Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can not create Temp folder archive


  • This topic is locked This topic is locked
4 replies to this topic

#1 tank130

tank130

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 05 May 2014 - 07:00 PM

Hi Guys,

 

First post so lets hope I get it right.

I ran malwarebytes and it detected a very large number of threats so I selected the delete all option (probably a big mistake)

 

Now when I try to run the exe of any downloads I get an error message: "Can not create Temp folder archive"

As well, when I try to run your ComboFix.exe I get this message below:

 

CombofixError_zps8d42fb04.jpg

 

Several of my other software programs are not running correct either. FOr example, Google sketchup is unable to acces some of it's features. I uninstalled it and tried to reinstall, but I then get the " Can not create Temp folder archive" so it fails.

 

I followed one of your other threads and got these attached reports for you as well:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-05-2014 01
Ran by Les (administrator) on LES-PC on 05-05-2014 11:39:57
Running from C:\Users\Les\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
(FileZilla Project) D:\EIR2Website\FileZillaFTP\FileZillaServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Dropbox, Inc.) C:\Users\Les\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Sage) C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
() C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Pitney Bowes, Inc.) C:\Program Files (x86)\Pitney Bowes\PC Meter Connect\mailstationAssistant.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
() D:\EIR2Website\mysql\bin\mysqld.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Sage) C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TorchMedia Inc.) C:\Users\Les\AppData\Local\Torch\Update\TorchCrashHandler.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10135584 2010-03-26] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-09-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-06] (Autodesk, Inc.)
HKLM\...\Run: [svhost.exe] => "C:\Users\Les\AppData\Roaming\svhost.exe"
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [EasyTuneVI] => C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe [20480 2007-07-26] ()
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKLM-x32\...\Run: [ConnectionManager] => C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe [152880 2013-08-15] (Sage)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ROC_roc_dec12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [HF_G_Jul] => "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe"  /DoAction
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2011-05-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-08-31] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [BrowserPlugInHelper] => C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe [1969440 2013-05-03] ()
HKLM-x32\...\Run: [PC Meter Connect] => C:\Program Files (x86)\Pitney Bowes\PC Meter Connect\mailstationAssistant.exe [3514368 2012-02-07] (Pitney Bowes, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\607\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-257852021-1263701145-2354934621-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-257852021-1263701145-2354934621-1000\...\Run: [downloadhq] => "C:\Program Files (x86)\DownloadHQ\DownloadHQ.exe" -h
HKU\S-1-5-21-257852021-1263701145-2354934621-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1216416 2010-10-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-257852021-1263701145-2354934621-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-257852021-1263701145-2354934621-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-257852021-1263701145-2354934621-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-257852021-1263701145-2354934621-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [964024 2012-08-31] (Samsung)
HKU\S-1-5-21-257852021-1263701145-2354934621-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-257852021-1263701145-2354934621-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-08-31] ()
HKU\S-1-5-21-257852021-1263701145-2354934621-1000\...\Run: [Steam] => D:\Steam\steam.exe [1825984 2014-04-23] (Valve Corporation)
HKU\S-1-5-21-257852021-1263701145-2354934621-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-257852021-1263701145-2354934621-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [380928 2009-11-10] (AMD)
HKU\S-1-5-21-257852021-1263701145-2354934621-1000\...\Run: [svhost.exe] => "C:\Users\Les\AppData\Roaming\svhost.exe"
HKU\S-1-5-21-257852021-1263701145-2354934621-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\Les\AppData\Local\Smartbar\Application\QuickShare.exe startup
HKU\S-1-5-21-257852021-1263701145-2354934621-1000\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Les\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-257852021-1263701145-2354934621-1000\...\Policies\Explorer: []
HKU\S-1-5-21-257852021-1263701145-2354934621-1000\...\MountPoints2: H - "H:\Adobe CS5\Set-up.exe"
HKU\S-1-5-21-257852021-1263701145-2354934621-1000\...\MountPoints2: L - L:\setup2.exe
HKU\S-1-5-21-257852021-1263701145-2354934621-1000\...\MountPoints2: N - N:\setup2.exe
HKU\S-1-5-21-257852021-1263701145-2354934621-1000\...\MountPoints2: {3eaa016e-38c1-11e0-93f4-1c6f65311c00} - G:\LaunchU3.exe -a
HKU\S-1-5-21-257852021-1263701145-2354934621-1000\...\MountPoints2: {896a9065-5890-11e1-a48a-1c6f65311c00} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL L:\drivers\setup.exe
HKU\S-1-5-21-257852021-1263701145-2354934621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-257852021-1263701145-2354934621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [downloadhq] => "C:\Program Files (x86)\DownloadHQ\DownloadHQ.exe" -h
HKU\S-1-5-21-257852021-1263701145-2354934621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1216416 2010-10-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-257852021-1263701145-2354934621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-257852021-1263701145-2354934621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-257852021-1263701145-2354934621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-257852021-1263701145-2354934621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [964024 2012-08-31] (Samsung)
HKU\S-1-5-21-257852021-1263701145-2354934621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-257852021-1263701145-2354934621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-08-31] ()
HKU\S-1-5-21-257852021-1263701145-2354934621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => D:\Steam\steam.exe [1825984 2014-04-23] (Valve Corporation)
HKU\S-1-5-21-257852021-1263701145-2354934621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-257852021-1263701145-2354934621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [380928 2009-11-10] (AMD)
HKU\S-1-5-21-257852021-1263701145-2354934621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [svhost.exe] => "C:\Users\Les\AppData\Roaming\svhost.exe"
HKU\S-1-5-21-257852021-1263701145-2354934621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Browser Infrastructure Helper] => C:\Users\Les\AppData\Local\Smartbar\Application\QuickShare.exe startup
HKU\S-1-5-21-257852021-1263701145-2354934621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Les\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-257852021-1263701145-2354934621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: []
HKU\S-1-5-21-257852021-1263701145-2354934621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: H - "H:\Adobe CS5\Set-up.exe"
HKU\S-1-5-21-257852021-1263701145-2354934621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: L - L:\setup2.exe
HKU\S-1-5-21-257852021-1263701145-2354934621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: N - N:\setup2.exe
HKU\S-1-5-21-257852021-1263701145-2354934621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {3eaa016e-38c1-11e0-93f4-1c6f65311c00} - G:\LaunchU3.exe -a
HKU\S-1-5-21-257852021-1263701145-2354934621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {896a9065-5890-11e1-a48a-1c6f65311c00} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL L:\drivers\setup.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
AppInit_DLLs-x32:  c:\progra~2\zoomex\sprote~1.dll => C:\Program Files (x86)\ZoomEx\sprotector.dll [461824 2012-10-11] ()
Startup: C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Les\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk
ShortcutTarget: Logitech blank Product Registration.lnk -> C:\Program Files (x86)\Logitech\G930\eReg.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3291326&octid=CT3291326&SearchSource=61&CUI=UN39670272392727227&UM=2&UP=SPBD1D7EA2-5444-4603-BFB6-25031434859B&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x27D26DA54B96CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKLM-x32 - BrowseToolE0170 Toolbar - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Users\Les\AppData\LocalLow\XfireXO\prxtbXfi2.dll (ClientConnect Ltd.)
URLSearchHook: HKCU - BrowseToolE0170 Toolbar - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Users\Les\AppData\LocalLow\XfireXO\prxtbXfi2.dll (ClientConnect Ltd.)
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291326&CUI=UN39670272392727227&UM=2&UP=SPBD1D7EA2-5444-4603-BFB6-25031434859B&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291326&CUI=UN39670272392727227&UM=2&UP=SPBD1D7EA2-5444-4603-BFB6-25031434859B&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://searchab.com/?aff=7&uid=7109f1b7-511f-11e2-87a2-1c6f65311c00&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=8027c83f0000000000001c6f65311c00
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKCU - {21C0C0BB-91B9-414F-9CD4-72784514CB39} URL = http://searchou.com/?q={searchTerms}&id=8027c83f0000000000001c6f65311c00&r=345
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={18DC7266-2DC5-43A0-8155-DA83EC01120D}&mid=16e661a8632b74496bfb3f54b80b858b-2737dbc488a73ef16112c12b7f5265ee690f6ff2&lang=en&ds=AVG&pr=fr&d=2011-10-13 11:47:15&v=9.0.0.18&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291326&CUI=UN39670272392727227&UM=2
SearchScopes: HKCU - {CAE33F29-99CB-4762-B695-3EB462B5E58F} URL = http://www.mysearchresults.com/search?c=4004&t=01&q={searchTerms}
BHO: QuickShare WidgetEngine - {31AD400D-1B06-4E33-A59A-90C2C140CBA0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {06289242-C872-43D0-ADE3-7BEC1DCEAD32} - C:\Windows\SysWow64\ddrawex32.dll No File
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: QuickShare WidgetEngine - {31AD400D-1B06-4E33-A59A-90C2C140CBA0} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Zoomex - {650979AB-6EB5-C5B5-E6FD-405D37254FEB} - C:\ProgramData\Zoomex\50ddeeca88a4d.dll ()
BHO-x32: Wondershare Video Converter Ultimate - {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll No File
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - BrowseToolE0170 Toolbar - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Users\Les\AppData\LocalLow\XfireXO\prxtbXfi2.dll (ClientConnect Ltd.)
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\zid401c7.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: Google
FF Homepage: hxxp://search.conduit.com/?ctid=CT3291326&octid=CT3291326&SearchSource=61&CUI=UN60586857928292141&UM=2&UP=SPBD1D7EA2-5444-4603-BFB6-25031434859B&SSPV=
FF Keyword.URL: user_pref("keyword.URL", "");
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\zid401c7.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013-08-28]
FF Extension: Web Developer - C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\zid401c7.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-07-12]
FF Extension: z - C:\Program Files (x86)\Mozilla Firefox\extensions\{dbb6cb82-a89c-5675-1b99-44ca699819fc} [2014-03-29]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011-06-17]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-10-30]
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\
FF Extension: Wondershare Video Converter Ultimate - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\ []
FF HKCU\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\
FF Extension: Wondershare Video Converter Ultimate - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\ []
FF HKCU\...\Firefox\Extensions: [showlyrics@superstrsoft.co] - C:\Program Files (x86)\Show-Lyrics\FF\
FF Extension: Show Lyrics - C:\Program Files (x86)\Show-Lyrics\FF\ []

==================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.)
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
R2 FileZillaServer; D:\eir2website\filezillaftp\filezillaserver.exe [632320 2012-02-26] (FileZilla Project)
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-18] ()
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2011-03-27] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 mysql; D:\eir2website\mysql\bin\mysqld.exe [8151040 2013-05-16] ()
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S3 Sage 50 Transaction Manager 2013 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2013 - CDN\Sage_SA.TransactionManager.exe [36144 2013-12-11] (Sage)
S3 Sage 50 Transaction Manager 2014 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2014 - CDN\Sage_SA.TransactionManager.exe [36144 2013-12-11] (Sage)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 Simply Accounting Database Connection Manager; C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe [24368 2013-08-15] (Sage)
S3 Simply Accounting Transaction Manager 2010 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2010 - CDN\Sage_SA.TransactionManager.exe [42312 2010-12-04] (Sage)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.)
R2 TorchCrashHandler; C:\Users\Les\AppData\Local\Torch\Update\TorchCrashHandler.exe [1205088 2013-06-20] (TorchMedia Inc.)
S2 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-22] ()
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R3 DM150Drv; C:\Windows\System32\DRIVERS\DM150Drv.sys [24312 2010-07-30] (Pitney Bowes)
R3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-05-05] ()
S3 LADF_BakerCOnly; C:\Windows\System32\DRIVERS\ladfBakerCamd64.sys [410184 2011-03-18] (Logitech)
S3 LADF_BakerROnly; C:\Windows\System32\DRIVERS\ladfBakerRamd64.sys [335688 2011-03-18] (Logitech)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-05 11:39 - 2014-05-05 11:40 - 00036071 _____ () C:\Users\Les\Downloads\FRST.txt
2014-05-05 11:39 - 2014-05-05 11:39 - 02063872 _____ (Farbar) C:\Users\Les\Downloads\FRST64.exe
2014-05-05 11:39 - 2014-05-05 11:39 - 00000000 ____D () C:\FRST
2014-05-05 10:41 - 2014-05-05 10:41 - 00000000 __SHD () C:\Users\Les\AppData\Local\EmieUserList
2014-05-05 10:41 - 2014-05-05 10:41 - 00000000 __SHD () C:\Users\Les\AppData\Local\EmieSiteList
2014-05-05 10:36 - 2014-05-05 10:36 - 02077392 _____ (Microsoft Corporation) C:\Users\Les\Downloads\IE11-Windows6.1.exe
2014-05-05 10:06 - 2014-05-05 10:06 - 29024616 _____ (Mozilla) C:\Users\Les\Downloads\Firefox Setup 29.0.exe
2014-05-05 10:05 - 2014-05-05 10:05 - 35610809 _____ () C:\Users\Les\Downloads\firefox-29.0.tar.bz2
2014-05-05 10:03 - 2014-05-05 10:04 - 83636592 _____ (Trimble Navigation Limited) C:\Users\Les\Downloads\SketchUpMake-en.exe
2014-05-05 09:57 - 2014-05-05 09:57 - 00003358 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-05-03 16:41 - 2014-05-03 16:41 - 01376768 _____ () C:\Users\Les\Downloads\7z920-x64.msi
2014-05-03 16:39 - 2014-05-03 16:40 - 00820840 _____ ( ) C:\Users\Les\Downloads\winzip180(4).exe
2014-05-03 16:36 - 2014-05-03 16:36 - 10319536 _____ () C:\Users\Les\Desktop\Win 7 Activation.rar
2014-05-03 16:36 - 2014-05-03 16:36 - 00002560 _____ () C:\Users\Les\AppData\Roaming\svchest.exe
2014-05-03 16:34 - 2014-05-03 16:34 - 00288032 _____ (SoftSafe) C:\Users\Les\Downloads\Autodesk AutoCAD Architecture v2013 (64 Bit) - Cool Release.exe
2014-05-03 16:33 - 2014-05-03 16:36 - 00000000 ____D () C:\Program Files (x86)\TornTV.com
2014-05-03 16:33 - 2014-05-03 16:33 - 00000348 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-05-03 16:23 - 2014-05-03 16:34 - 00000000 ____D () C:\Users\Les\AppData\Local\Smartbar
2014-05-03 16:23 - 2014-05-03 16:32 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-05-03 16:03 - 2014-05-03 16:03 - 00820840 _____ ( ) C:\Users\Les\Downloads\winzip180(3).exe
2014-05-03 16:01 - 2014-05-03 16:01 - 00820840 _____ ( ) C:\Users\Les\Downloads\winzip180(2).exe
2014-05-03 16:00 - 2014-05-03 16:00 - 00820840 _____ ( ) C:\Users\Les\Downloads\winzip180(1).exe
2014-05-03 15:59 - 2014-05-03 15:59 - 00820840 _____ ( ) C:\Users\Les\Downloads\winzip180.exe
2014-05-03 03:00 - 2014-04-29 07:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 03:00 - 2014-04-29 06:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-03 03:00 - 2014-04-29 05:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-03 03:00 - 2014-04-29 05:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-30 11:37 - 2014-04-30 11:37 - 00411090 _____ () C:\Users\Les\Downloads\4844-023_DWG.zip
2014-04-30 06:39 - 2014-04-30 06:39 - 00270292 _____ () C:\Users\Les\Downloads\Wide Starter Strip 102044.dwg
2014-04-30 06:29 - 2014-04-30 06:29 - 02484491 _____ () C:\Users\Les\Downloads\6 V Groove 102311_102316.dwg
2014-04-28 20:53 - 2014-04-28 20:53 - 00264010 _____ () C:\Users\Les\Downloads\Outside Corner 102305.dwg
2014-04-28 20:50 - 2014-04-28 20:50 - 00266323 _____ () C:\Users\Les\Downloads\Inside Corner 102324.dwg
2014-04-28 20:48 - 2014-04-28 20:48 - 02095955 _____ () C:\Users\Les\Downloads\J Track 102000_102280.dwg
2014-04-28 20:37 - 2014-04-28 20:37 - 02489957 _____ () C:\Users\Les\Downloads\6 Channel 101973_102247.dwg
2014-04-28 20:28 - 2014-04-28 20:28 - 02553842 _____ () C:\Users\Les\Downloads\2.5 vented V Groove 101957 non 102304.dwg
2014-04-28 20:27 - 2014-04-28 20:27 - 02475517 _____ () C:\Users\Les\Downloads\4 V Groove 101802_102249.dwg
2014-04-25 08:21 - 2014-04-25 08:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-18 01:07 - 2014-04-18 01:07 - 875502464 _____ () C:\Windows\MEMORY.DMP
2014-04-18 01:07 - 2014-04-18 01:07 - 00274688 _____ () C:\Windows\Minidump\041814-57579-01.dmp
2014-04-18 01:07 - 2014-04-18 01:07 - 00000000 ____D () C:\Windows\Minidump
2014-04-17 03:00 - 2014-03-06 02:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-17 03:00 - 2014-03-06 01:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-17 03:00 - 2014-03-06 01:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-17 03:00 - 2014-03-06 01:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-17 03:00 - 2014-03-06 01:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-17 03:00 - 2014-03-06 01:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-17 03:00 - 2014-03-06 01:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-17 03:00 - 2014-03-06 01:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-17 03:00 - 2014-03-06 01:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-17 03:00 - 2014-03-06 01:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-17 03:00 - 2014-03-06 01:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-17 03:00 - 2014-03-06 01:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-17 03:00 - 2014-03-06 01:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-17 03:00 - 2014-03-06 01:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-17 03:00 - 2014-03-06 01:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-17 03:00 - 2014-03-06 01:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-17 03:00 - 2014-03-06 01:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-17 03:00 - 2014-03-06 01:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-17 03:00 - 2014-03-06 00:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-17 03:00 - 2014-03-06 00:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-17 03:00 - 2014-03-06 00:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-17 03:00 - 2014-03-06 00:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-17 03:00 - 2014-03-06 00:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-17 03:00 - 2014-03-06 00:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-17 03:00 - 2014-03-06 00:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-17 03:00 - 2014-03-06 00:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-17 03:00 - 2014-03-06 00:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-17 03:00 - 2014-03-06 00:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-17 03:00 - 2014-03-06 00:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-17 03:00 - 2014-03-06 00:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-17 03:00 - 2014-03-06 00:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-17 03:00 - 2014-03-06 00:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-17 03:00 - 2014-03-06 00:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-17 03:00 - 2014-03-06 00:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-17 03:00 - 2014-03-05 23:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-17 03:00 - 2014-03-05 23:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-17 03:00 - 2014-03-05 23:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-17 03:00 - 2014-03-05 23:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-17 03:00 - 2014-03-05 23:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-17 03:00 - 2014-03-05 22:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-17 03:00 - 2014-03-05 22:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-17 03:00 - 2014-03-05 22:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-17 03:00 - 2014-03-05 22:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-17 03:00 - 2014-03-05 22:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-15 13:35 - 2014-04-15 13:35 - 00240952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-04-13 09:33 - 2014-05-05 10:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-13 09:33 - 2014-04-13 09:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-13 09:33 - 2014-04-13 09:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-13 09:33 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-13 09:33 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-09 03:48 - 2014-03-04 02:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 03:48 - 2014-03-04 02:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 03:48 - 2014-03-04 02:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 03:48 - 2014-03-04 02:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 03:48 - 2014-03-04 02:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 03:48 - 2014-03-04 02:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 03:48 - 2014-03-04 02:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 03:48 - 2014-03-04 02:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 03:48 - 2014-03-04 02:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 03:48 - 2014-03-04 01:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 03:48 - 2014-03-04 01:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 03:48 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 03:48 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 03:48 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 03:48 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 03:48 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 03:48 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-06 15:59 - 2014-04-06 15:59 - 00000000 ____D () C:\Program Files (x86)\Tbccint

==================== One Month Modified Files and Folders =======

2014-05-05 11:40 - 2014-05-05 11:39 - 00036071 _____ () C:\Users\Les\Downloads\FRST.txt
2014-05-05 11:39 - 2014-05-05 11:39 - 02063872 _____ (Farbar) C:\Users\Les\Downloads\FRST64.exe
2014-05-05 11:39 - 2014-05-05 11:39 - 00000000 ____D () C:\FRST
2014-05-05 11:30 - 2010-08-15 17:24 - 00001778 _____ () C:\Windows\ODBC.INI
2014-05-05 11:29 - 2010-08-10 22:00 - 01511939 _____ () C:\Windows\WindowsUpdate.log
2014-05-05 11:17 - 2013-04-09 15:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-05 11:09 - 2010-10-15 06:14 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-05 11:06 - 2010-08-12 22:19 - 00000000 ____D () C:\Users\Les\AppData\Local\Adobe
2014-05-05 11:03 - 2012-03-13 12:57 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-05 10:52 - 2014-04-13 09:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-05 10:41 - 2014-05-05 10:41 - 00000000 __SHD () C:\Users\Les\AppData\Local\EmieUserList
2014-05-05 10:41 - 2014-05-05 10:41 - 00000000 __SHD () C:\Users\Les\AppData\Local\EmieSiteList
2014-05-05 10:39 - 2011-08-14 12:40 - 00000000 ____D () C:\ProgramData\Google
2014-05-05 10:37 - 2013-12-11 04:02 - 00008458 _____ () C:\Windows\IE11_main.log
2014-05-05 10:36 - 2014-05-05 10:36 - 02077392 _____ (Microsoft Corporation) C:\Users\Les\Downloads\IE11-Windows6.1.exe
2014-05-05 10:06 - 2014-05-05 10:06 - 29024616 _____ (Mozilla) C:\Users\Les\Downloads\Firefox Setup 29.0.exe
2014-05-05 10:05 - 2014-05-05 10:05 - 35610809 _____ () C:\Users\Les\Downloads\firefox-29.0.tar.bz2
2014-05-05 10:05 - 2009-07-13 21:45 - 00027232 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-05 10:05 - 2009-07-13 21:45 - 00027232 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-05 10:04 - 2014-05-05 10:03 - 83636592 _____ (Trimble Navigation Limited) C:\Users\Les\Downloads\SketchUpMake-en.exe
2014-05-05 10:00 - 2011-02-28 08:14 - 00251086 _____ () C:\Windows\AutoKMS.log
2014-05-05 10:00 - 2011-02-26 00:48 - 00003470 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-05-05 09:59 - 2013-05-09 16:52 - 00000000 ____D () C:\Users\Les\AppData\Roaming\Dropbox
2014-05-05 09:59 - 2013-04-14 14:16 - 00000004 _____ () C:\Windows\SysWOW64\GVTunner.ref
2014-05-05 09:59 - 2010-08-12 20:41 - 00030528 _____ () C:\Windows\GVTDrv64.sys
2014-05-05 09:58 - 2013-06-21 07:31 - 00000000 ____D () C:\ProgramData\TorchCrashHandler
2014-05-05 09:57 - 2014-05-05 09:57 - 00003358 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-05-05 09:57 - 2013-06-26 08:42 - 00000380 _____ () C:\Windows\Tasks\Show Lyrics Update.job
2014-05-05 09:57 - 2012-12-28 11:51 - 00000358 ____H () C:\Windows\Tasks\ZoomExUpdaterTask{36F40E78-E9EE-4BFE-826B-6E761F9D18FE}.job
2014-05-05 09:57 - 2012-11-19 09:39 - 00029884 _____ () C:\Windows\error.log
2014-05-05 09:57 - 2012-03-13 12:57 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-05 09:57 - 2010-08-12 20:40 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-05-05 09:56 - 2013-03-06 18:11 - 00015330 _____ () C:\Windows\setupact.log
2014-05-05 09:56 - 2012-11-19 09:39 - 00008093 _____ () C:\Windows\errord.log
2014-05-05 09:56 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-04 23:47 - 2011-02-26 00:47 - 00000196 _____ () C:\Windows\Tasks\AutoKMSDaily.job
2014-05-04 08:56 - 2010-11-15 16:05 - 00000000 ____D () C:\Hatch
2014-05-03 16:41 - 2014-05-03 16:41 - 01376768 _____ () C:\Users\Les\Downloads\7z920-x64.msi
2014-05-03 16:40 - 2014-05-03 16:39 - 00820840 _____ ( ) C:\Users\Les\Downloads\winzip180(4).exe
2014-05-03 16:36 - 2014-05-03 16:36 - 10319536 _____ () C:\Users\Les\Desktop\Win 7 Activation.rar
2014-05-03 16:36 - 2014-05-03 16:36 - 00002560 _____ () C:\Users\Les\AppData\Roaming\svchest.exe
2014-05-03 16:36 - 2014-05-03 16:33 - 00000000 ____D () C:\Program Files (x86)\TornTV.com
2014-05-03 16:36 - 2013-03-06 10:00 - 00000000 ____D () C:\Users\Les\AppData\Local\SwvUpdater
2014-05-03 16:34 - 2014-05-03 16:34 - 00288032 _____ (SoftSafe) C:\Users\Les\Downloads\Autodesk AutoCAD Architecture v2013 (64 Bit) - Cool Release.exe
2014-05-03 16:34 - 2014-05-03 16:23 - 00000000 ____D () C:\Users\Les\AppData\Local\Smartbar
2014-05-03 16:34 - 2013-06-26 08:42 - 00000000 ____D () C:\Program Files (x86)\Show-Lyrics
2014-05-03 16:33 - 2014-05-03 16:33 - 00000348 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-05-03 16:33 - 2012-12-28 11:50 - 00000000 ____D () C:\ProgramData\Zoomex
2014-05-03 16:32 - 2014-05-03 16:23 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-05-03 16:03 - 2014-05-03 16:03 - 00820840 _____ ( ) C:\Users\Les\Downloads\winzip180(3).exe
2014-05-03 16:03 - 2013-06-21 08:34 - 00000000 ____D () C:\ProgramData\WinZip
2014-05-03 16:01 - 2014-05-03 16:01 - 00820840 _____ ( ) C:\Users\Les\Downloads\winzip180(2).exe
2014-05-03 16:00 - 2014-05-03 16:00 - 00820840 _____ ( ) C:\Users\Les\Downloads\winzip180(1).exe
2014-05-03 15:59 - 2014-05-03 15:59 - 00820840 _____ ( ) C:\Users\Les\Downloads\winzip180.exe
2014-05-03 03:19 - 2013-02-19 14:04 - 00000000 ____D () C:\Users\Les\AppData\Local\TSVNCache
2014-05-02 09:12 - 2014-03-29 00:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-01 06:29 - 2010-10-04 08:50 - 00000000 ____D () C:\Users\Les\AppData\Roaming\PrimoPDF
2014-05-01 06:10 - 2013-07-11 12:30 - 00000000 ____D () C:\Users\DefaultAppPool
2014-04-30 11:37 - 2014-04-30 11:37 - 00411090 _____ () C:\Users\Les\Downloads\4844-023_DWG.zip
2014-04-30 06:39 - 2014-04-30 06:39 - 00270292 _____ () C:\Users\Les\Downloads\Wide Starter Strip 102044.dwg
2014-04-30 06:29 - 2014-04-30 06:29 - 02484491 _____ () C:\Users\Les\Downloads\6 V Groove 102311_102316.dwg
2014-04-29 14:57 - 2010-08-12 21:11 - 00588782 _____ () C:\Windows\PFRO.log
2014-04-29 14:56 - 2009-07-13 21:45 - 00000000 ____D () C:\Windows\Setup
2014-04-29 07:01 - 2014-05-03 03:00 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 06:40 - 2014-05-03 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 05:48 - 2014-05-03 03:00 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 05:34 - 2014-05-03 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-28 22:17 - 2013-04-09 15:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-28 22:17 - 2012-05-08 13:15 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-28 22:17 - 2011-11-16 08:42 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-28 20:53 - 2014-04-28 20:53 - 00264010 _____ () C:\Users\Les\Downloads\Outside Corner 102305.dwg
2014-04-28 20:50 - 2014-04-28 20:50 - 00266323 _____ () C:\Users\Les\Downloads\Inside Corner 102324.dwg
2014-04-28 20:48 - 2014-04-28 20:48 - 02095955 _____ () C:\Users\Les\Downloads\J Track 102000_102280.dwg
2014-04-28 20:37 - 2014-04-28 20:37 - 02489957 _____ () C:\Users\Les\Downloads\6 Channel 101973_102247.dwg
2014-04-28 20:28 - 2014-04-28 20:28 - 02553842 _____ () C:\Users\Les\Downloads\2.5 vented V Groove 101957 non 102304.dwg
2014-04-28 20:27 - 2014-04-28 20:27 - 02475517 _____ () C:\Users\Les\Downloads\4 V Groove 101802_102249.dwg
2014-04-25 08:21 - 2014-04-25 08:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-23 06:17 - 2009-07-13 19:34 - 00450166 ____R () C:\Windows\system32\Drivers\etc\hosts.20140430-054724.backup
2014-04-22 21:00 - 2014-01-16 20:32 - 00000000 ____D () C:\Users\Les\AppData\Roaming\SQLyog
2014-04-18 01:07 - 2014-04-18 01:07 - 875502464 _____ () C:\Windows\MEMORY.DMP
2014-04-18 01:07 - 2014-04-18 01:07 - 00274688 _____ () C:\Windows\Minidump\041814-57579-01.dmp
2014-04-18 01:07 - 2014-04-18 01:07 - 00000000 ____D () C:\Windows\Minidump
2014-04-17 04:20 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-04-17 03:27 - 2009-07-13 22:13 - 00824646 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-17 03:17 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-16 06:06 - 2009-07-13 19:34 - 00450166 ____R () C:\Windows\system32\Drivers\etc\hosts.20140423-061734.backup
2014-04-15 13:35 - 2014-04-15 13:35 - 00240952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-04-13 09:33 - 2014-04-13 09:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-13 09:33 - 2014-04-13 09:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-13 09:33 - 2013-01-13 14:37 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-13 09:33 - 2013-01-13 14:37 - 00000000 ____D () C:\Users\Les\AppData\Roaming\Malwarebytes
2014-04-13 09:33 - 2013-01-13 14:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-12 14:11 - 2011-11-10 09:14 - 00000000 ____D () C:\Program Files (x86)\XfireXO
2014-04-10 03:23 - 2009-07-13 21:45 - 05095560 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-10 03:04 - 2010-08-12 21:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 03:03 - 2013-07-19 03:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 03:01 - 2010-08-17 09:09 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 06:19 - 2009-07-13 19:34 - 00450166 ____R () C:\Windows\system32\Drivers\etc\hosts.20140416-060641.backup
2014-04-08 01:07 - 2012-10-18 10:06 - 00000000 ____D () C:\ProgramData\AVG2013
2014-04-06 15:59 - 2014-04-06 15:59 - 00000000 ____D () C:\Program Files (x86)\Tbccint
2014-04-06 15:59 - 2011-11-10 09:14 - 00000000 ____D () C:\Users\Les\AppData\Local\Conduit

Some content of TEMP:
====================
C:\Users\Les\AppData\Local\Temp\13-4_win7_win8_64_dd_ccc_whql.exe
C:\Users\Les\AppData\Local\Temp\AcDeltree.exe
C:\Users\Les\AppData\Local\Temp\AskSLib.dll
C:\Users\Les\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\Les\AppData\Local\Temp\GenericWndApi.dll
C:\Users\Les\AppData\Local\Temp\htmlayout.dll
C:\Users\Les\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Les\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Les\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Les\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\Les\AppData\Local\Temp\nsi6F5D.exe
C:\Users\Les\AppData\Local\Temp\nsjCC3C.exe
C:\Users\Les\AppData\Local\Temp\nsjD969.exe
C:\Users\Les\AppData\Local\Temp\nstD37F.exe
C:\Users\Les\AppData\Local\Temp\oi_{50E84E64-FC76-4AEF-8283-B3077BA7983D}.exe
C:\Users\Les\AppData\Local\Temp\ose00000.exe
C:\Users\Les\AppData\Local\Temp\setup.exe
C:\Users\Les\AppData\Local\Temp\SPSetup.exe
C:\Users\Les\AppData\Local\Temp\SPStub.exe
C:\Users\Les\AppData\Local\Temp\tbKeyB.dll
C:\Users\Les\AppData\Local\Temp\ToolbarHelper.exe
C:\Users\Les\AppData\Local\Temp\uninst1.exe
C:\Users\Les\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Les\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Les\AppData\Local\Temp\_isD189.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-29 00:47

==================== End Of Log ============================

 

Here is my System Info:

SystemInfo_zpsd1d52837.jpg

Attached Files


Edited by hamluis, 05 May 2014 - 09:13 PM.
Pasted FRST log data into topic, moved from Win 7 to MRL - Hamluis.


BC AdBot (Login to Remove)

 


#2 tank130

tank130
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 05 May 2014 - 09:19 PM

I did as you have instructed but I am not sure of the result. The window closed when it was 100% complete. Something showed up, but I could not read it fast enough. HOw do you keep that window open?



#3 tank130

tank130
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 05 May 2014 - 09:32 PM

OK, figured it out. Here's the report

 

 

Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>sfc /scannow

Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

C:\Windows\system32>



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 PM

Posted 10 May 2014 - 07:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/533401 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 PM

Posted 12 May 2014 - 07:58 AM

You have stated that you no longer need help with this issue, therefore I am closing this topic. If that is not the case and you need or wish to continue with this topic, please send any Moderator a Personal Message (PM) that you would like this topic re-opened.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users