Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do not know name of infection


  • This topic is locked This topic is locked
155 replies to this topic

#1 James Boulton

James Boulton

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kenora
  • Local time:08:04 AM

Posted 24 April 2014 - 03:09 PM

First sign of infection was the removal of windows 7 sign in page, replacing it with a replica that allows access to desktops except for administration. The replica sign in page reverts to the desktop last used, but one may go to other and type in name and password and the desktop will open. There is a period of time that this works, but as time goes on more and more problems appear until the computer can not be used. The third time this happened I took my computer in to a professional firm to remove the virus. They told me that it was crytolock, but I am sure after reading the info on this virus, that is wasn't. It may have been Rbot.  I have had six infections of this virus in as many months. In the past, except for the one time that I brought the computer into to have cleaned, I have reformatted and reinstalled programs, only to have the virus reappear a few weeks later. If left unchecked it gradually makes the computer totally unstable.
Do not know how to remove it.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by Forest at 14:30:21 on 2014-04-24
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8139.5988 [GMT -5:00]
.
AV: ThreatTrack Security VIPRE *Enabled/Updated* {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
SP: ThreatTrack Security VIPRE *Enabled/Updated* {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
FW: ThreatTrack Security VIPRE *Enabled* {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
E:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe
E:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\VIPRE\SBAMTray.exe
E:\Program Files (x86)\Roxio 2011\5.0\CPMonitor.exe
E:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
E:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
E:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files (x86)\VIPRE\SBAMSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
E:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventEventSvc.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_182_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: VIPRE Search Guard Helper: {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\VSGN.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\CoIEPlg.dll
TB: VIPRE Search Guard Toolbar: {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [SBAMTray] "C:\Program Files (x86)\VIPRE\SBAMTray.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [CPMonitor] "E:\Program Files (x86)\Roxio 2011\5.0\CPMonitor.exe"
mRun: [Desktop Disc Tool] "E:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [EaseUs Watch] "E:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "E:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
mRunOnce: [SMRequiresRestart] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: MemCheckBoxInRunDlg = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{DF763ACA-20B0-4706-9AB7-00A8EF94A25E} : DHCPNameServer = 192.168.2.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-RunOnce: [*Restore] C:\Windows\System32\rstrui.exe /runonce
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 a320raid;Adaptec SCSI Raid device Driver;C:\Windows\System32\drivers\a320raid.sys [2012-6-29 304760]
R0 EUBAKUP;EUBAKUP;C:\Windows\System32\drivers\eubakup.sys [2014-3-12 61000]
R0 EUBKMON;EUBKMON;C:\Windows\System32\drivers\EUBKMON.sys [2014-3-12 48200]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-2-25 19264]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2014-2-26 55856]
R0 Sahdad64;HDD Filter Driver;C:\Windows\System32\drivers\Sahdad64.sys [2014-2-26 27120]
R0 Saibad64;Volume Filter Driver;C:\Windows\System32\drivers\Saibad64.sys [2014-2-26 19952]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2014-2-25 30752]
R1 EUDSKACS;EUDSKACS;C:\Windows\System32\drivers\eudskacs.sys [2014-3-12 18504]
R1 EUFDDISK;EUFDDISK;C:\Windows\System32\drivers\EuFdDisk.sys [2014-3-12 189000]
R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\System32\drivers\SaibVdAd64.sys [2014-2-26 27632]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2014-2-25 260816]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-6-2 457200]
R2 BOT4Service;BOT4Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-7-14 32240]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-1-3 1363616]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-2-26 2211000]
R2 CryptoPreventEventSvc;CryptoPrevent Event Service;C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventEventSvc.exe [2014-3-3 322920]
R2 EaseUS Agent;EaseUS Agent Service;E:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2014-3-16 36936]
R2 gfi_lanss11_attservice;GFI LanGuard 11 Attendant Service;C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [2012-11-23 133496]
R2 Guard Agent;Guard Agent Service;E:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2014-3-16 23624]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-2-25 127752]
R2 hmpalert;HitmanPro.Alert Support Driver;C:\Windows\System32\drivers\hmpalert.sys [2014-3-2 93144]
R2 hmpalertsvc;HitmanPro.Alert Service;C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [2014-3-2 1876816]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-2-25 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2014-2-25 1168960]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2014-2-25 166720]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-17 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-17 857912]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [2014-2-25 123320]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-3-4 1615192]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-3-4 20541216]
R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2014-2-25 82160]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 SBAMSvc;VIPRE Internet Security;C:\Program Files (x86)\VIPRE\SBAMSvc.exe [2013-9-6 3937472]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2013-6-19 88928]
R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [2013-9-6 176016]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-12-6 1229528]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-12-6 662232]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-3-10 411936]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2014-2-25 365376]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-2-25 357184]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-2-25 789824]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-26 25816]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-17 63192]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-4-7 40392]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-12-6 18456]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-2-25 726160]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2014-2-25 120608]
R3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2012-12-12 88864]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-8-14 34544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-12 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [2014-2-25 138248]
S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [2014-2-25 126392]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2014-2-25 41032]
S3 gfiutil;gfiutil;C:\Windows\System32\drivers\gfiutil.sys [2014-2-25 31264]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-16 111616]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-17 119512]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-2-26 19456]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2014-2-25 120608]
S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2014-2-25 63184]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-26 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-2-26 1255736]
S4 RoxMediaDB13;RoxMediaDB13;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-7-16 1099248]
S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-7-16 354288]
.
=============== File Associations ===============
.
ShellExec: FF30.exe: Open=E:\Program Files (x86)\Reallusion\FaceFilter3\FFApp.exe "%1"
.
=============== Created Last 30 ================
.
2014-04-22 22:38:23 -------- d-----w- C:\Windows\System32\catroot2
2014-04-20 20:02:30 -------- d-----w- C:\Program Files (x86)\ESET
2014-04-20 02:40:03 -------- d-----w- C:\Windows\ERUNT
2014-04-18 03:31:28 -------- d-----w- C:\AdwCleaner
2014-04-18 03:31:28 -------- d-----w- \AdwCleaner
2014-04-18 02:28:38 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-18 02:28:29 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-18 02:28:29 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-04-18 02:28:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-17 14:15:09 -------- d-sh--w- C:\Users\Forest\AppData\Local\EmieUserList
2014-04-17 14:15:09 -------- d-sh--w- C:\Users\Forest\AppData\Local\EmieSiteList
2014-04-14 02:23:43 130 --sha-r- C:\Windows\FF3STET.BIN
2014-04-14 02:23:40 -------- d-----w- C:\ProgramData\Reallusion
2014-04-14 02:23:40 -------- d-----w- C:\Program Files (x86)\Common Files\Reallusion
2014-04-14 02:07:53 -------- d-----w- C:\Program Files\Common Files\Protexis
2014-04-07 21:35:51 40392 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-04-07 21:35:51 33568 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-04-03 18:28:50 -------- d-----w- C:\Users\Forest\AppData\Local\ElevatedDiagnostics
2014-03-30 18:11:25 -------- d-----w- C:\Program Files (x86)\Calibre2
.
==================== Find3M ====================
.
2014-04-11 15:13:15 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-11 15:13:15 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-10 22:02:29 93144 ----a-w- C:\Windows\System32\drivers\hmpalert.sys
2014-04-10 22:02:29 548424 ----a-w- C:\Windows\System32\hmpalert.dll
2014-04-10 22:02:29 477008 ----a-w- C:\Windows\SysWow64\hmpalert.dll
2014-04-03 14:50:58 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-04-02 13:27:17 1081112 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-04-02 13:27:05 1225920 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-03-30 17:43:15 488960 --sha-w- C:\EUMONBMP.SYS
2014-03-30 17:43:15 488960 --sha-w- \EUMONBMP.SYS
2014-03-26 15:23:27 952 --sha-w- C:\ProgramData\KGyGaAvL.sys
2014-03-21 19:43:50 37320 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-03-12 04:26:04 5128584 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-03-06 09:32:16 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:32:07 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 18:30:03 53248 ----a-w- C:\Windows\SysWow64\zlib.dll
2014-03-04 13:06:00 6714312 ----a-w- C:\Windows\System32\nvcpl.dll
2014-03-04 13:06:00 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-03-04 13:05:58 922968 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-03-04 13:05:58 64968 ----a-w- C:\Windows\System32\nvshext.dll
2014-03-04 13:05:57 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-03-04 13:05:53 3649185 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-03-04 11:32:59 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-02-26 18:43:25 9728 ----a-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-02-26 00:50:43 74703 ----a-w- C:\Windows\SysWow64\mfc45.dat
2014-02-25 23:19:51 175616 ----a-w- C:\Windows\System32\msclmd.dll
2014-02-25 23:19:51 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2014-02-08 18:34:51 1885472 ----a-w- C:\Windows\System32\nvdispco6433489.dll
2014-02-08 18:34:51 1515296 ----a-w- C:\Windows\System32\nvdispgenco6433489.dll
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 02:35:56 190912 ----a-w- C:\Windows\System32\drivers\storport.sys
2014-02-04 02:35:49 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2014-02-04 02:35:35 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-02-04 02:28:36 2048 ----a-w- C:\Windows\System32\iologmsg.dll
2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-02-04 02:00:39 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2011-08-24 01:42:54 332144 ----a-w- C:\Program Files (x86)\Common Files\MediaOrganizer.dll
2011-08-24 01:35:38 33136 ----a-w- C:\Program Files (x86)\Common Files\FlickrProvider.dll
2011-08-24 01:35:14 402800 ----a-w- C:\Program Files (x86)\Common Files\facebook.dll
2011-08-24 01:35:14 130416 ----a-w- C:\Program Files (x86)\Common Files\PluginCommon.dll
2011-08-24 01:34:26 465264 ----a-w- C:\Program Files (x86)\Common Files\AppFramework.dll
.
============= FINISH: 14:30:41.94 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 2/25/2014 5:01:46 PM
System Uptime: 4/24/2014 12:56:23 PM (2 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | P8Z77-V LX
Processor: Intel® Core™ i7-3770K CPU @ 3.50GHz | LGA1155 | 3501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 56.778 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 68 GiB total, 61.924 GiB free.
F: is FIXED (NTFS) - 697 GiB total, 290.591 GiB free.
G: is FIXED (NTFS) - 234 GiB total, 230.046 GiB free.
I: is FIXED (NTFS) - 68 GiB total, 68.275 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Symantec Real Time Storage Protection (PEL) x64
Device ID: ROOT\LEGACY_SRTSPX\0000
Manufacturer:
Name: Symantec Real Time Storage Protection (PEL) x64
PNP Device ID: ROOT\LEGACY_SRTSPX\0000
Service: SRTSPX
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: BHDrvx64
Device ID: ROOT\LEGACY_BHDRVX64\0000
Manufacturer:
Name: BHDrvx64
PNP Device ID: ROOT\LEGACY_BHDRVX64\0000
Service: BHDrvx64
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Norton Internet Security Settings Manager
Device ID: ROOT\LEGACY_CCSET_NIS\0000
Manufacturer:
Name: Norton Internet Security Settings Manager
PNP Device ID: ROOT\LEGACY_CCSET_NIS\0000
Service: ccSet_NIS
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: IDSVia64
Device ID: ROOT\LEGACY_IDSVIA64\0000
Manufacturer:
Name: IDSVia64
PNP Device ID: ROOT\LEGACY_IDSVIA64\0000
Service: IDSVia64
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Symantec Iron Driver
Device ID: ROOT\LEGACY_SYMIRON\0000
Manufacturer:
Name: Symantec Iron Driver
PNP Device ID: ROOT\LEGACY_SYMIRON\0000
Service: SymIRON
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Symantec Network Security WFP Driver
Device ID: ROOT\LEGACY_SYMNETS\0000
Manufacturer:
Name: Symantec Network Security WFP Driver
PNP Device ID: ROOT\LEGACY_SYMNETS\0000
Service: SymNetS
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Malwarebytes Anti-Exploit
Device ID: ROOT\LEGACY_ESPROTECTIONDRIVER\0000
Manufacturer:
Name: Malwarebytes Anti-Exploit
PNP Device ID: ROOT\LEGACY_ESPROTECTIONDRIVER\0000
Service: ESProtectionDriver
.
==== System Restore Points ===================
.
RP45: 4/20/2014 11:06:30 PM - Scheduled Checkpoint
RP46: 4/21/2014 10:51:37 AM - Tweaking.com - Windows Repair
RP47: 4/21/2014 10:52:17 AM - Tweaking.com - Windows Repair
RP48: 4/21/2014 11:35:47 AM - Tweaking.com - Windows Repair
RP49: 4/22/2014 5:23:46 PM - Tweaking.com - Windows Repair
RP50: 4/23/2014 7:22:07 PM - Windows Backup
RP51: 4/24/2014 8:36:09 AM - Windows Backup
.
==== Installed Programs ======================
.
ACDSee 32
Adobe Flash Player 13 ActiveX
Adobe Photoshop 7.0
Adobe Reader XI (11.0.06)
AMD Catalyst Install Manager
Apple Application Support
Apple Software Update
ASUS Product Register Program
Athentech Perfectly Clear
Canon Utilities Digital Photo Professional 1.5
Corel KPT Collection
Corel Painter Essentials 4
Corel PaintShop Photo Pro X3
Corel PaintShop Pro X6
Creative Content
CryptoPrevent v4.3.0
DirectX 9 Runtime
Driver Support
DriverTuner 3.1.0.1
DVDFab 9.1.3.6 (20/03/2014)
EaseUS Todo Backup Workstation 6.5
EPSON Scan
ESET Online Scanner v3
EVGA Precision X 4.0.0
FaceFilter v3.02 Standard
Google Update Helper
HitmanPro 3.7
HitmanPro.Alert
ICA
Intel® Control Center
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iolo technologies' System Mechanic Professional
IPM_PSP_CL
IPM_PSP_COM
IPM_PSP_COM64
Malwarebytes Anti-Malware version 2.0.1.1004
Microsoft .NET Framework 4.5.1
Microsoft Corporation
Microsoft LifeCam
Microsoft Mouse and Keyboard Center
Microsoft Office Home and Student 2013 - en-us
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
NVIDIA 3D Vision Controller Driver 335.21
NVIDIA 3D Vision Driver 335.23
NVIDIA Control Panel 335.23
NVIDIA GeForce Experience 2.0
NVIDIA Graphics Driver 335.23
NVIDIA HD Audio Driver 1.3.30.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.1220
NVIDIA ShadowPlay 12.4.55
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 12.4.55
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.22
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
PSPPContent
PSPPHelp
PSPPRO_DCRAW
PSPPro64
QuickTime 7
RBVirtualFolder64Inst
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Roxio BackOnTrack
Roxio BackOnTrackPE
Roxio Burn - Secure
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2011 Content
Roxio Creator 2011 Pro
Roxio PhotoShow
Roxio Video Capture USB
Secunia PSI (3.0.0.9016)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Setup
SHIELD Streaming
SilverFast Epson-SE
Skype Click to Call
Skype™ 6.14
SmartSound Common Data
SmartSound Quicktracks 5
SUPERAntiSpyware
Tweaking.com - Simple System Tweaker
Tweaking.com - Windows Repair (All in One)
Ultimate Creative Collection (X6)
VD64Inst
VIPRE Internet Security
Windows Driver Package - Synaptics (SmbDrv) System (08/13/2013 17.0.9.1)
WinRAR 5.01 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
4/24/2014 8:34:26 AM, Error: Disk [11] - The driver detected a controller error on \...\DR4.
4/24/2014 11:44:41 AM, Error: Service Control Manager [7031] - The CryptoPrevent Event Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
4/24/2014 11:44:32 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NIS ESProtectionDriver IDSVia64 SRTSPX SymDS SymEFA SymIRON SymNetS
4/24/2014 11:44:04 AM, Error: Service Control Manager [7024] - The Norton Internet Security service terminated with service-specific error %%-1.
4/24/2014 11:44:04 AM, Error: Service Control Manager [7024] - The Common Client Job Manager Service service terminated with service-specific error %%-1.
4/24/2014 11:41:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
4/24/2014 11:33:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application Local Management Service service to connect.
4/24/2014 11:33:46 AM, Error: Service Control Manager [7000] - The Intel® Management and Security Application Local Management Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/24/2014 11:32:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.
4/24/2014 11:32:41 AM, Error: Service Control Manager [7000] - The Intel® Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/22/2014 5:57:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
4/22/2014 5:56:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
4/22/2014 4:53:06 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/22/2014 4:53:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
4/21/2014 7:46:17 AM, Error: Service Control Manager [7031] - The Virtual Disk service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/20/2014 9:37:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.
4/20/2014 9:37:45 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/20/2014 7:02:41 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/20/2014 7:02:41 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/20/2014 7:02:41 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/20/2014 7:02:41 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/20/2014 7:02:41 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/20/2014 7:02:41 AM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/20/2014 7:02:41 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
4/20/2014 7:02:41 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/20/2014 7:02:41 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================

Attached Files

  • Attached File  dds.txt   25.26KB   4 downloads

Edited by Oh My, 02 May 2014 - 08:59 AM.
Posted logs


BC AdBot (Login to Remove)

 


#2 James Boulton

James Boulton
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kenora
  • Local time:08:04 AM

Posted 24 April 2014 - 03:34 PM

Despite the clear instructions I attached the wrong file. I have attached the requested one below.

Attached Files



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,731 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:04 AM

Posted 29 April 2014 - 03:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/532185 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:04 AM

Posted 02 May 2014 - 09:02 AM

Greetings James and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Can you tell me if you have backed up files before reformatting and then reinserted those files into the clean computer?

While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • Attached System Summary Information

Edited by Oh My, 02 May 2014 - 09:02 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 James Boulton

James Boulton
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kenora
  • Local time:08:04 AM

Posted 03 May 2014 - 08:09 PM

Hi Gary, I really appreciate your assistance. You can call me Jamie. Yes I had backed up the files before reformatting, which I assume means that my back ups are also infected. I have information, both in data and photos that is important for me and really can't afford to lose it.

This is the first notepad text:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2014
Ran by James (ATTENTION: The logged in user is not administrator) on FOREST-PC on 03-05-2014 19:34:12
Running from C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7JKK5ZVZ
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(iolo technologies, LLC) E:\Program Files (x86)\iolo\System Mechanic Professional\ioloGovernor64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Marvell Semiconductor, Inc.) C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Corel, Inc.) C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
() E:\Program Files (x86)\Roxio 2011\5.0\CPMonitor.exe
() E:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_206_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6843024 2014-03-04] (Realtek Semiconductor)
HKLM\...\Run: [PrnStatusMX] => C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1240064 2012-07-04] (Marvell Semiconductor, Inc.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3216272 2013-09-06] (ThreatTrack Security, Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [CPMonitor] => E:\Program Files (x86)\Roxio 2011\5.0\CPMonitor.exe [84464 2010-07-14] ()
HKLM-x32\...\Run: [Desktop Disc Tool] => E:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe [477680 2010-06-30] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\RunOnce: [*Restore] - C:\Windows\System32\rstrui.exe /runonce [296960 2010-11-20] (Microsoft Corporation)
HKLM\...\Runonce: [TodoBackupUninst] - [X]
HKLM-x32\...\Runonce: [SMRequiresRestart] - [X]
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *‮* <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-4210734878-2195994750-937695093-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-4210734878-2195994750-937695093-1003\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [4746584 2014-03-21] (PC Drivers Headquarters)
HKU\S-1-5-21-4210734878-2195994750-937695093-1003\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-4210734878-2195994750-937695093-1003\...\Run: [Corel Photo Downloader] => C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [522752 2011-09-07] (Corel, Inc.)
HKU\S-1-5-21-4210734878-2195994750-937695093-1003\...\MountPoints2: {00fe8312-9e70-11e3-8a46-806e6f6e6963} - F:\Bin\ASSETUP.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x189084B3A932CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.msn.com/?ocid=OIE9HP
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bing.com
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - D5F9096A13BA4CD792D7F23A9213B358 URL = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80399&iwk=259&lng=en
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={60339477-B67E-496B-9987-281CA22F7A68}&mid=352610dbdf2f47d08ec3d151b5a26ecb-bfab142cf754ef5171df781f154c7c181d7f8ecf&lang=en&ds=od011&pr=sa&d=2012-08-18 04:13:23&v=15.5.0.2&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: VIPRE Search Guard Helper - {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\VSGN.dll ()
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll ()
Toolbar: HKCU - No Name - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF StartMenuInternet: FIREFOX.EXE - E:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2009-06-02] ()
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [32240 2010-07-14] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
R2 CryptoPreventEventSvc; C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventEventSvc.exe [322920 2013-11-23] (Foolish IT, LLC)
R2 gfi_lanss11_attservice; C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-03-29] (SurfRight B.V.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-10] (SurfRight B.V.)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1168960 2013-12-03] (iolo technologies, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [138248 2011-11-29] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [123320 2011-11-07] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [126392 2011-11-07] (Symantec Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S4 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1099248 2010-07-16] (Sonic Solutions)
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [3937472 2013-09-06] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [176016 2013-09-06] (ThreatTrack Security, Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

==================== Drivers (Whitelisted) ====================

R0 a320raid; C:\Windows\System32\DRIVERS\a320raid.sys [304760 2012-06-29] (Adaptec, Inc.)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-12-03] (EldoS Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [93144 2014-04-10] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-19] (ThreatTrack Security, Inc.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
S1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20111201.001\BHDrvx64.sys [X]
S1 ccSet_NIS; \SystemRoot\system32\drivers\NISx64\1305000.091\ccSetx64.sys [X]
S1 ESProtectionDriver; \??\E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [X]
S1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20111130.012\IDSVia64.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20111203.009\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20111203.009\EX64.SYS [X]
S3 SRTSP; \SystemRoot\system32\drivers\NISx64\1305000.091\SRTSP64.SYS [X]
S1 SRTSPX; \SystemRoot\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS [X]
S0 SymDS; system32\drivers\NISx64\1305000.091\SYMDS64.SYS [X]
S0 SymEFA; system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [X]
S3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [X]
S1 SymIRON; \SystemRoot\system32\drivers\NISx64\1305000.091\Ironx64.SYS [X]
S1 SymNetS; \SystemRoot\system32\drivers\NISx64\1305000.091\SYMNETS.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-03 19:33 - 2014-05-03 19:34 - 00000000 ____D () C:\FRST
2014-04-30 20:32 - 2014-04-30 20:32 - 00550371 _____ () C:\Users\James\Downloads\Autoruns.zip
2014-04-28 10:10 - 2014-04-28 10:10 - 00000000 ____D () C:\Users\Marion\AppData\Local\Apple
2014-04-24 14:37 - 2014-04-24 14:37 - 00012126 _____ () C:\Users\Forest\Documents\Attach.txt
2014-04-24 14:36 - 2014-04-24 14:36 - 00025871 _____ () C:\Users\Forest\Documents\DDS.txt
2014-04-24 14:30 - 2014-04-24 15:02 - 00025871 _____ () C:\Users\Forest\Desktop\dds.txt
2014-04-24 14:30 - 2014-04-24 14:30 - 00012126 _____ () C:\Users\Forest\Desktop\attach.txt
2014-04-24 14:29 - 2014-04-24 14:29 - 00688992 ____R (Swearware) C:\Users\James\Downloads\dds.com
2014-04-21 11:57 - 2014-04-21 12:00 - 00000000 ____D () C:\Users\James\Desktop\Tools
2014-04-21 11:24 - 2014-04-21 11:24 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-04-20 21:27 - 2014-04-20 21:27 - 00000000 ____D () C:\Users\James\Downloads\tweaking.com_windows_repair_aio
2014-04-20 21:25 - 2014-04-20 21:26 - 03434761 _____ () C:\Users\James\Downloads\tweaking.com_windows_repair_aio.zip
2014-04-20 15:02 - 2014-04-20 15:02 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-19 23:01 - 2014-04-19 23:01 - 00001357 _____ () C:\Users\Forest\Desktop\JRT.txt
2014-04-19 21:54 - 2014-04-19 21:54 - 00001357 _____ () C:\Users\Forest\Documents\JRT.txt
2014-04-19 21:40 - 2014-04-19 21:40 - 00000000 ____D () C:\Windows\ERUNT
2014-04-19 21:38 - 2014-04-19 21:38 - 01016261 _____ (Thisisu) C:\Users\James\Downloads\JRT (1).exe
2014-04-18 21:33 - 2014-04-18 21:33 - 00001782 _____ () C:\sc-cleaner.txt
2014-04-18 21:18 - 2014-04-18 21:18 - 00000017 _____ () C:\Users\James\AppData\Local\resmon.resmoncfg
2014-04-18 21:03 - 2014-04-18 21:03 - 00628779 _____ () C:\Users\James\Downloads\GrantPerms64.zip
2014-04-17 22:31 - 2014-04-19 22:45 - 00000000 ____D () C:\AdwCleaner
2014-04-17 21:28 - 2014-04-19 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-17 21:28 - 2014-04-19 16:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-17 21:28 - 2014-04-17 21:29 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-17 21:28 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-17 21:28 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-17 15:36 - 2014-04-17 15:36 - 00000000 __SHD () C:\Users\Marion\AppData\Local\EmieUserList
2014-04-17 15:36 - 2014-04-17 15:36 - 00000000 __SHD () C:\Users\Marion\AppData\Local\EmieSiteList
2014-04-17 09:15 - 2014-04-17 09:15 - 00000000 __SHD () C:\Users\Forest\AppData\Local\EmieUserList
2014-04-17 09:15 - 2014-04-17 09:15 - 00000000 __SHD () C:\Users\Forest\AppData\Local\EmieSiteList
2014-04-17 08:14 - 2014-04-17 08:14 - 00000000 __SHD () C:\Users\James\AppData\Local\EmieUserList
2014-04-17 08:14 - 2014-04-17 08:14 - 00000000 __SHD () C:\Users\James\AppData\Local\EmieSiteList
2014-04-16 23:00 - 2014-03-06 05:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-16 23:00 - 2014-03-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-16 23:00 - 2014-03-06 04:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-16 23:00 - 2014-03-06 04:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-16 23:00 - 2014-03-06 03:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-16 23:00 - 2014-03-06 03:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-16 23:00 - 2014-03-06 03:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-16 23:00 - 2014-03-06 03:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-16 23:00 - 2014-03-06 03:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-16 23:00 - 2014-03-06 03:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-16 23:00 - 2014-03-06 03:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-16 23:00 - 2014-03-06 03:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-16 23:00 - 2014-03-06 03:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-16 23:00 - 2014-03-06 03:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-16 23:00 - 2014-03-06 03:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-16 23:00 - 2014-03-06 03:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-16 23:00 - 2014-03-06 03:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-16 23:00 - 2014-03-06 03:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-16 23:00 - 2014-03-06 03:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-16 23:00 - 2014-03-06 03:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-16 23:00 - 2014-03-06 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-16 23:00 - 2014-03-06 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-16 23:00 - 2014-03-06 02:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-16 23:00 - 2014-03-06 02:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-16 23:00 - 2014-03-06 02:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-16 23:00 - 2014-03-06 02:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-16 23:00 - 2014-03-06 02:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-16 23:00 - 2014-03-06 02:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-16 23:00 - 2014-03-06 02:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-16 23:00 - 2014-03-06 02:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-16 23:00 - 2014-03-06 02:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-16 23:00 - 2014-03-06 02:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-16 23:00 - 2014-03-06 02:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-16 23:00 - 2014-03-06 02:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-16 23:00 - 2014-03-06 02:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-16 23:00 - 2014-03-06 02:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-16 23:00 - 2014-03-06 02:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-16 23:00 - 2014-03-06 02:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-16 23:00 - 2014-03-06 01:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-16 23:00 - 2014-03-06 01:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-16 23:00 - 2014-03-06 01:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-16 23:00 - 2014-03-06 01:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-16 23:00 - 2014-03-06 01:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-16 23:00 - 2014-03-06 00:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-16 23:00 - 2014-03-06 00:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-16 23:00 - 2014-03-06 00:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-16 23:00 - 2014-03-06 00:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-16 23:00 - 2014-03-06 00:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-14 18:16 - 2014-04-14 18:16 - 00000000 ____D () C:\Users\James\Documents\Corel PaintShop Pro
2014-04-14 16:30 - 2014-04-14 16:30 - 00000000 ____D () C:\Users\James\AppData\Roaming\Ulead Systems
2014-04-14 16:30 - 2014-04-14 16:30 - 00000000 ____D () C:\Users\James\AppData\Local\Corel PaintShop Pro
2014-04-13 21:23 - 2014-04-19 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reallusion
2014-04-13 21:23 - 2014-04-13 21:23 - 00000953 _____ () C:\Users\Public\Desktop\FaceFilter v3.02 Standard.lnk
2014-04-13 21:23 - 2014-04-13 21:23 - 00000130 __RSH () C:\Windows\FF3STET.BIN
2014-04-13 21:23 - 2014-04-13 21:23 - 00000000 ____D () C:\ProgramData\Reallusion
2014-04-13 21:07 - 2014-04-19 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X6
2014-04-13 21:07 - 2014-04-14 16:46 - 00000930 _____ () C:\Users\Public\Desktop\Corel PaintShop Pro X6 (64-bit).lnk
2014-04-13 21:07 - 2014-04-14 16:46 - 00000791 _____ () C:\Users\Public\Desktop\Corel PaintShop Pro X6.lnk
2014-04-13 21:07 - 2014-04-13 21:07 - 00000000 ____D () C:\Program Files\Common Files\Protexis
2014-04-10 17:04 - 2014-04-10 17:04 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-04-10 17:03 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 17:03 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 17:03 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 17:03 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 17:03 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 17:03 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 17:03 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 17:03 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 17:03 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 17:03 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 17:03 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 17:03 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 17:03 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 17:03 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 17:03 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 17:03 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-10 17:03 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-09 17:58 - 2014-04-09 17:58 - 00000000 ____D () C:\Users\James\AppData\Roaming\862
2014-04-09 17:56 - 2014-04-09 17:56 - 00000000 ____D () C:\Users\James\AppData\Roaming\457
2014-04-07 16:35 - 2014-03-21 14:43 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-04-07 16:35 - 2014-03-21 14:43 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-04-05 19:20 - 2014-04-05 19:20 - 00291606 _____ () C:\Users\James\Downloads\TCPView (1).zip
2014-04-05 19:20 - 2014-04-05 19:20 - 00000000 ____D () C:\Users\James\Downloads\TCPView (1)
2014-04-05 18:51 - 2014-04-05 18:51 - 00022262 _____ () C:\Users\James\Documents\Error File.txt
2014-04-05 14:12 - 2014-04-05 14:12 - 00032406 _____ () C:\Users\James\Documents\Result.txt

==================== One Month Modified Files and Folders =======

2014-05-03 19:34 - 2014-05-03 19:33 - 00000000 ____D () C:\FRST
2014-05-03 19:34 - 2014-03-02 15:28 - 00000000 ____D () C:\Windows\CryptoGuard
2014-05-03 19:33 - 2014-02-25 18:01 - 01172143 _____ () C:\Windows\WindowsUpdate.log
2014-05-03 19:32 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-03 19:29 - 2014-03-04 23:25 - 00000000 ____D () C:\Users\James\AppData\Roaming\Skype
2014-05-03 19:28 - 2014-03-04 16:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-03 19:28 - 2014-02-25 18:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-03 19:28 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-03 19:28 - 2009-07-13 23:51 - 00055775 _____ () C:\Windows\setupact.log
2014-05-02 08:53 - 2009-07-13 23:45 - 00015136 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-02 08:53 - 2009-07-13 23:45 - 00015136 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-30 21:13 - 2014-03-04 16:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-30 20:59 - 2014-03-06 00:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-30 20:32 - 2014-04-30 20:32 - 00550371 _____ () C:\Users\James\Downloads\Autoruns.zip
2014-04-30 19:57 - 2014-02-25 18:27 - 00110180 _____ () C:\Windows\PFRO.log
2014-04-30 14:31 - 2014-03-06 00:10 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-30 14:31 - 2014-03-06 00:10 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-28 10:53 - 2014-02-25 22:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-28 10:10 - 2014-04-28 10:10 - 00000000 ____D () C:\Users\Marion\AppData\Local\Apple
2014-04-24 21:08 - 2013-11-19 22:56 - 00000000 ____D () C:\Users\James\Documents\book2
2014-04-24 15:02 - 2014-04-24 14:30 - 00025871 _____ () C:\Users\Forest\Desktop\dds.txt
2014-04-24 14:37 - 2014-04-24 14:37 - 00012126 _____ () C:\Users\Forest\Documents\Attach.txt
2014-04-24 14:36 - 2014-04-24 14:36 - 00025871 _____ () C:\Users\Forest\Documents\DDS.txt
2014-04-24 14:30 - 2014-04-24 14:30 - 00012126 _____ () C:\Users\Forest\Desktop\attach.txt
2014-04-24 14:29 - 2014-04-24 14:29 - 00688992 ____R (Swearware) C:\Users\James\Downloads\dds.com
2014-04-24 14:25 - 2014-03-09 01:40 - 00000000 ____D () C:\Users\James\AppData\Roaming\ec249d2d-e85b-4179-b373-a2f22546f686
2014-04-24 11:29 - 2014-02-25 18:01 - 00000000 ____D () C:\Users\Forest
2014-04-24 09:18 - 2014-03-05 16:24 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Skype
2014-04-24 09:18 - 2014-03-03 20:35 - 00087504 _____ () C:\Users\Marion\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-24 09:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-22 17:38 - 2014-02-25 23:17 - 00087504 _____ () C:\Users\James\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-22 17:38 - 2009-07-13 23:45 - 00376672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-22 17:36 - 2014-02-26 00:15 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-04-22 17:32 - 2009-07-13 21:34 - 00000439 _____ () C:\Windows\win.ini
2014-04-22 17:30 - 2014-02-26 00:17 - 00781298 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-21 12:42 - 2014-02-25 19:53 - 00000386 _____ () C:\Windows\system32\ioloBootDefrag.cfg
2014-04-21 12:00 - 2014-04-21 11:57 - 00000000 ____D () C:\Users\James\Desktop\Tools
2014-04-21 11:45 - 2009-07-13 21:34 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_293
2014-04-21 11:24 - 2014-04-21 11:24 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-04-21 11:24 - 2014-02-25 18:02 - 00001413 _____ () C:\Users\Forest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-21 11:24 - 2014-02-25 18:01 - 00000000 ___RD () C:\Users\Forest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-21 11:24 - 2014-02-25 18:01 - 00000000 ___RD () C:\Users\Forest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-21 11:23 - 2009-07-13 21:34 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_807
2014-04-20 21:27 - 2014-04-20 21:27 - 00000000 ____D () C:\Users\James\Downloads\tweaking.com_windows_repair_aio
2014-04-20 21:26 - 2014-04-20 21:25 - 03434761 _____ () C:\Users\James\Downloads\tweaking.com_windows_repair_aio.zip
2014-04-20 15:02 - 2014-04-20 15:02 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-19 23:01 - 2014-04-19 23:01 - 00001357 _____ () C:\Users\Forest\Desktop\JRT.txt
2014-04-19 22:45 - 2014-04-17 22:31 - 00000000 ____D () C:\AdwCleaner
2014-04-19 21:54 - 2014-04-19 21:54 - 00001357 _____ () C:\Users\Forest\Documents\JRT.txt
2014-04-19 21:40 - 2014-04-19 21:40 - 00000000 ____D () C:\Windows\ERUNT
2014-04-19 21:38 - 2014-04-19 21:38 - 01016261 _____ (Thisisu) C:\Users\James\Downloads\JRT (1).exe
2014-04-19 18:49 - 2009-07-14 00:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-19 16:21 - 2014-04-17 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-19 16:21 - 2014-04-17 21:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-19 16:21 - 2014-04-13 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reallusion
2014-04-19 16:21 - 2014-04-13 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X6
2014-04-19 16:21 - 2014-03-30 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-04-19 16:21 - 2014-03-15 23:35 - 00000000 ____D () C:\Users\Forest\AppData\Local\PC_Drivers_Headquarters
2014-04-19 16:21 - 2014-03-04 20:26 - 00000000 ____D () C:\Users\Forest\AppData\Local\NVIDIA
2014-04-19 16:21 - 2014-03-02 15:59 - 00000000 ____D () C:\Users\Marion
2014-04-19 16:21 - 2014-02-26 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-04-19 16:21 - 2014-02-25 23:16 - 00000000 ____D () C:\Users\James
2014-04-19 16:21 - 2014-02-25 22:41 - 00000000 ____D () C:\Users\Forest\AppData\Roaming\Skype
2014-04-19 16:21 - 2014-02-25 19:47 - 00000000 ____D () C:\Users\Forest\AppData\Roaming\iolo
2014-04-19 16:21 - 2014-02-25 18:11 - 00000000 ____D () C:\Users\Forest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision X
2014-04-19 16:21 - 2014-02-25 18:01 - 00000000 ___RD () C:\Users\Forest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-19 16:21 - 2014-02-25 18:01 - 00000000 ___RD () C:\Users\Forest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-19 16:21 - 2014-02-25 17:26 - 00000000 ____D () C:\Program Files (x86)\VIPRE
2014-04-19 16:21 - 2014-02-25 16:35 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-04-19 16:21 - 2013-12-05 22:28 - 00000000 ____D () C:\Users\Forest\Downloads\WD_SmartWare_Installer_2.2.1.6
2014-04-19 16:21 - 2013-11-01 14:12 - 00000000 ____D () C:\Users\Forest\Downloads\phonebookzip
2014-04-19 16:21 - 2013-09-22 19:37 - 00000000 ___RD () C:\Users\Forest\SkyDrive
2014-04-19 16:21 - 2011-02-27 13:43 - 00000000 ____D () C:\Users\Guest\Documents\dvd
2014-04-19 16:21 - 2011-02-25 19:18 - 00000000 ___RD () C:\Users\Forest\Podcasts
2014-04-19 16:21 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-19 16:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-04-19 16:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-04-19 16:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-19 16:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-04-19 16:18 - 2011-08-15 15:22 - 00000000 ____D () C:\Users\Guest\Desktop\Basic Technical Math with Calculus
2014-04-19 16:16 - 2013-09-19 17:47 - 00000000 ____D () C:\Users\Marion\Downloads\Nova Scotia Summer 2013
2014-04-19 16:16 - 2013-04-08 21:17 - 00000000 ____D () C:\Users\Public\Documents\Patty
2014-04-19 16:15 - 2013-11-04 17:31 - 00000000 ____D () C:\Users\James\Documents\wood
2014-04-19 16:15 - 2013-04-08 21:16 - 00000000 ____D () C:\Users\James\Documents\re-write
2014-04-19 16:15 - 2013-04-08 21:16 - 00000000 ____D () C:\Users\James\Documents\book
2014-04-19 16:14 - 2014-02-03 00:16 - 00000000 ____D () C:\Users\Public\Documents\FarStone
2014-04-18 21:47 - 2014-03-14 22:22 - 00000000 ____D () C:\Users\James\AppData\Local\CrashDumps
2014-04-18 21:47 - 2014-02-26 00:32 - 00000000 ____D () C:\Users\Forest\AppData\Local\CrashDumps
2014-04-18 21:33 - 2014-04-18 21:33 - 00001782 _____ () C:\sc-cleaner.txt
2014-04-18 21:18 - 2014-04-18 21:18 - 00000017 _____ () C:\Users\James\AppData\Local\resmon.resmoncfg
2014-04-18 21:03 - 2014-04-18 21:03 - 00628779 _____ () C:\Users\James\Downloads\GrantPerms64.zip
2014-04-18 17:27 - 2013-11-01 20:45 - 00000000 ____D () C:\Users\Forest\SyncFolder
2014-04-18 17:22 - 2011-02-02 10:25 - 00000000 ___RD () C:\Users\Guest\Podcasts
2014-04-17 21:29 - 2014-04-17 21:28 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-17 21:28 - 2014-02-26 00:08 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-17 21:28 - 2014-02-26 00:08 - 00000000 ____D () C:\Users\Forest\AppData\Roaming\Malwarebytes
2014-04-17 21:28 - 2014-02-26 00:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-17 21:26 - 2014-03-30 10:53 - 00002778 _____ () C:\Users\Forest\Desktop\Rkill.txt
2014-04-17 15:36 - 2014-04-17 15:36 - 00000000 __SHD () C:\Users\Marion\AppData\Local\EmieUserList
2014-04-17 15:36 - 2014-04-17 15:36 - 00000000 __SHD () C:\Users\Marion\AppData\Local\EmieSiteList
2014-04-17 15:36 - 2014-03-04 21:16 - 00000000 ____D () C:\Users\Marion\AppData\Local\NVIDIA Corporation
2014-04-17 09:16 - 2014-03-04 16:53 - 00000000 ____D () C:\Users\Forest\AppData\Local\Adobe
2014-04-17 09:15 - 2014-04-17 09:15 - 00000000 __SHD () C:\Users\Forest\AppData\Local\EmieUserList
2014-04-17 09:15 - 2014-04-17 09:15 - 00000000 __SHD () C:\Users\Forest\AppData\Local\EmieSiteList
2014-04-17 08:14 - 2014-04-17 08:14 - 00000000 __SHD () C:\Users\James\AppData\Local\EmieUserList
2014-04-17 08:14 - 2014-04-17 08:14 - 00000000 __SHD () C:\Users\James\AppData\Local\EmieSiteList
2014-04-14 18:16 - 2014-04-14 18:16 - 00000000 ____D () C:\Users\James\Documents\Corel PaintShop Pro
2014-04-14 16:46 - 2014-04-13 21:07 - 00000930 _____ () C:\Users\Public\Desktop\Corel PaintShop Pro X6 (64-bit).lnk
2014-04-14 16:46 - 2014-04-13 21:07 - 00000791 _____ () C:\Users\Public\Desktop\Corel PaintShop Pro X6.lnk
2014-04-14 16:44 - 2014-02-26 12:48 - 00000000 ____D () C:\ProgramData\Corel
2014-04-14 16:30 - 2014-04-14 16:30 - 00000000 ____D () C:\Users\James\AppData\Roaming\Ulead Systems
2014-04-14 16:30 - 2014-04-14 16:30 - 00000000 ____D () C:\Users\James\AppData\Local\Corel PaintShop Pro
2014-04-13 21:23 - 2014-04-13 21:23 - 00000953 _____ () C:\Users\Public\Desktop\FaceFilter v3.02 Standard.lnk
2014-04-13 21:23 - 2014-04-13 21:23 - 00000130 __RSH () C:\Windows\FF3STET.BIN
2014-04-13 21:23 - 2014-04-13 21:23 - 00000000 ____D () C:\ProgramData\Reallusion
2014-04-13 21:23 - 2014-02-25 18:29 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-04-13 21:07 - 2014-04-13 21:07 - 00000000 ____D () C:\Program Files\Common Files\Protexis
2014-04-12 21:33 - 2014-02-26 15:29 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-04-10 17:08 - 2014-03-02 15:28 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-04-10 17:07 - 2014-02-26 14:34 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 17:07 - 2014-02-26 14:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 17:04 - 2014-04-10 17:04 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-04-10 17:02 - 2014-03-02 15:28 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2014-04-10 17:02 - 2014-03-02 15:28 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2014-04-10 17:02 - 2014-03-02 15:28 - 00093144 _____ () C:\Windows\system32\Drivers\hmpalert.sys
2014-04-10 16:58 - 2014-03-02 15:59 - 00000000 ____D () C:\Users\Guest
2014-04-10 16:58 - 2014-02-25 18:28 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-04-10 15:54 - 2014-03-04 22:39 - 00000000 ____D () C:\ProgramData\UAB
2014-04-09 17:58 - 2014-04-09 17:58 - 00000000 ____D () C:\Users\James\AppData\Roaming\862
2014-04-09 17:56 - 2014-04-09 17:56 - 00000000 ____D () C:\Users\James\AppData\Roaming\457
2014-04-07 16:38 - 2014-03-04 20:26 - 00000000 ____D () C:\Users\Forest\AppData\Local\NVIDIA Corporation
2014-04-07 16:36 - 2014-02-25 18:05 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-07 16:36 - 2014-02-01 12:26 - 00000000 ____D () C:\Users\James\AppData\Local\NVIDIA Corporation
2014-04-07 16:35 - 2014-02-25 18:05 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-05 19:20 - 2014-04-05 19:20 - 00291606 _____ () C:\Users\James\Downloads\TCPView (1).zip
2014-04-05 19:20 - 2014-04-05 19:20 - 00000000 ____D () C:\Users\James\Downloads\TCPView (1)
2014-04-05 18:51 - 2014-04-05 18:51 - 00022262 _____ () C:\Users\James\Documents\Error File.txt
2014-04-05 14:12 - 2014-04-05 14:12 - 00032406 _____ () C:\Users\James\Documents\Result.txt
2014-04-04 16:29 - 2014-03-30 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-04-04 16:29 - 2014-03-30 13:11 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-04-04 16:29 - 2014-03-02 15:59 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-04 16:29 - 2014-03-02 15:59 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-04 16:29 - 2014-02-26 14:58 - 00000000 ____D () C:\Users\James\AppData\Roaming\Adobe
2014-04-04 16:29 - 2014-02-26 12:40 - 00000000 ____D () C:\Users\James\AppData\Roaming\Roxio
2014-04-04 16:29 - 2009-07-14 02:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-04 16:06 - 2014-02-26 00:07 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-04-03 16:11 - 2014-02-26 12:35 - 00000000 ____D () C:\ProgramData\Sonic
2014-04-03 09:51 - 2014-04-17 21:28 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-17 21:28 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-02-26 00:08 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\Forest\AppData\Local\Temp\Quarantine.exe
C:\Users\James\AppData\Local\Temp\uzregaqi.dll
C:\Users\James\AppData\Local\Temp\v8su_bvc.dll
C:\Users\Marion\AppData\Local\Temp\u51-a4q7.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll =>

MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5This is the second




==================== End Of Log ============================

#6 James Boulton

James Boulton
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kenora
  • Local time:08:04 AM

Posted 03 May 2014 - 08:14 PM

Gary this is the second notepad text, plus the summary. I couldn't seem to get the computer to put everything in the same response.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2014
Ran by James at 2014-05-03 19:34:29
Running from C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7JKK5ZVZ
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: ThreatTrack Security VIPRE (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: ThreatTrack Security VIPRE (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
FW: ThreatTrack Security VIPRE (Enabled) {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}

==================== Installed Programs ======================

ACDSee 32 (HKLM-x32\...\ACDSee 32) (Version:  - )
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Product Register Program (HKLM-x32\...\{49BE9B8A-E858-4533-A74A-64306C13DB59}) (Version: 1.0.014 - ASUS)
Athentech Perfectly Clear (HKLM-x32\...\_{B109CAE0-1D2E-4BF6-8205-C18012E490A9}) (Version: 1.0.0.106 - Corel Corporation)
Athentech Perfectly Clear (Version: 1.0.0.106 - Corel Corporation) Hidden
Athentech Perfectly Clear (x32 Version: 1.0.0.106 - Corel Corporation) Hidden
Canon Utilities Digital Photo Professional 1.5 (HKLM-x32\...\InstallShield_{48859B06-6074-4ED0-8A1E-5730CD42F9B1}) (Version: 1.5 - Canon)
Canon Utilities Digital Photo Professional 1.5 (x32 Version: 1.5 - Canon) Hidden
Corel KPT Collection (HKLM-x32\...\_{5ACF958F-3106-4F13-B947-FC6DF23E1A53}) (Version: 1.0.0.103 - Corel Corporation)
Corel KPT Collection (HKLM-x32\...\_{9C9078D1-FA30-4E1B-A194-983A4898F848}) (Version:  - Corel Corporation)
Corel KPT Collection (x32 Version: 1.0.0.103 - Corel Corporation) Hidden
Corel KPT Collection (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Corel Painter Essentials 4 (x32 Version: 4.2 - Corel Corporation) Hidden
Corel PaintShop Photo Pro X3 (HKLM-x32\...\_{DEAEB5DB-04FA-489D-94EF-8600898B93EE}) (Version: 1.6.1.241 - Corel Corporation)
Corel PaintShop Photo Pro X3 (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.2.0.20 - Corel Corporation)
Corel PaintShop Pro X6 (x32 Version: 16.2.0.20 - Corel Corporation) Hidden
Creative Content (x32 Version: 1.0.0.103 - Corel Corporation) Hidden
CryptoPrevent v4.3.0 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Driver Support (HKLM-x32\...\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}) (Version: 8.1 - Driver Support)
DriverTuner 3.1.0.1 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.1 - LionSea SoftWare)
DVDFab 9.1.3.6 (20/03/2014) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
EVGA Precision X 4.0.0 (HKLM-x32\...\PrecisionX) (Version: 4.0.0 - EVGA Corporation)
FaceFilter v3.02 Standard (HKLM-x32\...\{6020758E-57A9-41E3-AF20-8EE311EA6156}) (Version: 3.02.1506.1 - Reallusion Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
ICA (x32 Version: 1.6.1.241 - Corel Corporation) Hidden
ICA (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iolo technologies' System Mechanic Professional (HKLM-x32\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 12.5.0 - iolo technologies, LLC)
IPM_PSP_CL (x32 Version: 1.00.0000 - Your Company Name) Hidden
IPM_PSP_COM (x32 Version: 1.00.0000 - Your Company Name) Hidden
IPM_PSP_COM (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
IPM_PSP_COM64 (Version: 16.1.0.48 - Corel Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.145.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.3.145.0 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4605.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
PSPPContent (x32 Version: 1.00.0000 - Corel Corporation) Hidden
PSPPContent (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
PSPPRO_DCRAW (x32 Version: 13.0.0 - Corel Corporation) Hidden
PSPPro64 (Version: 16.2.0.20 - Corel Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
Roxio BackOnTrack (x32 Version: 4.0 - Roxio) Hidden
Roxio BackOnTrackPE (x32 Version: 4.0 - Roxio) Hidden
Roxio Burn - Secure (x32 Version: 1.6 - Roxio) Hidden
Roxio CinePlayer (x32 Version: 5.6 - Roxio) Hidden
Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden
Roxio Creator 2011 Content (x32 Version: 13.0.098 - Roxio) Hidden
Roxio Creator 2011 Pro (HKLM-x32\...\{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}) (Version: 13.0 - Roxio)
Roxio Creator 2011 Pro (x32 Version: 1.3.166 - Roxio) Hidden
Roxio Creator 2011 Pro (x32 Version: 6.0.0 - Roxio) Hidden
Roxio PhotoShow (HKLM-x32\...\Roxio PhotoShow) (Version: 6.0 - Sonic Solutions)
Roxio Video Capture USB (x32 Version: 1.22.0000 - Roxio) Hidden
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Setup (x32 Version: 1.6.1.241 - Corel Corporation) Hidden
Setup (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
SilverFast Epson-SE (HKLM-x32\...\SilverFast Epson-SE_is1) (Version:  - LaserSoft Imaging, Inc.)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.0.14735.1561 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.7 - SmartSound Software Inc.) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Tweaking.com - Simple System Tweaker (HKLM-x32\...\Tweaking.com - Simple System Tweaker) (Version: 1.1.3 - Tweaking.com)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.4.1 - Tweaking.com)
Ultimate Creative Collection (X6) (HKLM-x32\...\_{FE752025-AED8-4AED-BC44-B03C9048A3D4}) (Version: 1.0.0.107 - Corel Corporation)
Ultimate Creative Collection (X6) (x32 Version: 1.0.0.107 - Corel Corporation) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
VIPRE Internet Security (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 7.0.6.2 - ThreatTrack Security, Inc.)
VIPRE Internet Security (x32 Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
Windows Driver Package - Synaptics (SmbDrv) System  (08/13/2013 17.0.9.1) (HKLM\...\800FC9A9260B7362B4A5379F8E5ACB7914C486E7) (Version: 08/13/2013 17.0.9.1 - Synaptics)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-04-22 17:32 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-12 21:27 - 2014-04-12 21:27 - 08884904 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-02-20 13:35 - 2014-03-21 03:22 - 00428416 _____ () C:\Program Files (x86)\Driver Support\Driver Support\Agent.Communication.XmlSerializers.dll
2010-07-14 00:23 - 2010-07-14 00:23 - 00084464 _____ () E:\Program Files (x86)\Roxio 2011\5.0\CPMonitor.exe
2010-06-30 12:10 - 2010-06-30 12:10 - 00477680 _____ () E:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
2014-04-12 21:19 - 2014-04-12 21:19 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Marion\Downloads\rock balancing! (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Marion\Downloads\rock balancing!.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptoPreventEventSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name: Symantec Real Time Storage Protection (PEL) x64
Description: Symantec Real Time Storage Protection (PEL) x64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SRTSPX
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: BHDrvx64
Description: BHDrvx64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BHDrvx64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Norton Internet Security Settings Manager
Description: Norton Internet Security Settings Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ccSet_NIS
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: IDSVia64
Description: IDSVia64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: IDSVia64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Symantec Iron Driver
Description: Symantec Iron Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SymIRON
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Symantec Network Security WFP Driver
Description: Symantec Network Security WFP Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SymNetS
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Malwarebytes Anti-Exploit
Description: Malwarebytes Anti-Exploit
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ESProtectionDriver
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/30/2014 03:33:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/30/2014 03:32:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/28/2014 06:43:43 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/28/2014 06:42:43 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/28/2014 06:38:23 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/28/2014 10:10:24 AM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location H:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (04/27/2014 07:03:47 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.

Error: (04/27/2014 07:03:47 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.

Error: (04/26/2014 08:34:12 PM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.

Error: (04/24/2014 02:30:11 PM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.

System errors:
=============
Error: (05/03/2014 07:28:59 PM) (Source: Service Control Manager) (User: )
Description: The CryptoPrevent Event Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (05/03/2014 07:28:58 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx64
ccSet_NIS
ESProtectionDriver
IDSVia64
SRTSPX
SymDS
SymEFA
SymIRON
SymNetS

Error: (05/03/2014 07:28:43 PM) (Source: Service Control Manager) (User: )
Description: The Common Client Job Manager Service service terminated with service-specific error %%-1.

Error: (05/03/2014 07:28:43 PM) (Source: Service Control Manager) (User: )
Description: The Norton Internet Security service terminated with service-specific error %%-1.

Error: (05/02/2014 08:53:04 AM) (Source: Service Control Manager) (User: )
Description: The CryptoPrevent Event Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (05/02/2014 08:47:38 AM) (Source: Service Control Manager) (User: )
Description: The CryptoPrevent Event Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (05/02/2014 08:47:34 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx64
ccSet_NIS
ESProtectionDriver
IDSVia64
SRTSPX
SymDS
SymEFA
SymIRON
SymNetS

Error: (05/02/2014 08:47:18 AM) (Source: Service Control Manager) (User: )
Description: The Common Client Job Manager Service service terminated with service-specific error %%-1.

Error: (05/02/2014 08:47:18 AM) (Source: Service Control Manager) (User: )
Description: The Norton Internet Security service terminated with service-specific error %%-1.

Error: (05/01/2014 04:54:26 PM) (Source: Service Control Manager) (User: )
Description: The CryptoPrevent Event Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (04/30/2014 03:33:17 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"E:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Python Libraries\Lib\distutils\command\wininst-8_d.exe

Error: (04/30/2014 03:32:06 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (04/28/2014 06:43:43 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Windows\system32\spool\DRIVERS\x64\3\HPAppUsg.dll

Error: (04/28/2014 06:42:43 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Windows\system32\spool\DRIVERS\x64\3\HPAppUsg.dll

Error: (04/28/2014 06:38:23 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Windows\system32\spool\DRIVERS\x64\3\HPAppUsg.dll

Error: (04/28/2014 10:10:24 AM) (Source: Windows Backup)(User: )
Description: H:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (04/27/2014 07:03:47 AM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY)
Description: The system cannot find the file specified.

Error: (04/27/2014 07:03:47 AM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY)
Description: The system cannot find the file specified.

Error: (04/26/2014 08:34:12 PM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY)
Description: The system cannot find the file specified.

Error: (04/24/2014 02:30:11 PM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY)
Description: The system cannot find the file specified.

CodeIntegrity Errors:
===================================
  Date: 2014-04-30 21:12:55.123
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-30 21:00:15.824
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-30 20:34:16.711
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-30 16:06:38.913
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-30 15:59:38.534
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-30 15:35:19.325
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-30 15:25:18.293
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-30 15:15:16.424
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-30 15:05:12.388
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-30 14:55:11.303
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 8139.37 MB
Available physical RAM: 5245.03 MB
Total Pagefile: 16276.92 MB
Available Pagefile: 13110.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:56 GB) NTFS
Drive e: (Scsi) (Fixed) (Total:68.36 GB) (Free:62.52 GB) NTFS
Drive f: (Photos) (Fixed) (Total:697.11 GB) (Free:290.59 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:234.4 GB) (Free:230.04 GB) NTFS
Drive i: (New Volume) (Fixed) (Total:68.36 GB) (Free:68.27 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

Attached Files



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:04 AM

Posted 03 May 2014 - 09:09 PM

Hi Jamie,

 

Before we begin I want to ask you whether you want to clean your computer, then clean your backup files, or would you prefer to clean your backup files then reformat and reinstall your operating system?  It doesn't matter to me but since you have reformatted/reinstalled before you might want to try that route again, this time cleaning the backups before reinserting.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#8 James Boulton

James Boulton
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kenora
  • Local time:08:04 AM

Posted 03 May 2014 - 09:20 PM

Gary I think my preference would be to clean up the computer, then make new backups, but I am open to doing it the other way around if you think it is a better way to go.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:04 AM

Posted 03 May 2014 - 09:40 PM

Hi Jamie,

I am fine with cleaning your computer if that is your preference. So here we go.

Please either copy and paste frst.exe to your desktop or download another file to that location. Then please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\...\Runonce: [TodoBackupUninst] - [X]
HKLM-x32\...\Runonce: [SMRequiresRestart] - [X]
Toolbar: HKCU - No Name - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - No File
C:\Users\Forest\AppData\Local\Temp\Quarantine.exe
C:\Users\James\AppData\Local\Temp\uzregaqi.dll
C:\Users\James\AppData\Local\Temp\v8su_bvc.dll
C:\Users\Marion\AppData\Local\Temp\u51-a4q7.dll
AlternateDataStreams: C:\Users\Marion\Downloads\rock balancing! (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Marion\Downloads\rock balancing!.eml:OECustomProperty
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

WMI Diagnosis Utility -- Windows 7 - XP

--------------------
  • Download WMI Diagnosis Utility -- Version 2.1 and save it to your desktop
  • Double click the icon and click Run
  • Click Yes to agree to the terms
  • Click Browse, select Desktop then click OK
  • Click OK, then OK again
  • Double click the WMIDiag.vbs icon and then click OK on the Warning screen if it appears
  • If the Warning appeared you will not see any information appear during the running of the script
  • Upon completion a log should appear. Copy and paste the contents in your reply
===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:dir
C:\Users\James\AppData\Roaming\862 /s
C:\Users\James\AppData\Roaming\457 /s
:file
volsnap.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply or, if necessary zip and attach the file.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • WMI report
  • SystemLook log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#10 James Boulton

James Boulton
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kenora
  • Local time:08:04 AM

Posted 04 May 2014 - 08:44 PM

Hi Gary the FBST would not run in the fix mode. The necessary files were not allowed to be loaded. The JPShortstuff log is copied below.

SystemLook 30.07.11 by jpshortstuff
Log created at 20:23 on 04/05/2014 by Forest
Administrator - Elevation successful

========== dir ==========

C:\Users\James\AppData\Roaming\862 - Unable to find folder.

C:\Users\James\AppData\Roaming\457 - Parameters: "/s"

---Files---
None found.

No folders found.

========== file ==========

volsnap.sys - Unable to find/read file.

-= EOF =-

I didn't try FBST in safe mode as I figured if the required files couldn't be loaded, it wouldn't work in safe mode either. In the jpshortstuff I copied the information in the box that had the look button below ... taking that as the main text field.

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:04 AM

Posted 05 May 2014 - 07:42 AM

Hi Jamie,

Both FRST and fixlist.txt must be located on the desktop. Are they?

Edited by Oh My, 05 May 2014 - 07:46 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#12 James Boulton

James Boulton
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kenora
  • Local time:08:04 AM

Posted 05 May 2014 - 07:39 PM

Gary FRST downloaded in my user download folder, but before I started the program I moved it to the desktop. The fixlist.txt was copied to the desktop as your instruction. FRST ran but when it installed there were a number of files that were not allowed to be copied the different Hives in the registry. To be precise Reg Create Key Ex5-access denied is what is shown with each of the different files that it tries to load.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:04 AM

Posted 05 May 2014 - 07:49 PM

FOREST-PC

This user profile does not have Administrator privileges.  Do you know if you have another user profile that does?  If not we can easily create one.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#14 James Boulton

James Boulton
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kenora
  • Local time:08:04 AM

Posted 05 May 2014 - 07:57 PM

I have an administration desktop, but due to the virus I have not been able to access it.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:04 AM

Posted 05 May 2014 - 08:04 PM

OK Jamie, let's see if we can outsmart it. Please do this.

===================================================

Creating a New User Profile With Administrative Privileges

--------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type cmd and press Enter
  • Type the following after the command prompt, pressing Enter after each line

net user temp /add
net localgroup administrators temp /add

  • Reboot your computer and log in to the temp user profile
  • Attempt to run fixlist (you may have to download the program and file again)
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users