Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Won't Let AV Run


  • Please log in to reply
10 replies to this topic

#1 chili2

chili2

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 10 April 2014 - 08:33 AM

Mod Edit:  Split from http://www.bleepingcomputer.com/forums/t/529388/malware-wont-let-antivirus-run-rkill-says-it-works-but-malware-restarts/ - Hamluis.

 

Okay got malwarebytes and super anti spyware to run and both removed viruses. Rebooted and re-ran them and found no viruses. I am able to start windows defender, but no security essentials. When I try to install SE, I get a error. I googled that error and it said it was a windows update error. I completely updated everyting in windows but still the error:

"cannot complete security essentials instllation"

error code:0X800700B7

 

DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16843  BrowserJavaVersion: 1.6.0_21
Run by osigns at 6:24:01 on 2014-04-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2814.649 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exe
C:\Windows\system32\ntvdm.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe
C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
C:\Program Files\NewsLeecher\newsLeecher.exe
C:\Users\osigns\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\Explorer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
StartupFolder: c:\users\osigns\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\osigns\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\osigns\appdata\roaming\micros~1\windows\startm~1\programs\startup\_UNINS~1.LNK -
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
uPolicies-System: EnableLUA = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download with Mipony - c:\program files\mipony\browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: NameServer = 192.168.0.1 205.171.3.65
TCP: Interfaces\{F415D676-1A76-4CE2-A1A5-E4035F60C7BD} : DHCPNameServer = 192.168.0.1 205.171.3.65
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: AutorunsDisabled - <no file>
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware2\SASSEH.DLL
IFEO: blindman.exe - nqij.exe
IFEO: SDFiles.exe - nqij.exe
IFEO: SDMain.exe - nqij.exe
IFEO: SDWinSec.exe - nqij.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\osigns\appdata\roaming\mozilla\firefox\profiles\8adaulom.default-1340914065428\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p=
FF - plugin: c:\program files\adobe\adobe creative cloud\utils\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\adobe\adobe creative cloud\utils\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
FF - user.js: extensions.shownSelectionUI - true
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware2\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware2\SASKUTIL.SYS [2011-7-12 67664]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2011-7-18 17984]
R3 NmPar;Unusable Parallel Port;c:\windows\system32\drivers\NmPar.sys [2010-1-12 81920]
R3 nmserial;PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [2012-1-12 70656]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-6-7 521832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 def8540c;Winclean performap;c:\windows\system32\rundll32.exe [2009-7-13 44544]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2014-1-21 29472]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2012-6-7 23456]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-2-1 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-2-1 11104]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-13 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-10 1343400]
S4 !SASCORE;SAS Core Service;"c:\program files\superantispyware\sascore.exe" --> c:\program files\superantispyware\SASCORE.EXE [?]
S4 MediaMall Server;MediaMall Server;c:\program files\mediamall\MediaMallServer.exe [2011-7-21 4411248]
S4 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-04-09 17:35:07    --------    d-----w-    c:\users\osigns\appdata\roaming\DropboxMaster
2014-04-09 10:29:35    62576    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{9d390176-f6e2-44aa-b9f3-15d00936fe56}\offreg.dll
2014-04-07 20:01:16    --------    d-----w-    c:\users\osigns\appdata\local\CrashDumps
2014-04-03 13:13:58    523776    ----a-w-    c:\windows\system32\vbscript.dll
2014-04-03 13:07:02    1987584    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-04-03 13:07:01    3419136    ----a-w-    c:\windows\system32\d2d1.dll
2014-04-02 21:55:16    --------    d-----w-    c:\program files\Microsoft CAPICOM 2.1.0.2
2014-04-02 21:45:06    5120    ----a-w-    c:\windows\system32\wmi.dll
2014-04-02 21:45:06    19824    ----a-w-    c:\windows\system32\drivers\fs_rec.sys
2014-04-02 21:32:57    --------    d-----w-    c:\windows\system32\MRT
2014-04-02 21:24:47    1247744    ----a-w-    c:\windows\system32\DWrite.dll
2014-04-02 19:02:57    49152    ----a-w-    c:\windows\system32\taskhost.exe
2014-04-02 18:57:54    1505280    ----a-w-    c:\windows\system32\d3d11.dll
2014-04-02 18:21:06    7969936    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{9d390176-f6e2-44aa-b9f3-15d00936fe56}\mpengine.dll
2014-04-02 15:53:55    805376    ----a-w-    c:\windows\system32\cdosys.dll
2014-04-02 15:52:19    690688    ----a-w-    c:\windows\system32\msvcrt.dll
2014-04-02 15:52:08    314880    ----a-w-    c:\windows\system32\webio.dll
2014-04-02 15:52:06    530432    ----a-w-    c:\windows\system32\comctl32.dll
2014-04-02 15:52:04    988672    ----a-w-    c:\program files\windows journal\JNTFiltr.dll
2014-04-02 15:52:04    969216    ----a-w-    c:\program files\windows journal\JNWDRV.dll
2014-04-02 15:52:04    936448    ----a-w-    c:\program files\common files\microsoft shared\ink\journal.dll
2014-04-02 15:52:04    1221632    ----a-w-    c:\program files\windows journal\NBDoc.DLL
2014-04-02 15:50:59    1237504    ----a-w-    c:\windows\system32\msxml3.dll
2014-04-02 15:48:31    87040    ----a-w-    c:\windows\system32\secproc_ssp_isv.dll
2014-04-02 15:48:31    87040    ----a-w-    c:\windows\system32\secproc_ssp.dll
2014-04-02 15:48:31    594944    ----a-w-    c:\windows\system32\RMActivate_isv.exe
2014-04-02 15:48:31    572416    ----a-w-    c:\windows\system32\RMActivate.exe
2014-04-02 15:48:31    510976    ----a-w-    c:\windows\system32\RMActivate_ssp.exe
2014-04-02 15:48:31    508928    ----a-w-    c:\windows\system32\RMActivate_ssp_isv.exe
2014-04-02 15:48:31    428032    ----a-w-    c:\windows\system32\secproc.dll
2014-04-02 15:48:31    423936    ----a-w-    c:\windows\system32\secproc_isv.dll
2014-04-02 15:48:31    390144    ----a-w-    c:\windows\system32\msdrm.dll
2014-04-02 15:48:03    9728    ----a-w-    c:\windows\system32\Wdfres.dll
2014-04-02 15:48:03    527064    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys
2014-04-02 15:48:03    47720    ----a-w-    c:\windows\system32\drivers\WdfLdr.sys
2014-04-02 15:47:59    47104    ----a-w-    c:\windows\system32\appinfo.dll
2014-04-02 15:47:59    1796096    ----a-w-    c:\windows\system32\authui.dll
2014-04-02 15:47:59    101720    ----a-w-    c:\windows\system32\consent.exe
2014-04-02 15:47:55    381440    ----a-w-    c:\windows\system32\wer.dll
2014-04-02 15:37:13    31232    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
2014-04-02 15:37:07    680960    ----a-w-    c:\program files\windows defender\MpSvc.dll
2014-04-02 15:37:06    392704    ----a-w-    c:\program files\windows defender\MpClient.dll
2014-04-02 15:37:06    224768    ----a-w-    c:\program files\windows defender\MpCommu.dll
2014-04-02 15:37:01    76288    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2014-04-02 15:37:01    6016    ----a-w-    c:\windows\system32\drivers\usbd.sys
2014-04-02 15:37:01    43520    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2014-04-02 15:37:01    284672    ----a-w-    c:\windows\system32\drivers\usbport.sys
2014-04-02 15:37:01    258560    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2014-04-02 15:37:01    24064    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2014-04-02 15:37:01    20480    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2014-04-02 14:49:32    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-04-02 14:49:32    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2014-04-01 20:15:04    --------    d-----w-    c:\windows\Temp2961175A-BED3-C4DB-C416-26BF07C37CA4-Signatures
2014-04-01 18:02:20    --------    d-----w-    c:\program files\SUPERAntiSpyware2
2014-04-01 14:20:12    --------    d-----w-    c:\programdata\Kaspersky Lab
2014-04-01 13:15:38    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-04-01 13:12:05    --------    d-----w-    c:\users\osigns\appdata\local\temp
2014-04-01 13:08:21    --------    d-----w-    C:\Combo
2014-03-25 22:13:49    --------    d-sh--w-    c:\windows\system32\Windows Server
.
==================== Find3M  ====================
.
2014-04-02 19:01:53    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-02-07 01:07:56    2349056    ----a-w-    c:\windows\system32\win32k.sys
2014-02-04 02:04:11    509440    ----a-w-    c:\windows\system32\qedit.dll
2006-05-03 19:06:54    163328    --sha-r-    c:\windows\system32\flvDX.dll
2007-02-21 20:47:16    31232    --sha-r-    c:\windows\system32\msfDX.dll
2008-03-16 22:30:52    216064    --sha-r-    c:\windows\system32\nbDX.dll
2010-01-07 07:00:00    107520    --sha-r-    c:\windows\system32\TAKDSDecoder.dll
.
============= FINISH:  6:25:09.45 ===============
 


Edited by hamluis, 10 April 2014 - 09:08 AM.
Per request by MRT member - Hamluis.


BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:33 PM

Posted 11 April 2014 - 07:55 PM

Hi chili2

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.


For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.
  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    frst_zps6548371f.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
Thanks

BBPP6nz.png


#3 chili2

chili2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 15 April 2014 - 11:22 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-04-2014
Ran by osigns (administrator) on OSIGNS-PC on 15-04-2014 09:17:17
Running from E:\downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Dropbox, Inc.) C:\Users\osigns\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Acresso Software Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(Microsoft Corporation) C:\Windows\system32\ntvdm.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-21-886736290-3059065398-264461506-1000\...\Policies\system: [EnableLUA] 0
HKU\S-1-5-21-886736290-3059065398-264461506-1000\...\Winlogon: [Shell] explorer.exe [2616320 2011-02-24] (Microsoft Corporation) <==== ATTENTION
IFEO\blindman.exe: [Debugger] nqij.exe
IFEO\SDFiles.exe: [Debugger] nqij.exe
IFEO\SDMain.exe: [Debugger] nqij.exe
IFEO\SDWinSec.exe: [Debugger] nqij.exe
Startup: C:\Users\osigns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\osigns\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\osigns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_59028758.lnk
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x614465F7DDD9CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -  No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
SearchScopes: HKCU - DefaultScope {DE6C0882-559A-4674-859D-A9CCF283E597} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3321733&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP924631F0-EF16-4CB5-BB51-4E188890D7B1&q={searchTerms}&SSPV=
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
SearchScopes: HKCU - {DE6C0882-559A-4674-859D-A9CCF283E597} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware2\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.65

FireFox:
========
FF ProfilePath: C:\Users\osigns\AppData\Roaming\Mozilla\Firefox\Profiles\8adaulom.default-1340914065428
FF user.js: detected! => C:\Users\osigns\AppData\Roaming\Mozilla\Firefox\Profiles\8adaulom.default-1340914065428\user.js
FF Homepage: about:home
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\osigns\AppData\Roaming\Mozilla\Firefox\Profiles\8adaulom.default-1340914065428\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\osigns\AppData\Roaming\Mozilla\Firefox\Profiles\8adaulom.default-1340914065428\searchplugins\yahoo_ff.xml
FF Extension: DownloadHelper - C:\Users\osigns\AppData\Roaming\Mozilla\Firefox\Profiles\8adaulom.default-1340914065428\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-26]
FF Extension: NoScript - C:\Users\osigns\AppData\Roaming\Mozilla\Firefox\Profiles\8adaulom.default-1340914065428\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-12-31]
FF Extension: DownThemAll! - C:\Users\osigns\AppData\Roaming\Mozilla\Firefox\Profiles\8adaulom.default-1340914065428\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-01-02]

========================== Services (Whitelisted) =================

S4 MediaMall Server; C:\Program Files\MediaMall\MediaMallServer.exe [4411248 2011-08-01] (MediaMall Technologies, Inc.)
S4 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2010-08-19] ()
S4 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [X]
S2 def8540c; "C:\Windows\system32\rundll32.exe" "c:\progra~2\wincle~1\WincleanperformapSvc.dll",service

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [124504 2013-05-19] (SlySoft, Inc.)
R2 Aspi32; C:\Windows\system32\Drivers\Aspi32.sys [16877 2002-07-17] (Adaptec)
S3 CrystalSysInfo; C:\Program Files\MediaCoder\SysInfo.sys [15152 2007-09-25] ()
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [685056 2005-07-28] (Aladdin Knowledge Systems Ltd.)
R3 mf; C:\Windows\System32\DRIVERS\mf.sys [114176 2009-07-13] (Microsoft Corporation)
S3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [23920 2010-04-29] (MediaMall Technologies, Inc.)
R3 NmPar; C:\Windows\System32\DRIVERS\NmPar.sys [81920 2010-01-12] (Windows ® Codename Longhorn DDK provider)
R3 nmserial; C:\Windows\System32\DRIVERS\nmserial.sys [70656 2012-01-12] (Windows ® Win 7 DDK provider)
S2 Par1284; C:\Program Files\FlexiSIGN-PRO 8.1v1\Program\Par1284.sys [53344 2006-10-16] (Warp Nine Engineering)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2012-01-18] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2012-01-18] ()
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [328552 2011-07-06] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware2\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware2\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 WinFLdrv; C:\Windows\System32\WinFLdrv.sys [17984 2011-07-18] ()
R4 WinVd32; C:\Windows\system32\WinVd32.sys [180224 2011-07-18] ()
S3 appliandMP; system32\DRIVERS\appliand.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Combo\catchme.sys [X]
U4 FDCENT;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-15 09:17 - 2014-04-15 09:17 - 00000000 ____D () C:\FRST
2014-04-14 11:52 - 2014-04-14 11:52 - 00000000 _____ () C:\Photoshop Temp13892241604
2014-04-14 06:06 - 2014-04-15 08:16 - 407257088 _____ () C:\Photoshop Temp907412244
2014-04-14 06:06 - 2014-04-14 06:06 - 00000000 _____ () C:\2244_1465379_MVM_1.tmp
2014-04-14 06:06 - 2014-04-14 06:06 - 00000000 _____ () C:\2244_1465379_MVM_0.tmp
2014-04-10 06:44 - 2014-04-10 06:44 - 00001356 _____ () C:\FixitRegBackup.reg
2014-04-10 06:42 - 2014-04-10 06:43 - 268261558 _____ () C:\Users\osigns\Desktop\regbackup.reg
2014-04-10 06:25 - 2014-04-10 06:25 - 00014161 _____ () C:\Users\osigns\Desktop\dds.txt
2014-04-09 10:36 - 2014-04-09 10:36 - 00001045 _____ () C:\Users\osigns\Desktop\Dropbox.lnk
2014-04-09 10:35 - 2014-04-09 10:36 - 00000000 ____D () C:\Users\osigns\AppData\Roaming\DropboxMaster
2014-04-09 10:34 - 2014-04-09 10:34 - 00000000 ____D () C:\Users\osigns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-03 07:13 - 2014-04-03 07:13 - 00144480 _____ () C:\Windows\Minidump\040314-72790-01.dmp
2014-04-03 07:10 - 2014-04-03 07:10 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2014-04-03 06:13 - 2013-12-21 00:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-03 06:07 - 2013-12-24 16:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-04-03 06:07 - 2013-11-26 01:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-04-02 14:55 - 2014-04-02 14:55 - 00000000 ____D () C:\Program Files\Microsoft CAPICOM 2.1.0.2
2014-04-02 14:45 - 2012-02-29 22:46 - 00019824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-04-02 14:45 - 2012-02-29 22:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-04-02 14:32 - 2014-04-02 14:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-02 14:24 - 2013-04-09 16:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-02 12:03 - 2014-04-02 12:03 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-02 12:03 - 2014-04-02 12:03 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-02 12:03 - 2014-04-02 12:03 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-02 12:03 - 2014-04-02 12:03 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-02 12:03 - 2014-04-02 12:03 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-02 12:03 - 2014-04-02 12:03 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-02 12:03 - 2014-04-02 12:03 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-02 12:03 - 2014-04-02 12:03 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-02 12:03 - 2014-04-02 12:03 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-02 12:03 - 2014-04-02 12:03 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-02 12:03 - 2014-04-02 12:03 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-02 12:03 - 2014-04-02 12:03 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-02 12:03 - 2014-04-02 12:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-02 12:02 - 2014-04-02 12:02 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-04-02 12:01 - 2014-04-02 12:01 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-04-02 11:57 - 2014-04-02 12:05 - 00011129 _____ () C:\Windows\IE10_main.log
2014-04-02 11:57 - 2014-04-02 11:57 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-04-02 08:54 - 2013-09-24 19:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-04-02 08:54 - 2013-09-24 19:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-04-02 08:54 - 2013-09-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-04-02 08:54 - 2013-09-24 18:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-04-02 08:54 - 2013-09-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-04-02 08:54 - 2013-09-24 18:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-04-02 08:54 - 2013-09-24 18:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-04-02 08:54 - 2013-09-24 17:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-04-02 08:54 - 2013-09-24 17:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-04-02 08:54 - 2013-08-01 04:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-04-02 08:54 - 2013-07-04 05:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-04-02 08:54 - 2013-04-09 22:18 - 00218984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-04-02 08:54 - 2012-04-27 20:17 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-04-02 08:53 - 2013-10-11 19:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-04-02 08:53 - 2013-10-11 19:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-04-02 08:53 - 2013-10-11 19:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-04-02 08:53 - 2013-05-12 20:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-04-02 08:53 - 2013-05-12 20:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-04-02 08:53 - 2012-10-31 21:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-04-02 08:53 - 2012-06-05 22:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2014-04-02 08:53 - 2011-11-19 07:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-04-02 08:52 - 2013-07-04 04:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-04-02 08:52 - 2011-12-16 00:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2014-04-02 08:52 - 2011-11-16 22:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2014-04-02 08:51 - 2013-10-18 18:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-04-02 08:51 - 2013-07-25 01:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-04-02 08:51 - 2013-07-08 22:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-04-02 08:51 - 2013-07-08 22:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-04-02 08:51 - 2013-07-08 21:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-04-02 08:51 - 2013-03-18 21:48 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-04-02 08:51 - 2013-03-18 19:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-04-02 08:51 - 2013-02-14 21:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-02 08:51 - 2013-02-14 21:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-04-02 08:51 - 2013-02-14 20:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-02 08:51 - 2012-04-25 21:45 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-04-02 08:51 - 2012-04-25 21:45 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2014-04-02 08:51 - 2012-04-25 21:41 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2014-04-02 08:51 - 2012-02-16 22:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-04-02 08:51 - 2012-02-16 21:13 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-04-02 08:51 - 2011-10-25 21:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-04-02 08:51 - 2011-10-25 21:32 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-04-02 08:50 - 2014-02-06 18:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-02 08:50 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-02 08:50 - 2013-12-05 19:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-04-02 08:50 - 2013-12-05 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-04-02 08:50 - 2013-11-11 19:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-04-02 08:50 - 2013-10-11 19:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-04-02 08:50 - 2013-10-11 19:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-04-02 08:50 - 2013-10-11 18:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-04-02 08:50 - 2013-10-11 18:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-04-02 08:50 - 2013-10-05 12:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-04-02 08:50 - 2013-10-03 18:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-04-02 08:50 - 2013-10-03 18:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-04-02 08:50 - 2013-10-02 18:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-04-02 08:50 - 2013-07-25 18:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-02 08:50 - 2013-07-25 18:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-04-02 08:50 - 2013-07-20 03:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-04-02 08:50 - 2013-07-12 03:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-04-02 08:50 - 2013-07-08 21:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-04-02 08:50 - 2013-07-08 21:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-04-02 08:50 - 2013-07-08 21:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-04-02 08:50 - 2013-07-08 21:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-04-02 08:50 - 2013-07-05 22:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-02 08:50 - 2013-07-02 21:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2014-04-02 08:50 - 2013-07-02 20:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-04-02 08:50 - 2013-07-02 20:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-04-02 08:50 - 2013-06-05 21:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-04-02 08:50 - 2013-06-05 21:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-04-02 08:50 - 2013-06-05 21:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-04-02 08:50 - 2013-06-05 20:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-04-02 08:50 - 2013-06-05 20:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-04-02 08:50 - 2013-04-25 21:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-04-02 08:50 - 2013-04-12 06:45 - 01211752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-02 08:50 - 2013-02-11 20:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-04-02 08:50 - 2013-01-02 22:04 - 00187752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-04-02 08:50 - 2012-11-01 22:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-04-02 08:50 - 2012-09-25 15:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-04-02 08:50 - 2012-08-22 10:16 - 00240496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-04-02 08:50 - 2012-08-10 16:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-04-02 08:50 - 2012-07-04 14:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2014-04-02 08:50 - 2012-07-04 14:14 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2014-04-02 08:50 - 2012-07-04 14:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2014-04-02 08:50 - 2012-05-13 21:33 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-04-02 08:50 - 2012-03-17 00:27 - 00056176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2014-04-02 08:50 - 2011-10-14 22:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-04-02 08:48 - 2013-12-03 19:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-04-02 08:48 - 2013-12-03 19:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-04-02 08:48 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-04-02 08:48 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-04-02 08:48 - 2013-12-03 19:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-04-02 08:48 - 2013-12-03 18:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-04-02 08:48 - 2013-12-03 18:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-04-02 08:48 - 2013-12-03 18:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-04-02 08:48 - 2013-12-03 18:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-04-02 08:48 - 2013-06-25 15:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-04-02 08:48 - 2012-11-28 15:57 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-04-02 08:48 - 2012-11-28 15:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-04-02 08:48 - 2012-11-28 15:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-04-02 08:47 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-04-02 08:47 - 2013-02-26 22:05 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-04-02 08:47 - 2013-02-26 21:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-04-02 08:47 - 2013-02-26 21:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-04-02 08:37 - 2013-11-26 18:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-04-02 08:37 - 2013-11-26 18:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-04-02 08:37 - 2013-11-26 18:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-04-02 08:37 - 2013-11-26 18:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-04-02 08:37 - 2013-11-26 18:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-04-02 08:37 - 2013-11-26 18:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-04-02 08:37 - 2013-11-26 18:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-04-02 08:37 - 2013-06-14 20:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-04-02 08:36 - 2013-08-01 18:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-04-02 08:36 - 2013-08-01 18:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-02 08:36 - 2013-08-01 18:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-02 08:36 - 2013-08-01 18:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-04-02 08:36 - 2013-08-01 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-04-02 08:36 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-04-02 08:36 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-04-02 08:36 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-04-02 08:36 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-04-02 08:36 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-04-02 08:36 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-04-02 08:36 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-04-02 08:36 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-04-02 08:36 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-04-02 08:36 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-04-02 08:36 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-04-02 08:36 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-04-02 08:36 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-04-02 08:36 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-04-02 08:36 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-04-02 08:36 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-04-02 08:36 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-04-02 08:36 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-04-02 08:36 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-04-02 08:36 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-04-02 08:36 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-04-02 08:36 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-04-02 08:36 - 2013-08-01 17:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-04-02 08:36 - 2013-08-01 17:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-04-02 08:36 - 2013-08-01 17:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-04-02 08:36 - 2013-08-01 17:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-04-02 08:36 - 2013-08-01 17:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-04-02 07:49 - 2014-04-02 07:49 - 00001027 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-02 07:49 - 2014-04-02 07:49 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-04-02 07:49 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 13:15 - 2014-04-01 13:15 - 00000000 ____D () C:\Windows\Temp2961175A-BED3-C4DB-C416-26BF07C37CA4-Signatures
2014-04-01 11:02 - 2014-04-01 11:02 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware2
2014-04-01 07:25 - 2014-04-01 07:25 - 00000228 ___SH () C:\Windows\9437349drv.spi
2014-04-01 07:20 - 2014-04-01 07:20 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-01 06:55 - 2014-04-01 07:05 - 00000000 ____D () C:\Users\osigns\Desktop\RK_Quarantine
2014-04-01 06:08 - 2014-04-01 06:19 - 00000000 ____D () C:\Combo
2014-03-31 06:33 - 2014-04-01 07:05 - 00002464 _____ () C:\Users\osigns\Desktop\Rkill.txt
2014-03-31 06:33 - 2014-04-01 07:04 - 00000000 ____D () C:\Users\osigns\Desktop\rkill
2014-03-31 06:26 - 2014-04-10 06:25 - 00015725 _____ () C:\Users\osigns\Desktop\attach.txt
2014-03-25 15:13 - 2014-04-01 10:59 - 00000000 __SHD () C:\Windows\system32\Windows Server
2014-03-20 13:55 - 2014-03-20 13:55 - 00000000 ____D () C:\Users\osigns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

==================== One Month Modified Files and Folders =======

2014-04-15 09:18 - 2012-05-10 14:20 - 00000000 ____D () C:\Users\osigns\AppData\Roaming\Dropbox
2014-04-15 09:17 - 2014-04-15 09:17 - 00000000 ____D () C:\FRST
2014-04-15 09:13 - 2012-08-01 06:04 - 00000000 ____D () C:\Users\osigns\AppData\Roaming\BitTorrent
2014-04-15 08:56 - 2011-07-11 14:50 - 00000000 ____D () C:\Users\osigns\AppData\Roaming\vlc
2014-04-15 08:16 - 2014-04-14 06:06 - 407257088 _____ () C:\Photoshop Temp907412244
2014-04-15 07:49 - 2011-07-10 11:09 - 00023427 _____ () C:\Windows\CASMATE.INI
2014-04-15 07:46 - 2011-07-10 11:09 - 00000000 ____D () C:\CASWIN
2014-04-15 06:45 - 2014-01-27 16:03 - 00000866 _____ () C:\Sys_LogWin.log
2014-04-15 06:38 - 2011-07-18 14:57 - 00000000 ____D () C:\Program Files\Folder Lock 6
2014-04-15 05:46 - 2011-07-10 10:17 - 01243927 _____ () C:\Windows\WindowsUpdate.log
2014-04-14 12:27 - 2009-07-13 21:39 - 00215468 _____ () C:\Windows\setupact.log
2014-04-14 11:52 - 2014-04-14 11:52 - 00000000 _____ () C:\Photoshop Temp13892241604
2014-04-14 06:06 - 2014-04-14 06:06 - 00000000 _____ () C:\2244_1465379_MVM_1.tmp
2014-04-14 06:06 - 2014-04-14 06:06 - 00000000 _____ () C:\2244_1465379_MVM_0.tmp
2014-04-14 05:50 - 2009-07-13 21:34 - 00014128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-14 05:50 - 2009-07-13 21:34 - 00014128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-14 05:43 - 2012-05-14 12:43 - 08405015 _____ () C:\Windows\TempFile
2014-04-14 05:42 - 2011-07-10 14:39 - 00087056 _____ () C:\Windows\PFRO.log
2014-04-11 12:47 - 2011-07-10 10:18 - 00782838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-10 06:51 - 2011-07-19 12:47 - 00002169 _____ () C:\Windows\epplauncher.mif
2014-04-10 06:44 - 2014-04-10 06:44 - 00001356 _____ () C:\FixitRegBackup.reg
2014-04-10 06:43 - 2014-04-10 06:42 - 268261558 _____ () C:\Users\osigns\Desktop\regbackup.reg
2014-04-10 06:25 - 2014-04-10 06:25 - 00014161 _____ () C:\Users\osigns\Desktop\dds.txt
2014-04-10 06:25 - 2014-03-31 06:26 - 00015725 _____ () C:\Users\osigns\Desktop\attach.txt
2014-04-09 10:36 - 2014-04-09 10:36 - 00001045 _____ () C:\Users\osigns\Desktop\Dropbox.lnk
2014-04-09 10:36 - 2014-04-09 10:35 - 00000000 ____D () C:\Users\osigns\AppData\Roaming\DropboxMaster
2014-04-09 10:34 - 2014-04-09 10:34 - 00000000 ____D () C:\Users\osigns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-08 07:57 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Branding
2014-04-08 06:22 - 2009-07-13 21:33 - 07077008 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-03 08:32 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-04-03 07:13 - 2014-04-03 07:13 - 00144480 _____ () C:\Windows\Minidump\040314-72790-01.dmp
2014-04-03 07:13 - 2011-07-12 10:54 - 403879135 _____ () C:\Windows\MEMORY.DMP
2014-04-03 07:13 - 2011-07-12 10:54 - 00000000 ____D () C:\Windows\Minidump
2014-04-03 07:10 - 2014-04-03 07:10 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2014-04-03 07:02 - 2011-07-10 14:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-03 06:13 - 2011-07-10 14:27 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-04-03 06:09 - 2009-07-13 19:04 - 00000496 _____ () C:\Windows\win.ini
2014-04-02 15:38 - 2011-07-26 07:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-02 15:37 - 2009-07-14 00:49 - 00000000 ____D () C:\Program Files\Windows Journal
2014-04-02 15:37 - 2009-07-13 21:52 - 00000000 ____D () C:\Program Files\Windows Defender
2014-04-02 15:37 - 2009-07-13 19:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-04-02 14:55 - 2014-04-02 14:55 - 00000000 ____D () C:\Program Files\Microsoft CAPICOM 2.1.0.2
2014-04-02 14:42 - 2009-07-13 19:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-02 14:41 - 2011-07-10 14:29 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-04-02 14:36 - 2014-04-02 14:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-02 12:31 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\zh-TW
2014-04-02 12:31 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-04-02 12:31 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2014-04-02 12:31 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-04-02 12:31 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\sv-SE
2014-04-02 12:31 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2014-04-02 12:31 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\pt-PT
2014-04-02 12:31 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-04-02 12:31 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\pl-PL
2014-04-02 12:31 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\nl-NL
2014-04-02 12:31 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\nb-NO
2014-04-02 12:31 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\ko-KR
2014-04-02 12:31 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\ja-JP
2014-04-02 12:31 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\it-IT
2014-04-02 12:31 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\hu-HU
2014-04-02 12:31 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\fr-FR
2014-04-02 12:31 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\fi-FI
2014-04-02 12:31 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\el-GR
2014-04-02 12:31 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-02 12:05 - 2014-04-02 11:57 - 00011129 _____ () C:\Windows\IE10_main.log
2014-04-02 12:03 - 2014-04-02 12:03 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-02 12:03 - 2014-04-02 12:03 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-02 12:03 - 2014-04-02 12:03 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-02 12:03 - 2014-04-02 12:03 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-02 12:03 - 2014-04-02 12:03 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-02 12:03 - 2014-04-02 12:03 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-02 12:03 - 2014-04-02 12:03 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-02 12:03 - 2014-04-02 12:03 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-02 12:03 - 2014-04-02 12:03 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-02 12:03 - 2014-04-02 12:03 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-02 12:03 - 2014-04-02 12:03 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-02 12:03 - 2014-04-02 12:03 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-02 12:03 - 2014-04-02 12:03 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-02 12:03 - 2014-04-02 12:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-02 12:03 - 2014-04-02 12:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-02 12:02 - 2014-04-02 12:02 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-04-02 12:01 - 2014-04-02 12:01 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-04-02 12:01 - 2014-04-02 12:01 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-04-02 11:57 - 2014-04-02 11:57 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-04-02 08:02 - 2011-07-10 14:29 - 00000000 ____D () C:\Windows\PCHEALTH
2014-04-02 08:01 - 2013-12-27 15:30 - 00000000 ____D () C:\ProgramData\Winclean performap
2014-04-02 07:49 - 2014-04-02 07:49 - 00001027 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-02 07:49 - 2014-04-02 07:49 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-04-02 06:14 - 2012-08-01 06:05 - 00000000 ____D () C:\Program Files\BitTorrent
2014-04-02 06:02 - 2013-06-03 13:49 - 00000000 ____D () C:\ProgramData\contiNuetoSaVE
2014-04-01 13:15 - 2014-04-01 13:15 - 00000000 ____D () C:\Windows\Temp2961175A-BED3-C4DB-C416-26BF07C37CA4-Signatures
2014-04-01 13:15 - 2012-05-28 14:34 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-01 11:07 - 2013-04-16 14:39 - 00000000 ____D () C:\ProgramData\Browse2savee
2014-04-01 11:02 - 2014-04-01 11:02 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware2
2014-04-01 10:59 - 2014-03-25 15:13 - 00000000 __SHD () C:\Windows\system32\Windows Server
2014-04-01 07:25 - 2014-04-01 07:25 - 00000228 ___SH () C:\Windows\9437349drv.spi
2014-04-01 07:20 - 2014-04-01 07:20 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-01 07:05 - 2014-04-01 06:55 - 00000000 ____D () C:\Users\osigns\Desktop\RK_Quarantine
2014-04-01 07:05 - 2014-03-31 06:33 - 00002464 _____ () C:\Users\osigns\Desktop\Rkill.txt
2014-04-01 07:04 - 2014-03-31 06:33 - 00000000 ____D () C:\Users\osigns\Desktop\rkill
2014-04-01 06:19 - 2014-04-01 06:08 - 00000000 ____D () C:\Combo
2014-04-01 06:15 - 2009-07-13 19:04 - 00000215 _____ () C:\Windows\system.ini
2014-04-01 06:13 - 2009-07-13 19:03 - 62914560 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-04-01 06:13 - 2009-07-13 19:03 - 23330816 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-04-01 06:13 - 2009-07-13 19:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-04-01 06:13 - 2009-07-13 19:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-04-01 06:12 - 2011-07-21 18:03 - 00000000 ____D () C:\Windows\ERDNT
2014-03-31 07:52 - 2011-07-21 16:51 - 00000000 ____D () C:\Qoobox
2014-03-31 07:25 - 2011-07-21 18:03 - 00000000 ____D () C:\ComboFix
2014-03-31 05:20 - 2011-08-25 08:42 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-31 05:20 - 2011-08-25 08:42 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-24 14:51 - 2011-07-11 15:09 - 00000000 ____D () C:\Users\osigns\AppData\Roaming\NewsLeecher
2014-03-24 08:12 - 2011-07-12 05:43 - 00000000 ____D () C:\!proofs
2014-03-24 06:10 - 2009-07-13 21:53 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-24 06:10 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-20 13:55 - 2014-03-20 13:55 - 00000000 ____D () C:\Users\osigns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-03-17 06:09 - 2014-02-28 07:00 - 00000000 ____D () C:\ProgramData\DownSavee
2014-03-17 06:09 - 2014-01-30 15:26 - 00000000 ____D () C:\ProgramData\WatcihItAdBlocke
2014-03-17 06:09 - 2012-05-10 07:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

Files to move or delete:
====================
C:\Users\osigns\AppData\Roaming\PLGComp.ini


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 00:22

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-04-2014
Ran by osigns at 2014-04-15 09:19:26
Running from E:\downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Sansa Media Converter (HKLM\...\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}) (Version: 1.0-B4.263 - )
"Nero SoundTrax Help (Version: 4.0.15.0 - Nero AG) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Presets (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Third Party Content (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles AE CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 2.1.2.232 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Master Collection (HKLM\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Master Collection (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CS4 American English Speech Analysis Models (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS4 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Dynamiclink Support (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 Codecs (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.235 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.5.502.146 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS5 (HKLM\...\{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe InDesign CS5 (HKLM\...\{F9766AC1-1461-1033-B862-DF8FE1C033BE}) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Linguistics CS4 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Additional Exporter (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Dolby (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Exporter (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Importer (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CC (HKLM\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (HKLM\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 3.4 (HKLM\...\{CAEAD1E4-A15F-4249-A1B6-9D42080C7361}) (Version: 3.4.1 - Adobe)
Adobe Photoshop Lightroom 5 (HKLM\...\{D176CB09-1505-4D2B-838A-4483D7DF23FB}) (Version: 5.0.1 - Adobe)
Adobe Premiere Pro CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Functional Content (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Third Party Content (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.05) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Search for Help (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS4 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS4 Codecs (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Management Tool (HKLM\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (Version: 2.0 - Adobe Systems Incorporated) Hidden
Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
Alien Skin Eye Candy 5 Textures (HKLM\...\EyeCandy5Textures) (Version:  - )
AnyDVD (HKLM\...\AnyDVD) (Version: 7.2.1.0 - SlySoft)
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Art Effects for PDR10 (HKLM\...\NewBlue Art Effects for PDR10) (Version: 2.0 - NewBlue)
Artisteer 3 (HKLM\...\Artisteer 3) (Version: 3.0 - Extensoft)
AVS Video Editor 6 (HKLM\...\AVS Video Editor_is1) (Version: 6.3.2.234 - Online Media Technologies Ltd.)
BHS Cam Setup Tool (HKLM\...\{FCEE0D0B-FF8D-4552-A6C5-67ECE0F82EF9}) (Version: 1.0.11 - BrickHouse Security)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.0.30752 - BitTorrent Inc.)
CDex - Open Source Digital Audio CD Extractor (HKLM\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
CDGRip 2.80.00 (HKLM\...\CDGRip_is1) (Version:  - Karaokeware Inc.)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
contiNuetoSaVE (HKLM\...\{C1C6816E-CBB3-A748-85F9-A8B47B68985B}) (Version:  - continue to save) <==== ATTENTION
ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
ConvertXtoDVD 4.1.19.364 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.364 - )
Corel Graphics - Windows Shell Extension (HKLM\...\_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}) (Version: 15.1.0.588 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 15.1.588 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (Version: 15.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X5 (HKLM\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.1.0.588 - Corel Corporation)
CrystalDiskInfo 4.6.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 4.6.2 - Crystal Dew World)
CyberLink PowerDirector 10 (HKLM\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.1012 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.1012 - CyberLink Corp.) Hidden
CyberLink WaveEditor (HKLM\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.3320 - CyberLink Corp.)
CyberLink WaveEditor (Version: 1.0.1.3320 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
dBpoweramp DSP Effects (HKLM\...\dBpoweramp DSP Effects) (Version: Release 7 - Illustrate)
dBpoweramp m4a Codec (HKLM\...\dBpoweramp m4a Codec) (Version: Release 14 r2 - Illustrate)
dBpoweramp Music Converter (HKLM\...\dBpoweramp Music Converter) (Version: Release 14.2 - Illustrate)
Debs Karaoke Renamer (HKLM\...\{41E3122F-3DA9-4870-9F22-C29A50B7C851}) (Version: 3.0 - Deborah L Redley)
Directory Security 1.1 (HKLM\...\Directory Security_is1) (Version:  - Sofonesia Ltd)
DolbyFiles (Version: 2.0 - Nero AG) Hidden
DriverAgent by eSupport.com (HKLM\...\DriverAgent.exe) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.6.27 - Dropbox, Inc.)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
EPSON NX300 Series Printer Uninstall (HKLM\...\EPSON NX300 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
FastBidX Plugin (remove only) (HKLM\...\FastBidX Plugin) (Version:  - )
ffdshow v1.1.3940 [2011-07-14] (HKLM\...\ffdshow_is1) (Version: 1.1.3940.0 - )
File Renamer - Basic (HKLM\...\File Renamer - Basic) (Version: 6.3 - Sherrod Computers)
FixerBundle V2 (HKLM\...\{1BA4237C-4DED-44BF-8352-57AF4A3832EA}) (Version: 2.0.4 - FixerLabs)
FlacSquisher 1.2.1 (HKLM\...\FlacSquisher) (Version: 1.2.1 - FlacSquisher)
Flash Renamer 6.72 (HKLM\...\Flash Renamer_is1) (Version:  - RL Vision)
FlexiSIGN-PRO 7.5v5 (HKLM\...\FlexiSIGN-PRO 7.5v5) (Version:  - )
FlexiSIGN-PRO 7.6v2 (HKLM\...\FlexiSIGN-PRO 7.6v2) (Version:  - )
FlexiSIGN-PRO 8.1v1 (HKLM\...\{DCB4E3F8-BC4D-4643-932D-15EEDA67FFF6}) (Version: 1.00.0000 - Scanvec Amiable)
Folder Lock (HKCU\...\FolderLock6) (Version:  - New Sofware.net Inc.)
foobar2000 v1.1.8 beta 6 (HKLM\...\foobar2000) (Version: 1.1.8 beta 6 - Peter Pawlowski)
Free M4a to MP3 Converter 8.1 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free Mp3G Book Maker (HKLM\...\mp3g Bookmaker_is1) (Version:  - Chip Staley)
Free&Easy Font Viewer 2.0 (HKLM\...\Free&Easy Font Viewer_is1) (Version:  - Alexander G Styopkin)
Ghostscript GPL 8.64 (Msi Setup) (HKLM\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (Version: 8.64 - Corel Corporation) Hidden
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Harmony Assistant (HKLM\...\Harmony Assistant) (Version: 9.6.2m - Myriad SARL)
High-Logic MainType 3.0 (HKLM\...\MainType3_is1) (Version:  - High-Logic B.V.)
IDRMyImage (HKLM\...\IDRMyImage) (Version: 2.0 - Filip Krolupper)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Java Auto Updater (Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
Karaoke DVD Burner (HKLM\...\{BA0D764E-4256-4408-979B-6B1AEFCAE985}_is1) (Version:  - Doblon)
KJ File Manager (HKLM\...\{ACC4E761-1E90-4444-93C7-29A58520106F}) (Version: 3.3.11 - Karaosoft)
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
MakeMKV v1.8.5 (HKLM\...\MakeMKV) (Version: v1.8.5 - GuinpinSoft inc)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MasterSplitter Program (HKLM\...\MasterSplitter) (Version:  - )
Media Lab SiteGrinder 3 (HKLM\...\SiteGrinder3) (Version:  - )
Media Player Classic - Home Cinema v1.5.0.2827 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.0.2827 - MPC-HC Team)
MediaCoder 0.8.13 (HKLM\...\MediaCoder) (Version: 0.8.13 - Broad Intelligence)
MediaMonkey 4.0 (HKLM\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Menu Templates - Starter Kit (Version: 9.0.4.0 - Nero AG) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
MiniTool Partition Wizard Home Edition 7.1 (HKLM\...\{34A153FE-6926-4C14-B48A-B71E68C672A8}_is1) (Version:  - MiniTool Solution Ltd.)
MiPony 2.0.0 (HKLM\...\MiPony) (Version: 2.0.0 - )
MKVToolNix 5.9.0 (HKLM\...\MKVToolNix) (Version: 5.9.0 - Moritz Bunkus)
Movie Templates - Starter Kit (Version: 9.0.4.0 - Nero AG) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Mp3tag v2.50 (HKLM\...\Mp3tag) (Version: v2.50 - Florian Heidenreich)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 (HKLM\...\{4e53b401-d36c-4bf4-8105-aa30a62b1caf}) (Version:  - Nero AG)
Nero BurningROM (Version: 9.0.0.0 - Nero AG) Hidden
Nero BurnRights (Version: 2.99.6.100 - Nero AG) Hidden
Nero ControlCenter (Version: 0.0.0.1 - Nero AG) Hidden
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (Version: 4.99.5.105 - Nero AG) Hidden
Nero DriveSpeed (Version: 3.99.5.105 - Nero AG) Hidden
Nero Express (Version: 9.0.0.0 - Nero AG) Hidden
Nero InfoTool (Version: 5.99.5.105 - Nero AG) Hidden
Nero Installer (Version: 2.0.0.1 - Nero AG) Hidden
Nero Rescue Agent (Version: 1.99.0.1 - Nero AG) Hidden
Nero RescueAgent Help (Version: 1.99.0.1 - Nero AG) Hidden
Nero StartSmart (Version: 9.0.10.100 - Nero AG) Hidden
Nero StartSmart Help (Version: 9.0.0.0 - Nero AG) Hidden
NeroBurningROM (Version: 9.0.9.100 - Nero AG) Hidden
NeroExpress (Version: 9.0.9.100 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
NewsLeecher v4.0 Final (HKLM\...\NewsLeecher_is1) (Version:  - )
PCDJ VJ (HKLM\...\PCDJ VJ) (Version:  - )
PDF Settings CC (Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Perfect Effects 4.0.1 (HKLM\...\{385E6A4D-A440-43E2-9BAF-A012FB5FC2E2}) (Version: 4.0.1 - onOne Software)
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pinger (HKCU\...\Pinger 1.1.0.9) (Version: 1.1.0.9 - Pinger Inc.)
Pinger (Version: 1.1.0.9 - Pinger Inc.) Hidden
Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden
Playlist Creator 3.6.2 (HKLM\...\Playlist Creator 3.6.2) (Version: 3.6.2.0 - oddgravity)
PlayOn (HKLM\...\{7C20B2A0-4353-457B-8647-DC8063BF78E1}) (Version: 3.3.9 - MediaMall Technologies, Inc.)
Power CD+G to Video Karaoke Converter 2 (HKLM\...\{04FF3158-7664-453B-B1A9-8559CBCB6EC6}_is1) (Version:  - Doblon)
Power Retouche Retouching Suite (HKLM\...\Power Retouche Retouching Suite) (Version: 7.8.0 - Power Retouche)
Power Retouche RS Demo (HKLM\...\Power Retouche RS Demo) (Version: 7.8.0 - PowerRetouche)
Prism Video File Converter (HKLM\...\Prism) (Version: 2.01 - NCH Software)
QuickPar 0.9 (HKLM\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.56.316.2012 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6409 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform)
Replay Media Catcher 4 (HKLM\...\{6F0703F3-0A49-4142-8EB8-1842AD809CCA}) (Version: 4.1.1 - Applian Technologies)
Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.301 - SanDisk Corporation)
SeaTools for Windows (HKLM\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.6 - Seagate Technology)
Sentinel System Driver (HKLM\...\Rainbow Sentinel Driver) (Version:  - )
Song List Generator (HKLM\...\{5CF93E61-2B99-4A76-8352-D9A9DD55C3F5}) (Version: 4.2.4 - Karaosoft)
Sony Noise Reduction Plug-In 2.0h (HKLM\...\{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}) (Version: 2.0.451 - Sony)
Sound Forge Pro 10.0 (HKLM\...\{3F9170C9-A7C2-408F-A4D8-EC77250040BF}) (Version: 10.0.368 - Sony)
SoundTrax (Version: 4.0.18.0 - Nero AG) Hidden
StuffIt Expander 2011 (HKLM\...\{59E98F3F-48D6-42A9-8250-079671E02B2D}) (Version: 15.0.1.17 - Smith Micro Software, Inc.)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
SUPER © v2012.build.52 (July 7, 2012) version v2012.build.52 (HKLM\...\{8F311E2E-C275-4CF0-8154-B63991832668}_is1) (Version: v2012.build.52 - eRightSoft)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
TEFView 2.71 (HKLM\...\TEFView_is1) (Version:  - TablEdit)
Tipard Total Media Converter Platinum 6.2.8 (HKLM\...\{0190B58D-213D-42d2-A50A-C1FBE81A7294}_is1) (Version:  - )
Topaz Adjust 4 (HKLM\...\Topaz Adjust 4) (Version: 4.1.0 - Topaz Labs)
Topaz Adjust 4 (Version: 4.1.0 - Topaz Labs) Hidden
Topaz Clean 3 (HKLM\...\Topaz Clean 3) (Version: 3.0.2 - Topaz Labs)
Topaz Clean 3 (Version: 3.0.2 - Topaz Labs) Hidden
Topaz DeJpeg 4 (HKLM\...\Topaz DeJpeg 4) (Version: 4.0.2 - Topaz Labs)
Topaz DeJpeg 4 (Version: 4.0.2 - Topaz Labs) Hidden
Topaz DeNoise 5 (HKLM\...\Topaz DeNoise 5) (Version: 5.0.1 - Topaz Labs)
Topaz DeNoise 5 (Version: 5.0.1 - Topaz Labs) Hidden
Topaz Detail 2 (HKLM\...\Topaz Detail 2) (Version: 2.0.5 - Topaz Labs)
Topaz Detail 2 (Version: 2.0.5 - Topaz Labs) Hidden
Topaz Fusion Express 2 (HKLM\...\Topaz Fusion Express 2) (Version: 2.0.2 - Topaz Labs)
Topaz Fusion Express 2 (Version: 2.0.2 - Topaz Labs) Hidden
Topaz InFocus (HKLM\...\Topaz InFocus) (Version: 1.0.0 - Topaz Labs)
Topaz InFocus (Version: 1.0.0 - Topaz Labs) Hidden
Topaz Lens Effects (HKLM\...\Topaz Lens Effects) (Version: 1.0.0 - Topaz Labs)
Topaz Lens Effects (Version: 1.0.0 - Topaz Labs) Hidden
Topaz ReMask 3 (HKLM\...\Topaz ReMask 3) (Version: 3.1.0 - Topaz Labs)
Topaz ReMask 3 (Version: 3.1.0 - Topaz Labs) Hidden
Topaz Simplify 3 (HKLM\...\Topaz Simplify 3) (Version: 3.0.2 - Topaz Labs)
Topaz Simplify 3 (Version: 3.0.2 - Topaz Labs) Hidden
Ultra File Opener (HKCU\...\Ultra File Opener) (Version: 2.3.3.43 - CompuClever Systems Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update Manager (Version: 4.60 - Corel Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VideoPad Video Editor (HKLM\...\VideoPad) (Version: 3.14 - NCH Software)
virtualPhotographer 1.5.6 (HKLM\...\virtualPhotographer_is1) (Version:  - optikVerve Labs)
Visual Basic for Applications ® Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WhoCrashed 3.02 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
Winamp (HKLM\...\Winamp) (Version: 5.621  - Nullsoft, Inc)
Winclean performap (HKLM\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{def8540c}) (Version:  - Surfnet) <==== ATTENTION
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\B7541EC5F72AA713F557569278EB6273725F5607) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinWay Resume Deluxe (HKLM\...\{DFACE88E-BFD1-4E1F-AF5C-100C979A12B0}) (Version: 12.00.019 - WinWay Corporation)

==================== Restore Points  =========================

25-03-2014 13:24:11 Windows Update
31-03-2014 14:25:25 ComboFix created restore point
02-04-2014 15:54:53 Windows Update
02-04-2014 18:57:05 Windows Update
02-04-2014 21:26:20 Windows Update
03-04-2014 13:07:22 Windows Update
03-04-2014 13:58:23 Windows Update
10-04-2014 13:44:00 Installed Microsoft Fix it 50692

==================== Hosts content: ==========================

2009-07-13 19:04 - 2014-04-02 12:18 - 00001773 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com


==================== Scheduled Tasks (whitelisted) =============

Task: {090BC8F3-80D6-4243-9D26-5E267EAD31A5} - \{BCD7B081-7338-422A-94D8-732FE8E14293} ATTENTION ====> No Task File
Task: {3037364A-C9C6-42D5-9D0B-97AD6164A1E4} - System32\Tasks\Express FilesUpdate => E:\\ExpressFiles\EFUpdater.exe <==== ATTENTION
Task: {5ACFBC72-83BB-4566-8C77-4442E93C16E7} - System32\Tasks\{FB63CD23-C52C-4347-9B82-BF65E092AED2} => C:\CASWIN\CAS_WIN.EXE [2006-07-03] ()
Task: {66F76647-377C-43B2-9F40-118661D4F65E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-25] (Google Inc.)
Task: {6E368442-F2F2-4274-9116-08609E00E269} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-25] (Google Inc.)
Task: {AD6B2A6C-D62F-42BA-8ADB-1E88509BE770} - System32\Tasks\GoforFilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {B6C3F031-0650-4B02-948F-E04A185E1AAA} - \{CB515519-72F2-4539-9572-27E56EEA51FC} ATTENTION ====> No Task File
Task: {D783A11A-67A5-4649-9215-2FC67F1294F1} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-30 10:01 - 2013-08-30 10:01 - 02601840 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x86.dll
2014-04-14 05:43 - 2014-04-14 05:43 - 00041984 _____ () E:\TMP FILES\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpejcr57.dll
2013-10-18 16:55 - 2013-08-23 12:01 - 25100288 _____ () C:\Users\osigns\AppData\Roaming\Dropbox\bin\libcef.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-03-03 08:51 - 2014-03-03 08:51 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-03-13 13:42 - 2013-03-13 13:42 - 00071568 _____ () C:\Program Files\Common Files\Adobe\CEPServiceManager4\zlib1.dll
2010-03-27 05:01 - 2010-03-27 05:01 - 00058816 _____ () C:\Program Files\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\SPBasic.dll
2010-03-27 05:00 - 2010-03-27 05:00 - 00070592 _____ () C:\Program Files\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Alcid.dll
2010-02-22 04:50 - 2010-02-22 04:50 - 00060416 _____ () C:\Program Files\Common Files\Adobe\CS5ServiceManager\zlib1.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\99643207.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\99643207.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MediaMall Server => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Nero BackItUp Scheduler 4.0 => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^osigns^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^osigns^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Audio HD Driver => C:\Users\osigns\AppData\Local\Temp\SystemDriver.exe
MSCONFIG\startupreg: avast => "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
MSCONFIG\startupreg: BitTorrent => "E:\downloads\bittorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: FontExpertType1Loader => C:\Program Files\FontExpert\Type1Loader.exe
MSCONFIG\startupreg: GroupManager => C:\Program Files\Hide Files and Folders\groupmanager.exe
MSCONFIG\startupreg: ISUSPM => "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: NextLive => C:\Windows\system32\rundll32.exe "C:\Users\osigns\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MSCONFIG\startupreg: Pinger => "C:\Program Files\Pinger\Pinger.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: Windows Audio HDi Driver => "C:\Windows\system32\audiohd.exe"
MSCONFIG\startupreg: {7567DC3D-69A9-5CE5-B1C6-1C12D1F722B9} => C:\Users\osigns\AppData\Roaming\Vuerz\piycx.exe

==================== Faulty Device Manager Devices =============

Name: PlayOn Virtual Audio Device
Description: PlayOn Virtual Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: MediaMall Technologies, Inc.
Service: msvad_simple
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/10/2014 06:51:36 AM) (Source: Microsoft Security Client Setup) (User: osigns-PC)
Description: HRESULT:0x800700B7
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x800700B7. Cannot create a file when that file already exists.

Error: (04/08/2014 08:21:42 AM) (Source: Microsoft Security Client Setup) (User: osigns-PC)
Description: HRESULT:0x800700B7
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x800700B7. Cannot create a file when that file already exists.

Error: (04/08/2014 06:27:49 AM) (Source: Microsoft Security Client Setup) (User: osigns-PC)
Description: HRESULT:0x800700B7
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x800700B7. Cannot create a file when that file already exists.

Error: (04/07/2014 01:01:46 PM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp: 0x51db96c5
Exception code: 0xc015000f
Fault offset: 0x00083fd3
Faulting process id: 0xd20
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3

Error: (04/07/2014 01:01:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: btwapi.dll, version: 6.2.1.500, time stamp: 0x4aa16168
Exception code: 0xc0000005
Fault offset: 0x0004df41
Faulting process id: 0xd20
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3

Error: (04/07/2014 01:01:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: btwapi.dll, version: 6.2.1.500, time stamp: 0x4aa16168
Exception code: 0xc0000005
Fault offset: 0x0004df41
Faulting process id: 0x578
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3

Error: (04/07/2014 01:01:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: btwapi.dll, version: 6.2.1.500, time stamp: 0x4aa16168
Exception code: 0xc0000005
Fault offset: 0x0004df41
Faulting process id: 0x1ef8
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3

Error: (04/03/2014 07:10:00 AM) (Source: Microsoft Security Client Setup) (User: osigns-PC)
Description: HRESULT:0x800700B7
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x800700B7. Cannot create a file when that file already exists.

Error: (04/03/2014 06:52:47 AM) (Source: Microsoft Security Client Setup) (User: osigns-PC)
Description: HRESULT:0x800700B7
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x800700B7. Cannot create a file when that file already exists.

Error: (04/03/2014 06:03:39 AM) (Source: Microsoft Security Client Setup) (User: osigns-PC)
Description: HRESULT:0x800700B7
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x800700B7. Cannot create a file when that file already exists.


System errors:
=============
Error: (04/14/2014 05:43:35 AM) (Source: Service Control Manager) (User: )
Description: The Par1284 service failed to start due to the following error:
%%20

Error: (04/14/2014 05:43:35 AM) (Source: Par1284) (User: )
Description:

Error: (04/14/2014 05:43:33 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Winclean performap service to connect.

Error: (04/11/2014 04:04:26 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/08/2014 07:58:26 AM) (Source: Service Control Manager) (User: )
Description: The Par1284 service failed to start due to the following error:
%%20

Error: (04/08/2014 07:58:26 AM) (Source: Par1284) (User: )
Description:

Error: (04/08/2014 07:58:25 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Winclean performap service to connect.

Error: (04/08/2014 07:56:40 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/08/2014 06:30:00 AM) (Source: Service Control Manager) (User: )
Description: The Par1284 service failed to start due to the following error:
%%20

Error: (04/08/2014 06:30:00 AM) (Source: Par1284) (User: )
Description:


Microsoft Office Sessions:
=========================
Error: (08/26/2013 06:28:05 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6014.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 606 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (06/03/2013 06:58:33 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4951 seconds with 780 seconds of active time.  This session ended with a crash.

Error: (05/27/2013 08:27:48 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 697 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (03/19/2013 09:51:17 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4155 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/04/2013 00:39:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 174748 seconds with 1260 seconds of active time.  This session ended with a crash.

Error: (01/02/2013 00:07:08 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 621972 seconds with 3960 seconds of active time.  This session ended with a crash.

Error: (09/24/2012 06:23:44 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 406 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (09/19/2012 09:48:06 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 86941 seconds with 2220 seconds of active time.  This session ended with a crash.

Error: (08/01/2012 06:05:49 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 172546 seconds with 9060 seconds of active time.  This session ended with a crash.

Error: (12/27/2011 07:21:10 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 77 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 95%
Total physical RAM: 2814.49 MB
Available physical RAM: 120.04 MB
Total Pagefile: 5627.27 MB
Available Pagefile: 2014.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:76.43 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:270.45 GB) (Free:270.01 GB) NTFS
Drive e: (newsgroup data) (Fixed) (Total:465.76 GB) (Free:154.21 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:931.5 GB) (Free:73.2 GB) NTFS
Drive h: (MOVIES) (Fixed) (Total:148.52 GB) (Free:6.3 GB) NTFS
Drive i: (DRV4_VOL2) (Fixed) (Total:149.57 GB) (Free:4.35 GB) NTFS
Drive j: (PHOTOS & MUSIC) (Fixed) (Total:149.04 GB) (Free:114.84 GB) NTFS
Drive k: (old c drive) (Fixed) (Total:117.19 GB) (Free:42.87 GB) NTFS
Drive l: (shop files) (Fixed) (Total:348.57 GB) (Free:194.55 GB) NTFS
Drive n: (New Volume) (Fixed) (Total:931.51 GB) (Free:439.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 11908734)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=150 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 66C066C0)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: A081A081)

Partition: GPT Partition Type.

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: AC55155D)

Partition: GPT Partition Type.

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A85D9DD0)

Partition: GPT Partition Type.

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: C2B6FC53)

Partition: GPT Partition Type.

==================== End Of Log ============================



#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:33 PM

Posted 15 April 2014 - 02:41 PM

Hi chili2

Looks like we have some work to do here.

I still cannot reinstall microsoft secirty essentils or load windows defender.

Run the steps in order as we need to cleanup a lot before sorting the MSSE problem..

I have to change the standard replies because the programs are not being downloaded to the requested location.

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Bearshare, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If do you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.


Step 1
Please uninstall the following programs:
contiNuetoSaVE
Winclean performap



Step 2
Please download the attached fixlist.txt file (bottom of this post) and save it to E:\downloads.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log in E:\downloads (Fixlog.txt). Please post this in your next reply.



Step 3
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Step 4
MSSE is not showing in the add/remove ..... but there are files etc showing in the report.
We need to clear out the old files/folders before we can install a fresh copy.

Please go to this link:
http://support.microsoft.com/kb/2483120

Scroll down about half way and under the Fix it for me section, click on the Microsoft Fixit icon
Follow any prompts to run the program.

When the program has finished, try installing MSSE again from this link:
http://www.microsoft.com/en-us/download/details.aspx?id=5201


In your next reply, please submit:
Fixlog.txt
JRT.txt
AdwCleaner report

and let me know how the reinstall of MSSE went.

Thanks.

Attached Files


BBPP6nz.png


#5 chili2

chili2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 15 April 2014 - 05:42 PM

Thank you for your time. I will do as you say.

 

I have bitorrent but I only use it to download one show a week for my wife. As soon as it is downloaded, I immediately close the program (end it in task manager), so I only share what is vicible (not much) for about 3 minutes  a week.


Edited by chili2, 15 April 2014 - 05:43 PM.


#6 chili2

chili2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 16 April 2014 - 02:39 PM

Followed your steps. The Microsoft fix it program got 1/3 through and stalled (left it running for 2 hours). After that I still could not install securtiy essentials.

 

Attached are the JTR and Fixlogs.

 

# AdwCleaner v3.023 - Report created 16/04/2014 at 09:17:02
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : osigns - OSIGNS-PC
# Running from : C:\Users\osigns\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\WinterSoft
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\continuetosave
Folder Deleted : C:\Program Files\BrowseToSave
Folder Deleted : C:\Program Files\Show-Password
Folder Deleted : C:\Program Files\Web Protect
Folder Deleted : C:\Users\osigns\AppData\Local\eSupport.com
Folder Deleted : C:\Users\osigns\AppData\Local\PackageAware
Folder Deleted : C:\Users\osigns\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\osigns\AppData\Roaming\NCdownloader
Folder Deleted : C:\Users\osigns\Documents\Mobogenie

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKCU\Software\AppDataLow\Software\Show-Password
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{def8540c}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16843


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\osigns\AppData\Roaming\Mozilla\Firefox\Profiles\1bdd1hdx.default\prefs.js ]


[ File : C:\Users\osigns\AppData\Roaming\Mozilla\Firefox\Profiles\8adaulom.default-1340914065428\prefs.js ]

Line Deleted : user_pref("CT2790392.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2790392.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2790392.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT2790392.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2790392.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2790392.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2790392.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT2790392.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2790392\"}");
Line Deleted : user_pref("CT2790392.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://BitTorrentBar.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT2790392.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"BitTorrentBar\"}");
Line Deleted : user_pref("CT2790392.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2790392.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT2790392_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1374011013549,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("extensions.3Am.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){if(3<b)return a(!1);var d=thi[...]
Line Deleted : user_pref("extensions.FBa7PFn8H.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.i[...]
Line Deleted : user_pref("extensions.X0P9Cbz4jS.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){if(3<b)return a(!1);va[...]
Line Deleted : user_pref("extensions.ZVKg.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexO[...]

*************************

AdwCleaner[R0].txt - [6277 octets] - [16/04/2014 09:06:59]
AdwCleaner[S0].txt - [6336 octets] - [16/04/2014 09:17:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6396 octets] ##########
 

Attached Files


Edited by chili2, 16 April 2014 - 02:40 PM.


#7 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:33 PM

Posted 16 April 2014 - 02:54 PM

Hi chili2
 

The Microsoft fix it program got 1/3 through and stalled (left it running for 2 hours). After that I still could not install securtiy essentials.

Ok, we'll sort something out in a minute.

Step 1
Please remove any copy of Combofix that may be on your system.
Just right click the icon and select delete.
Now:
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

CF_download_FF.gif


CF_download_rename.gif

This is an example, you may rename ComboFix to anything you want.Then:

Double click on Combo-Fix.exe & follow the prompts.

Vista/Win7 users should right click on the icon and select Run as Administrator.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    cf1.png

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png

    Click on Yes, to continue scanning for malware.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.



    Step 2
    As MSSE won't install just yet, let's get you another AV program so that you have some cover.

    Please choose one. of the 'free' AV's below and see if it will download and install

    Bitdefender Free
    Avira AntiVir

    Let it run a scan of the system when installed.
    Let me know if anything is found.

    In your next reply, please submit:
    Combofix.txt

    and let me know how it went with one of the AV's.

    Thanks.



Edited by Starbuck, 16 April 2014 - 02:55 PM.

BBPP6nz.png


#8 chili2

chili2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 18 April 2014 - 09:03 AM

here's combofix. avira found nothing.

Attached Files



#9 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:33 PM

Posted 18 April 2014 - 11:44 AM

avira found nothing.

So Avira installed and ran OK?


Step 1
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 8 Update 5 and save it to your desktop.
  • Scroll down to where it says "Java SE 8 Update 5".
  • Click the "Download JRE 8" button.
  • Accept the license agreement.
  • select 'Windows x86'offline from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    .
    Java 6 Update 21
    .
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on downloaded icon to install the newest version.
Step 2
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista/Win7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Step 3
I'd like you to do an ESET OnlineScan

You may find it beneficial to close your resident AV program before running the scan.
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Click esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.
    Include the contents of this report in your next reply.
  • Click the esetBack.png button.
  • Click esetFinish.png
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


Note:
It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
To prevent this happening:
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

eset.png


In your next reply, please submit:
Eset scan report if anything is found.
Also give me an update on the system and let me know of any problems.


Thanks.

BBPP6nz.png


#10 chili2

chili2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 22 April 2014 - 07:37 AM

Did all 3,. Ran eset over night came in the morning and the PC had rebooted. I guess it found nothing.

 

I uninstalled Avira. After having it on my PC for a week I remebered why I like security essentials so mcuh. I can't seem to control anything with Avira and when it pops up, it slows everthing down.

 

So thank you very much for you work. I am amazed at how much effort you all put into helping folks on this website. I have no viruses or malware now so I am thrileld, but sadly security essentials still will not load. I will keep at it though. I may end up reformatting and reloading windows 7



#11 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:33 PM

Posted 22 April 2014 - 12:06 PM

Hi chili2,

Ran eset over night came in the morning and the PC had rebooted. I guess it found nothing.

Just take a look and see if there's report located here:
C:\Program Files\ESET\ESET Online Scanner\log.txt

uninstalled Avira. After having it on my PC for a week I remebered why I like security essentials so mcuh. I can't seem to control anything with Avira and when it pops up, it slows everthing down.

I run Bitdefender free on a couple of my systems and have never had a problem with it slowing the system down.... might be worth a try.

I have no viruses or malware now so I am thrileld, but sadly security essentials still will not load

Ok, let's have a quick look at it from a different angle then:

Please download Farbar Service Scanner and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other Services
Press "Scan".
When finished, It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log in your next reply.

Thanks

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users