version: 9.4.81 - The CAD Zone)
Crash Zone 9 (x32 Version: 9.4.81 - The CAD Zone) Hidden
Crime Zone 9 (HKLM-x32\...\InstallShield_{680280A7-CF0C-4449-B05B-CD7C4C14A13B}) (Version: 9.4.0 - The CAD Zone)
Crime Zone 9 (x32 Version: 9.4.0 - The CAD Zone) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.3426 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.3.0297 - DT Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A606DAFB-9991-4C9F-9348-E04B5237DEB9}) (Version:  - Microsoft)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Diagram Viewer 8 (HKLM-x32\...\InstallShield_{0B67F370-8772-49D6-95C2-435BDCD03DE7}) (Version: 8.5.0 - The CAD Zone, Inc.)
Diagram Viewer 8 (x32 Version: 8.5.0 - The CAD Zone, Inc.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Fire Zone 9 (HKLM-x32\...\InstallShield_{4519D428-3DFE-4FEB-A7B7-5FFFB7D24B4B}) (Version: 9.1.5 - The CAD Zone)
Fire Zone 9 (x32 Version: 9.1.5 - The CAD Zone) Hidden
First Look Pro 5 (HKLM-x32\...\InstallShield_{2925592A-74DC-49BD-B9DB-1741D3EA7C42}) (Version: 5.0.2.0 - The CAD Zone)
First Look Pro 5 (x32 Version: 5.0.2.0 - The CAD Zone) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GoToMeeting 5.7.0.1172 (HKCU\...\GoToMeeting) (Version: 5.7.0.1172 - CitrixOnline)
GPSBabel 1.4.2 (HKLM-x32\...\{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1) (Version:  - GPSBabel)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.8.208 - SurfRight B.V.)
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version:  - Christian Kindahl)
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2253 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Leica Cyclone 8.0 (HKLM-x32\...\{73A41B75-926C-43F5-B981-C633F6FB3C5C}) (Version: 8.0.0 - Leica Geosystems)
Leica pcE RunTime 2.1.0.7360 (HKLM-x32\...\InstallShield_{5A99D3FB-A210-7360-831A-49ED49A7BFC5}) (Version: 2.1.0.7360 - Leica Geosystems)
Leica pcE RunTime 2.1.0.7360 (Version: 2.1.0.7360 - Leica Geosystems) Hidden
Leica TruView 3.0 (HKLM-x32\...\{6DC0D03D-03E4-47EC-B2E0-737745088E42}) (Version: 3.0 - Leica Geosystems)
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Marketsplash Shortcuts (HKLM-x32\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard)
MARPLOT Version 4.2.1 (HKLM-x32\...\MARPLOT_is1) (Version:  - NOAA,EPA)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 3.0.131.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{2180B33F-3225-423E-BBC1-7798CFD3CD1F}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Mozilla Thunderbird 17.0.8 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 17.0.8 (x86 en-US)) (Version: 17.0.8 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Display Control Panel (HKLM\...\{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 6.14.12.6721 - NVIDIA Corporation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.10 - Dell Inc.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6267 - Realtek Semiconductor Corp.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (HKLM-x32\...\{083988D7-BDA9-4244-983B-409A634BBC09}) (Version: 13.0.1.220 - SAP)
SketchUp 8 (HKLM-x32\...\{779D8CA1-03DD-4AD4-B21F-3E20BFE7BEDE}) (Version: 3.0.15158 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.0.14735.1561 - Microsoft Corporation)
Skype™ 6.9 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.9.106 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.2 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SQL Server 2008 R2 Common Files (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated)
The CAD Zone (HKLM\...\The CAD Zone) (Version:  - )
Tixati (HKLM-x32\...\tixati) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{06ABCB4E-77D8-4420-B2EA-EF51558DBFD1}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{06ABCB4E-77D8-4420-B2EA-EF51558DBFD1}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38990592-F6A1-4A26-96C7-0600E36AE794}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{5EBDE1DE-3B28-4134-AB00-85CFF2B4F94D}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Windows Driver Package - KEYLOK (usbkey) USB  (06/10/2010 64.0.0.0) (HKLM\...\B048A6D4B0188E5A802ADFF30A7C78FA4AD99BE0) (Version: 06/10/2010 64.0.0.0 - KEYLOK)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Toolbar (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D7}) (Version: 17.0.10283 - WinZip Computing, S.L. )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Restore Points  =========================

==================== Hosts content: ==========================

2014-03-07 17:55 - 2014-03-08 22:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1DE3942E-0794-44E7-B1EF-DD538CB94A3E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-29] (Google Inc.)
Task: {27E9F956-9324-4524-A4CE-A7646F687472} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2012-03-29] (Lavasoft Limited)
Task: {4F94CE4F-865E-4E90-AC69-F64502E067B6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {632CFEFA-64F0-4E23-917B-DA0931CFDFEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-29] (Google Inc.)
Task: {AD74EF23-6D6C-40D0-B9E5-9B912BD4338A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-07] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FaxApplications.exe_{0A4C0E57-A458-4636-9606-4239C8E092A3}.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Officejet Pro 8600.exe_{8F207044-753B-47AA-97D3-914C3E9DE707}.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HP Officejet Pro 8600.exe
Task: C:\Windows\Tasks\HPCustPartic.exe_{1945D01E-2E63-4054-BF08-2837BB8E0392}.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\Windows\Tasks\ScanToPCActivationApp.exe_{F025664E-43F1-4AC3-A75E-FDD37F8498E2}.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
Task: C:\Windows\Tasks\Toolbox.exe_{E4B0BAFB-855A-491F-B456-DE6581787ABA}.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\Toolbox.exe

==================== Loaded Modules (whitelisted) =============

2011-05-02 14:41 - 2011-05-02 14:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-10-31 20:50 - 2010-12-10 10:24 - 00087040 _____ () C:\Windows\System32\custmon64.dll
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-12-07 11:28 - 2012-12-05 16:41 - 01077520 _____ () C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe
2013-12-07 11:29 - 2013-12-07 11:29 - 00055296 _____ () C:\Windows\assembly\GAC_MSIL\LeicaGeosystems.ApiFramework.UrlTransformations\2.1.0.7360__a2d8cb243728cfa0\LeicaGeosystems.ApiFramework.UrlTransformations.dll
2011-05-02 14:41 - 2011-05-02 14:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-10-18 18:55 - 2013-10-18 18:55 - 25100288 _____ () C:\Users\Ed\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: Ad-Aware Service => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: aspnet_state => 3
MSCONFIG\Services: ati2mtaa => 2
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: AudioSrv => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Browser => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: BUFADPT => 2
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: CLKMSVC10_9EC60124 => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: ctxcpusched => 2
MSCONFIG\Services: cvhsvc => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: Dnscache => 2
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: EapHost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: eloggersvc6 => 2
MSCONFIG\Services: eventlog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: HSFHWICH => 2
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: incdfs => 2
MSCONFIG\Services: Intel_MIPMNMP => 2
MSCONFIG\Services: IPBusEnum => 3
MSCONFIG\Services: ipcsvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: ivscheduler => 2
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: MaRdPnp => 2
MSCONFIG\Services: Microsoft SharePoint Workspace Audit Service => 3
MSCONFIG\Services: MMCSS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MQAC => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: msiserver => 3
MSCONFIG\Services: MSSQL$SQLCADZONE2 => 2
MSCONFIG\Services: napagent => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: NVSvc => 2
MSCONFIG\Services: NWDNS => 2
MSCONFIG\Services: ose => 3
MSCONFIG\Services: osppsvc => 3
MSCONFIG\Services: ovt519 => 2
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 2
MSCONFIG\Services: Power => 2
MSCONFIG\Services: ProtectedStorage => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: RoxMediaDB12OEM => 3
MSCONFIG\Services: RoxWatch12 => 2
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: samfilt => 2
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: SBAMSvc => 2
MSCONFIG\Services: SBSDWSCService => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: SeaPort => 2
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: sftlist => 2
MSCONFIG\Services: sftvsa => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: sppuinotify => 3
MSCONFIG\Services: spupdsvc => 2
MSCONFIG\Services: SQLBrowser => 2
MSCONFIG\Services: SQLWriter => 2
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TBS => 3
MSCONFIG\Services: TermService => 2
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TPwSav => 2
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: USBDongle => 2
MSCONFIG\Services: UWProSys => 2
MSCONFIG\Services: UxSms => 2
MSCONFIG\Services: vaiomediaplatform-videoserver-appserver => 2
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: vmkbd2 => 2
MSCONFIG\Services: vmodem => 2
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: WatAdminSvc => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: winpower => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: Wlansvc => 2
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: wpshelper => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wudfsvc => 2
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\Services: XDva004 => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^Users^Ed^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Ad-Aware Antivirus => "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
MSCONFIG\startupreg: Ad-Aware Browsing Protection => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NVHotkey => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: StartNowToolbarHelper => "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/10/2014 00:34:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: CS6ServiceManager.exe, version: 3.0.0.389, time stamp: 0x4f5a20ec
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000374
Fault offset: 0x000ce6c3
Faulting process id: 0xf7c
Faulting application start time: 0xCS6ServiceManager.exe0
Faulting application path: CS6ServiceManager.exe1
Faulting module path: CS6ServiceManager.exe2
Report Id: CS6ServiceManager.exe3

Error: (03/10/2014 00:34:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2014 11:57:18 AM) (Source: Application Error) (User: )
Description: Faulting application name: CS6ServiceManager.exe, version: 3.0.0.389, time stamp: 0x4f5a20ec
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000374
Fault offset: 0x000ce6c3
Faulting process id: 0xe68
Faulting application start time: 0xCS6ServiceManager.exe0
Faulting application path: CS6ServiceManager.exe1
Faulting module path: CS6ServiceManager.exe2
Report Id: CS6ServiceManager.exe3

Error: (03/10/2014 11:56:55 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2014 11:55:01 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{a1378618-b3a1-11e0-90b9-806e6f6e6963} - 0000000000000188,0x0053c06c,0000000000331100,0,00000000003EE630,4096,[0]).  hr = 0x8007045d, The request could not be performed because of an I/O device error.
.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (03/10/2014 11:54:52 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{a1378618-b3a1-11e0-90b9-806e6f6e6963} - 0000000000000150,0x0053c06c,000000000032FFD0,0,00000000003EE480,4096,[0]).  hr = 0x8007045d, The request could not be performed because of an I/O device error.
.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (03/10/2014 11:54:43 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{a1378618-b3a1-11e0-90b9-806e6f6e6963} - 0000000000000198,0x0053c06c,000000000032DFD0,0,00000000003EE480,4096,[0]).  hr = 0x8007045d, The request could not be performed because of an I/O device error.
.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (03/10/2014 11:54:34 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{a1378618-b3a1-11e0-90b9-806e6f6e6963} - 0000000000000150,0x0053c06c,0000000000329FD0,0,00000000003EE480,4096,[0]).  hr = 0x8007045d, The request could not be performed because of an I/O device error.
.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (03/10/2014 11:21:33 AM) (Source: Application Error) (User: )
Description: Faulting application name: CS6ServiceManager.exe, version: 3.0.0.389, time stamp: 0x4f5a20ec
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000374
Fault offset: 0x000ce6c3
Faulting process id: 0xf28
Faulting application start time: 0xCS6ServiceManager.exe0
Faulting application path: CS6ServiceManager.exe1
Faulting module path: CS6ServiceManager.exe2
Report Id: CS6ServiceManager.exe3

Error: (03/10/2014 11:21:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (03/10/2014 00:34:32 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (03/10/2014 00:34:19 PM) (Source: Service Control Manager) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.

Error: (03/10/2014 00:34:19 PM) (Source: Service Control Manager) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

Error: (03/10/2014 00:34:15 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (03/10/2014 00:34:04 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (03/10/2014 00:34:02 PM) (Source: BugCheck) (User: )
Description: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP031014-17924-01

Error: (03/10/2014 00:33:57 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:32:35 PM on ‎3/‎10/‎2014 was unexpected.

Error: (03/10/2014 11:56:57 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (03/10/2014 11:56:46 AM) (Source: Service Control Manager) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.

Error: (03/10/2014 11:56:46 AM) (Source: Service Control Manager) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

Microsoft Office Sessions:
=========================
Error: (03/10/2014 00:34:59 PM) (Source: Application Error)(User: )
Description: CS6ServiceManager.exe3.0.0.3894f5a20ecntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c3f7c01cf3c870b8eadd5C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exeC:\Windows\SysWOW64\ntdll.dll4d67db7a-a87a-11e3-ba26-bc77378a128f

Error: (03/10/2014 00:34:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2014 11:57:18 AM) (Source: Application Error)(User: )
Description: CS6ServiceManager.exe3.0.0.3894f5a20ecntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c3e6801cf3c81c70c99adC:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exeC:\Windows\SysWOW64\ntdll.dll09b83a5e-a875-11e3-b7fc-bc77378a128f

Error: (03/10/2014 11:56:55 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2014 11:55:01 AM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{a1378618-b3a1-11e0-90b9-806e6f6e6963} - 0000000000000188,0x0053c06c,0000000000331100,0,00000000003EE630,4096,[0])0x8007045d, The request could not be performed because of an I/O device error.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (03/10/2014 11:54:52 AM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{a1378618-b3a1-11e0-90b9-806e6f6e6963} - 0000000000000150,0x0053c06c,000000000032FFD0,0,00000000003EE480,4096,[0])0x8007045d, The request could not be performed because of an I/O device error.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (03/10/2014 11:54:43 AM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{a1378618-b3a1-11e0-90b9-806e6f6e6963} - 0000000000000198,0x0053c06c,000000000032DFD0,0,00000000003EE480,4096,[0])0x8007045d, The request could not be performed because of an I/O device error.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (03/10/2014 11:54:34 AM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{a1378618-b3a1-11e0-90b9-806e6f6e6963} - 0000000000000150,0x0053c06c,0000000000329FD0,0,00000000003EE480,4096,[0])0x8007045d, The request could not be performed because of an I/O device error.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (03/10/2014 11:21:33 AM) (Source: Application Error)(User: )
Description: CS6ServiceManager.exe3.0.0.3894f5a20ecntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c3f2801cf3c7cc8a18361C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exeC:\Windows\SysWOW64\ntdll.dll0acacdc3-a870-11e3-ba65-bc77378a128f

Error: (03/10/2014 11:21:09 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2014-03-08 21:42:40.453
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-08 21:42:40.406
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-08 21:42:40.359
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-08 21:42:40.312
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-07 16:52:52.685
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-07 16:52:52.670
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 8106.17 MB
Available physical RAM: 5962.1 MB
Total Pagefile: 16212.34 MB
Available Pagefile: 14021.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:684.96 GB) (Free:461.55 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:7.3 GB) NTFS
Drive e: (DVD_VIDEO_RECORDER) (CDROM) (Total:1.19 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: FFA0B6ED)

Partition: GPT Partition Type.

==================== End Of Log ============================



#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:40 AM

Posted 11 March 2014 - 06:48 AM

It looks like you've scanned twice but didn't do the fix.

Can you please repeat the steps 1 and 3 from the last instructions? In step 1 you have to click the "Fix" button and not the "Scan" button. :)



#15 e5569

e5569
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 12 March 2014 - 03:13 PM

Sorry, let me see what I did wrong






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users