Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Audio Ads, Multiple IExplore.exe


  • This topic is locked This topic is locked
27 replies to this topic

#1 Pinwheel

Pinwheel

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 24 May 2014 - 01:44 PM

Hello,

 

       I think I had the Random Audio Ads virus, thought I took care of it using the steps on this site (Kapersky TDSKiller, RKill, Malwarebytes Anti-Malware quick and full scans, Roguekiller, Emsisoft Emergency Kit, AdwCleaner, Junkware Removal Tool) :

 

http://malwaretips.com/blogs/remove-random-audio-ads-virus/

 

       I later think I got the multiple Iexplore.exe virus, and think I got that fixed, using all the programs recommended on the link above.

 

       On 2 Malwarebytes Anti-Malware scans it looked like I had Trojan Ransom viruses listed, that I thought were cleaned.

 

       It looks (or should I say sounds) like I have Random Audio Ads again. 

 

       Is there anything more I can do?

 

       Thank You.

 

Pinwheel



BC AdBot (Login to Remove)

 


m

#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:52 AM

Posted 25 May 2014 - 12:47 PM




Hello Pinwheel


I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.
.





I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
.





I would also like to get some extra information on one of the files on the computer

Run FRST like you did before and Type the following in the edit box after "Search:".

rpcss.dll

It then should look like:

Search: rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Pinwheel

Pinwheel
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 26 May 2014 - 08:58 PM

Hello Gringo, thank you for the quick response. Here are my logs:

 

FRST.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Mike Dobkin (administrator) on MIKEDOBKIN-PC on 26-05-2014 21:39:41
Running from C:\Users\Mike Dobkin\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Akamai Technologies, Inc.) C:\Users\Mike Dobkin\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Mike Dobkin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Adobe Systems Inc.) D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Akamai Technologies, Inc.) C:\Users\Mike Dobkin\AppData\Local\Akamai\netsession_win.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-09] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3189016 2009-10-01] (Dell Inc.)
HKLM\...\Run: [IntelliPoint] => "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [357376 2009-09-16] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [mcagent_exe] => "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [634880 2011-12-20] ()
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1779952 2009-07-07] ()
HKLM-x32\...\Run: [Bing Bar] => "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1355.0\mswinext.exe"
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1632216 2012-07-23] (Autodesk, Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [Adobe ARM] => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [39136 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [825560 2012-12-18] (Adobe Systems Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\.DEFAULT\...\Run: [explheme] => C:\Windows\system32\maketend.exe
HKU\.DEFAULT\...\Run: [20dab4] => C:\20dab47\20dab47.exe [194560 2014-05-21] (jiiSoft)
HKU\.DEFAULT\...\Run: [20dab47] => C:\Windows\system32\config\systemprofile\AppData\Roaming\20dab47.exe
HKU\.DEFAULT\...\Run: [explCERT] => C:\Windows\system32\makeocom.exe
HKU\.DEFAULT\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Mike Dobkin\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\MountPoints2: {1502b506-22c6-11e2-bf23-0026b916417b} - F:\TL-Bootstrap.exe
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\MountPoints2: {247488cc-adea-11e0-b730-0026b916417b} - F:\setup.exe -a
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\MountPoints2: {a4ca5fed-f22a-11de-b249-806e6f6e6963} - E:\Setup.exe
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\MountPoints2: {b26ac49d-3e75-11e3-973e-0026b916417b} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\MountPoints2: {c4d8bbd8-bf23-11e1-af85-0026b916417b} - F:\setup.exe -a
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\Mike Dobkin\AppData\Roaming\srxyvrc\stqitxw\wow.dll ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mike Dobkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Mike Dobkin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: http=127.0.0.1:49529;https=127.0.0.1:49529
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
URLSearchHook: HKLM-x32 - AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {F6114AF5-9782-48EF-895B-9D14041578CA} URL = 
BHO: Savings Hen BHO - {1564A235-9C55-4C1F-8CE4-B30B77C0B99A} - C:\Program Files (x86)\Savings Hen\FrameworkBHO64.dll ()
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name - {0347C33E-8762-4905-BF09-768834316C61} -  No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
BHO-x32: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -  No File
Toolbar: HKLM-x32 - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll (Google Inc.)
Toolbar: HKLM-x32 - AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: HKLM-x32 {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files%20(x86)/Autodesk%20Architectural%20Desktop%203/AcDcToday.ocx
DPF: HKLM-x32 {AE563720-B4F5-11D4-A415-00108302FDFD} file:///C:/Program%20Files%20(x86)/Autodesk%20Architectural%20Desktop%203/InstBanr.ocx
DPF: HKLM-x32 {C6637286-300D-11D4-AE0A-0010830243BD} file:///C:/Program%20Files%20(x86)/Autodesk%20Architectural%20Desktop%203/InstFred.ocx
DPF: HKLM-x32 {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files%20(x86)/Autodesk%20Architectural%20Desktop%203/AcPreview.ocx
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeExManDetect - D:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 - C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect - D:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Plugin-x32: www.exent.com/GameTreatWidget - C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-16]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-16]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-01-04]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Docs) - C:\Users\Mike Dobkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-15]
CHR Extension: (Google Drive) - C:\Users\Mike Dobkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-15]
CHR Extension: (YouTube) - C:\Users\Mike Dobkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-15]
CHR Extension: (Google Search) - C:\Users\Mike Dobkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-15]
CHR Extension: (Google Wallet) - C:\Users\Mike Dobkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-15]
CHR Extension: (Gmail) - C:\Users\Mike Dobkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-15]
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-04-19] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-04-19] (Secunia)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.)
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 A2DDA; D:\MY DOCUMENTS\RANDOM AUDIO FIX\RUN\a2ddax64.sys [26176 2014-05-21] (Emsisoft GmbH)
S2 CDAVFS; C:\Windows\SysWOW64\DRIVERS\CDAVFS.sys [67424 2010-01-31] (CyberDefender Corp.)
S3 cleanhlp; D:\My Documents\Random Audio Fix\Run\cleanhlp64.sys [57024 2014-05-21] (Emsisoft GmbH)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-26 21:39 - 2014-05-26 21:40 - 00026270 _____ () C:\Users\Mike Dobkin\Downloads\FRST.txt
2014-05-26 21:39 - 2014-05-26 21:39 - 00000000 ____D () C:\FRST
2014-05-26 21:38 - 2014-05-26 21:39 - 02066944 _____ (Farbar) C:\Users\Mike Dobkin\Downloads\FRST64.exe
2014-05-24 17:26 - 2014-05-24 17:26 - 00028827 _____ () C:\Users\Mike Dobkin\Desktop\dds.txt
2014-05-24 17:26 - 2014-05-24 17:26 - 00020875 _____ () C:\Users\Mike Dobkin\Desktop\attach.txt
2014-05-24 17:24 - 2014-05-24 17:24 - 00688992 ____R (Swearware) C:\Users\Mike Dobkin\Downloads\dds.com
2014-05-24 14:02 - 2014-05-24 14:02 - 00001653 _____ () C:\Users\Mike Dobkin\Desktop\JRT.txt
2014-05-23 19:14 - 2014-05-23 19:14 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-05-22 22:47 - 2014-05-22 22:47 - 01016261 _____ (Thisisu) C:\Users\Mike Dobkin\Downloads\JRT.exe
2014-05-22 22:47 - 2014-05-22 22:47 - 00000000 ____D () C:\Windows\ERUNT
2014-05-22 22:10 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-22 22:08 - 2014-05-24 13:47 - 00000000 ____D () C:\AdwCleaner
2014-05-22 22:08 - 2014-05-22 22:08 - 01326389 _____ () C:\Users\Mike Dobkin\Downloads\adwcleaner_3.210.exe
2014-05-21 22:50 - 2014-05-21 22:50 - 00240128 _____ (Sograge) C:\Windows\SysWOW64\makeocom.exe
2014-05-21 22:50 - 2014-05-21 22:50 - 00008150 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-05-21 22:50 - 2014-05-21 22:50 - 00004080 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-05-21 22:50 - 2014-05-21 22:50 - 00000282 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-05-21 22:50 - 2014-05-21 22:50 - 00000000 __SHD () C:\Users\Mike Dobkin\AppData\Roaming\srxyvrc
2014-05-21 22:37 - 2014-05-21 22:37 - 00077312 _____ (Emsisoft GmbH) C:\Windows\system32\eamclean.exe
2014-05-21 22:37 - 2014-05-21 22:37 - 00001406 _____ () C:\Windows\system32\eamclean.dat
2014-05-21 06:30 - 2014-05-21 06:30 - 00001994 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_S_05212014_063007.txt
2014-05-21 06:23 - 2014-05-21 06:23 - 00001958 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_S_05212014_062306.txt
2014-05-20 22:24 - 2014-05-20 22:24 - 00000704 _____ () C:\Users\Mike Dobkin\Desktop\Emsisoft Emergency Kit.lnk
2014-05-20 22:21 - 2014-05-20 22:23 - 228583280 _____ () C:\Users\Mike Dobkin\Downloads\EmsisoftEmergencyKit.exe
2014-05-20 22:07 - 2014-05-20 22:08 - 10971424 _____ (SurfRight B.V.) C:\Users\Mike Dobkin\Downloads\HitmanPro_x64.exe
2014-05-20 22:07 - 2014-05-20 22:07 - 07080040 _____ () C:\Users\Mike Dobkin\Downloads\FinallyFast.setup.exe
2014-05-20 22:06 - 2014-05-20 22:06 - 00006632 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_D_05202014_220623.txt
2014-05-20 22:04 - 2014-05-20 22:04 - 00006387 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_S_05202014_220440.txt
2014-05-20 22:02 - 2014-05-21 06:01 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\Savings Hen
2014-05-20 22:02 - 2014-05-20 22:02 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-05-20 22:02 - 2014-05-20 22:02 - 00000000 ____D () C:\Program Files (x86)\Savings Hen
2014-05-20 22:00 - 2014-05-22 19:19 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\CrashDumps
2014-05-20 22:00 - 2014-05-20 22:08 - 00000000 ____D () C:\Users\Mike Dobkin\Desktop\RK_Quarantine
2014-05-20 21:59 - 2014-05-20 22:00 - 04527616 _____ () C:\Users\Mike Dobkin\Downloads\RogueKillerX64.exe
2014-05-20 21:59 - 2014-05-20 21:59 - 00004406 _____ () C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2014-05-20 21:44 - 2014-05-21 22:50 - 00000000 ___HD () C:\20dab47
2014-05-20 21:44 - 2014-05-20 21:44 - 00247808 _____ (Esufassi) C:\Windows\SysWOW64\maketend.exe
2014-05-20 21:11 - 2014-05-23 19:24 - 00003630 _____ () C:\Users\Mike Dobkin\Desktop\Rkill.txt
2014-05-20 21:11 - 2014-05-20 21:11 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Mike Dobkin\Downloads\iExplore (1).exe
2014-05-20 21:07 - 2014-05-20 21:07 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Mike Dobkin\Downloads\iexplore.exe
2014-05-20 20:51 - 2014-05-21 23:03 - 00000083 _____ () C:\Windows\system32\fdtjat.idt
2014-05-20 20:40 - 2014-05-20 20:40 - 00000064 _____ () C:\Windows\system32\ilpbn.vvr
2014-05-20 20:40 - 2014-05-20 20:40 - 00000000 _____ () C:\Windows\system32\gxvzr.cew
2014-05-20 20:24 - 2014-05-20 20:24 - 00310760 ____S () C:\Windows\system32\fcti.vpt
2014-05-20 20:24 - 2014-05-20 20:24 - 00000000 ____D () C:\Windows\Sun
2014-05-17 09:32 - 2014-05-26 21:31 - 00001344 _____ () C:\Windows\setupact.log
2014-05-17 09:32 - 2014-05-17 09:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-17 09:31 - 2014-05-24 13:48 - 00039818 _____ () C:\Windows\PFRO.log
2014-05-16 19:25 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 19:25 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 19:25 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-16 19:25 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-16 19:25 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-16 19:25 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-16 19:19 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-16 19:19 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-16 19:19 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-16 19:19 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-16 19:19 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-16 19:19 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-16 19:19 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-16 19:19 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-16 19:19 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-16 19:19 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-16 19:19 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-16 19:19 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-16 19:19 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-16 19:19 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-16 19:19 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-16 19:19 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-16 19:19 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-16 19:19 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-16 19:19 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-16 19:19 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-16 19:19 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-16 19:19 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-16 19:19 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-16 19:19 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-16 19:19 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-16 19:19 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-07 09:51 - 2014-05-07 09:51 - 03419388 _____ () C:\Users\Mike Dobkin\Desktop\M Berkenstock OKAP 3-15-14.tiff
2014-05-05 22:35 - 2014-05-16 19:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-05 21:09 - 2014-05-05 21:10 - 03419388 _____ () C:\Users\Mike Dobkin\Downloads\M Berkenstock OKAP 3-15-14.tiff
2014-05-05 21:07 - 2014-05-05 21:08 - 04800321 _____ () C:\Users\Mike Dobkin\Downloads\message_zdm.html
2014-05-02 00:23 - 2014-05-02 00:24 - 00009256 _____ () C:\Users\Mike Dobkin\Downloads\roster
2014-04-27 16:23 - 2014-04-27 16:23 - 00748477 _____ () C:\Users\Mike Dobkin\Downloads\Rainscreen II - Accent Reveal.dwg
2014-04-27 00:39 - 2014-04-27 00:39 - 00000000 __SHD () C:\Users\Mike Dobkin\AppData\Local\EmieUserList
2014-04-27 00:39 - 2014-04-27 00:39 - 00000000 __SHD () C:\Users\Mike Dobkin\AppData\Local\EmieSiteList
2014-04-26 15:45 - 2014-03-09 21:59 - 00002348 _____ () C:\Users\Mike Dobkin\Desktop\Dobkin-RDP.RDP
2014-04-26 15:44 - 2014-04-26 15:44 - 00002348 _____ () C:\Users\Mike Dobkin\Downloads\Dobkin-RDP (18).RDP
2014-04-26 14:00 - 2014-04-26 14:00 - 00002348 _____ () C:\Users\Mike Dobkin\Downloads\Dobkin-RDP (17).RDP
 
==================== One Month Modified Files and Folders =======
 
2014-05-26 21:40 - 2014-05-26 21:39 - 00026270 _____ () C:\Users\Mike Dobkin\Downloads\FRST.txt
2014-05-26 21:40 - 2014-03-15 12:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-26 21:39 - 2014-05-26 21:39 - 00000000 ____D () C:\FRST
2014-05-26 21:39 - 2014-05-26 21:38 - 02066944 _____ (Farbar) C:\Users\Mike Dobkin\Downloads\FRST64.exe
2014-05-26 21:39 - 2012-07-15 17:49 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Roaming\Skype
2014-05-26 21:37 - 2009-07-14 00:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-26 21:37 - 2009-07-14 00:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-26 21:36 - 2010-01-29 03:44 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\Adobe
2014-05-26 21:35 - 2012-04-29 23:25 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\Htc
2014-05-26 21:32 - 2014-03-15 12:37 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-26 21:31 - 2014-05-17 09:32 - 00001344 _____ () C:\Windows\setupact.log
2014-05-26 21:31 - 2010-01-31 16:27 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-05-26 21:31 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-26 21:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2014-05-24 17:26 - 2014-05-24 17:26 - 00028827 _____ () C:\Users\Mike Dobkin\Desktop\dds.txt
2014-05-24 17:26 - 2014-05-24 17:26 - 00020875 _____ () C:\Users\Mike Dobkin\Desktop\attach.txt
2014-05-24 17:24 - 2014-05-24 17:24 - 00688992 ____R (Swearware) C:\Users\Mike Dobkin\Downloads\dds.com
2014-05-24 17:12 - 2012-03-29 10:36 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Roaming\Dropbox
2014-05-24 17:11 - 2014-01-01 19:22 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Roaming\DropboxMaster
2014-05-24 17:08 - 2014-03-15 12:37 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-24 16:51 - 2009-07-14 01:10 - 01863013 _____ () C:\Windows\WindowsUpdate.log
2014-05-24 14:40 - 2012-03-29 10:38 - 00001044 _____ () C:\Users\Mike Dobkin\Desktop\Dropbox.lnk
2014-05-24 14:40 - 2012-03-29 10:37 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 14:40 - 2010-01-27 21:47 - 00000000 ___RD () C:\Users\Mike Dobkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-24 14:02 - 2014-05-24 14:02 - 00001653 _____ () C:\Users\Mike Dobkin\Desktop\JRT.txt
2014-05-24 13:48 - 2014-05-17 09:31 - 00039818 _____ () C:\Windows\PFRO.log
2014-05-24 13:47 - 2014-05-22 22:08 - 00000000 ____D () C:\AdwCleaner
2014-05-23 19:24 - 2014-05-20 21:11 - 00003630 _____ () C:\Users\Mike Dobkin\Desktop\Rkill.txt
2014-05-23 19:14 - 2014-05-23 19:14 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-05-22 22:47 - 2014-05-22 22:47 - 01016261 _____ (Thisisu) C:\Users\Mike Dobkin\Downloads\JRT.exe
2014-05-22 22:47 - 2014-05-22 22:47 - 00000000 ____D () C:\Windows\ERUNT
2014-05-22 22:08 - 2014-05-22 22:08 - 01326389 _____ () C:\Users\Mike Dobkin\Downloads\adwcleaner_3.210.exe
2014-05-22 19:22 - 2011-05-25 20:05 - 00002704 _____ () C:\Users\Mike Dobkin\Documents\My Documents.lnk
2014-05-22 19:19 - 2014-05-20 22:00 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\CrashDumps
2014-05-21 23:03 - 2014-05-20 20:51 - 00000083 _____ () C:\Windows\system32\fdtjat.idt
2014-05-21 22:50 - 2014-05-21 22:50 - 00240128 _____ (Sograge) C:\Windows\SysWOW64\makeocom.exe
2014-05-21 22:50 - 2014-05-21 22:50 - 00008150 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-05-21 22:50 - 2014-05-21 22:50 - 00004080 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-05-21 22:50 - 2014-05-21 22:50 - 00000282 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-05-21 22:50 - 2014-05-21 22:50 - 00000000 __SHD () C:\Users\Mike Dobkin\AppData\Roaming\srxyvrc
2014-05-21 22:50 - 2014-05-20 21:44 - 00000000 ___HD () C:\20dab47
2014-05-21 22:50 - 2014-04-18 22:54 - 00000000 ____D () C:\ProgramData\Western Digital
2014-05-21 22:50 - 2010-08-21 16:28 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2014-05-21 22:37 - 2014-05-21 22:37 - 00077312 _____ (Emsisoft GmbH) C:\Windows\system32\eamclean.exe
2014-05-21 22:37 - 2014-05-21 22:37 - 00001406 _____ () C:\Windows\system32\eamclean.dat
2014-05-21 06:30 - 2014-05-21 06:30 - 00001994 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_S_05212014_063007.txt
2014-05-21 06:23 - 2014-05-21 06:23 - 00001958 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_S_05212014_062306.txt
2014-05-21 06:01 - 2014-05-20 22:02 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\Savings Hen
2014-05-20 22:24 - 2014-05-20 22:24 - 00000704 _____ () C:\Users\Mike Dobkin\Desktop\Emsisoft Emergency Kit.lnk
2014-05-20 22:23 - 2014-05-20 22:21 - 228583280 _____ () C:\Users\Mike Dobkin\Downloads\EmsisoftEmergencyKit.exe
2014-05-20 22:08 - 2014-05-20 22:07 - 10971424 _____ (SurfRight B.V.) C:\Users\Mike Dobkin\Downloads\HitmanPro_x64.exe
2014-05-20 22:08 - 2014-05-20 22:00 - 00000000 ____D () C:\Users\Mike Dobkin\Desktop\RK_Quarantine
2014-05-20 22:07 - 2014-05-20 22:07 - 07080040 _____ () C:\Users\Mike Dobkin\Downloads\FinallyFast.setup.exe
2014-05-20 22:06 - 2014-05-20 22:06 - 00006632 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_D_05202014_220623.txt
2014-05-20 22:04 - 2014-05-20 22:04 - 00006387 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_S_05202014_220440.txt
2014-05-20 22:02 - 2014-05-20 22:02 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-05-20 22:02 - 2014-05-20 22:02 - 00000000 ____D () C:\Program Files (x86)\Savings Hen
2014-05-20 22:02 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-20 22:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-05-20 22:00 - 2014-05-20 21:59 - 04527616 _____ () C:\Users\Mike Dobkin\Downloads\RogueKillerX64.exe
2014-05-20 22:00 - 2014-02-05 23:12 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-20 22:00 - 2010-07-14 00:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-20 22:00 - 2009-12-26 09:02 - 00000000 ____D () C:\ProgramData\Sonic
2014-05-20 21:59 - 2014-05-20 21:59 - 00004406 _____ () C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2014-05-20 21:59 - 2010-12-07 00:11 - 00000000 ____D () C:\ProgramData\HP
2014-05-20 21:59 - 2010-08-21 23:59 - 00000000 ____D () C:\ProgramData\McNeel
2014-05-20 21:59 - 2010-07-14 23:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-20 21:59 - 2009-12-26 09:02 - 00000000 ____D () C:\ProgramData\Macrovision
2014-05-20 21:59 - 2009-12-26 09:00 - 00000000 ____D () C:\ProgramData\McAfee
2014-05-20 21:57 - 2014-02-05 23:00 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-20 21:57 - 2012-09-18 17:32 - 00000280 _____ () C:\ProgramData\defraggler_list.txt
2014-05-20 21:57 - 2010-08-29 20:35 - 00000000 ____D () C:\ProgramData\Cisco
2014-05-20 21:57 - 2010-02-26 02:22 - 00000000 ____D () C:\ProgramData\Autodesk
2014-05-20 21:57 - 2009-12-26 08:37 - 00000000 ____D () C:\ProgramData\Dell
2014-05-20 21:46 - 2010-05-14 16:05 - 00000000 ____D () C:\ProgramData\AIM Toolbar
2014-05-20 21:46 - 2009-12-26 08:47 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-20 21:44 - 2014-05-20 21:44 - 00247808 _____ (Esufassi) C:\Windows\SysWOW64\maketend.exe
2014-05-20 21:30 - 2014-03-15 14:14 - 00000254 _____ () C:\CDAVFSuser.log
2014-05-20 21:11 - 2014-05-20 21:11 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Mike Dobkin\Downloads\iExplore (1).exe
2014-05-20 21:07 - 2014-05-20 21:07 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Mike Dobkin\Downloads\iexplore.exe
2014-05-20 20:59 - 2014-03-14 22:25 - 00018139 _____ () C:\CybDefInstallInfo.log
2014-05-20 20:59 - 2014-03-14 22:25 - 00000113 _____ () C:\CybDefWebInstaller.log
2014-05-20 20:59 - 2009-07-13 22:34 - 00000666 _____ () C:\Windows\win.ini
2014-05-20 20:48 - 2014-03-15 14:14 - 00000254 _____ () C:\CDAVFSuserBackup.log
2014-05-20 20:41 - 2009-07-14 01:08 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-20 20:40 - 2014-05-20 20:40 - 00000064 _____ () C:\Windows\system32\ilpbn.vvr
2014-05-20 20:40 - 2014-05-20 20:40 - 00000000 _____ () C:\Windows\system32\gxvzr.cew
2014-05-20 20:24 - 2014-05-20 20:24 - 00310760 ____S () C:\Windows\system32\fcti.vpt
2014-05-20 20:24 - 2014-05-20 20:24 - 00000000 ____D () C:\Windows\Sun
2014-05-19 20:58 - 2014-01-25 14:21 - 00000000 ____D () C:\Windows\rescache
2014-05-17 09:32 - 2014-05-17 09:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-16 20:51 - 2009-07-14 01:13 - 00776000 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-16 19:42 - 2014-03-15 12:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-16 19:41 - 2014-03-15 12:37 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 19:41 - 2014-03-15 12:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-16 19:39 - 2010-01-27 21:51 - 00000000 ___RD () C:\Users\Mike Dobkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 19:35 - 2014-05-05 22:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 19:25 - 2014-03-15 12:37 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-16 19:24 - 2013-07-20 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 19:21 - 2010-01-29 23:30 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-09 02:14 - 2014-05-16 19:19 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 02:11 - 2014-05-16 19:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 22:49 - 2013-01-04 11:29 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-05-07 22:18 - 2010-09-09 06:36 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Roaming\ZoomBrowser EX
2014-05-07 22:09 - 2010-06-22 02:02 - 00000000 ____D () C:\ProgramData\ZoomBrowser
2014-05-07 22:01 - 2014-03-15 12:37 - 00003904 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 22:01 - 2014-03-15 12:37 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 09:51 - 2014-05-07 09:51 - 03419388 _____ () C:\Users\Mike Dobkin\Desktop\M Berkenstock OKAP 3-15-14.tiff
2014-05-06 17:26 - 2010-02-12 00:38 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\CutePDF Writer
2014-05-06 00:40 - 2014-05-16 19:25 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:17 - 2014-05-16 19:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 23:25 - 2014-05-16 19:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 23:07 - 2014-05-16 19:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 23:00 - 2014-05-16 19:25 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-16 19:25 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 21:10 - 2014-05-05 21:09 - 03419388 _____ () C:\Users\Mike Dobkin\Downloads\M Berkenstock OKAP 3-15-14.tiff
2014-05-05 21:08 - 2014-05-05 21:07 - 04800321 _____ () C:\Users\Mike Dobkin\Downloads\message_zdm.html
2014-05-02 00:24 - 2014-05-02 00:23 - 00009256 _____ () C:\Users\Mike Dobkin\Downloads\roster
2014-04-27 16:23 - 2014-04-27 16:23 - 00748477 _____ () C:\Users\Mike Dobkin\Downloads\Rainscreen II - Accent Reveal.dwg
2014-04-27 00:39 - 2014-04-27 00:39 - 00000000 __SHD () C:\Users\Mike Dobkin\AppData\Local\EmieUserList
2014-04-27 00:39 - 2014-04-27 00:39 - 00000000 __SHD () C:\Users\Mike Dobkin\AppData\Local\EmieSiteList
2014-04-26 15:44 - 2014-04-26 15:44 - 00002348 _____ () C:\Users\Mike Dobkin\Downloads\Dobkin-RDP (18).RDP
2014-04-26 14:00 - 2014-04-26 14:00 - 00002348 _____ () C:\Users\Mike Dobkin\Downloads\Dobkin-RDP (17).RDP
2014-04-26 13:42 - 2011-11-10 23:50 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\Akamai
2014-04-26 13:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
 
Files to move or delete:
====================
C:\Users\Mike Dobkin\taskmgr.exe
 
 
Some content of TEMP:
====================
C:\Users\Mike Dobkin\AppData\Local\Temp\BackupSetup.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkpk0rm.dll
C:\Users\Mike Dobkin\AppData\Local\Temp\HitmanPro.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\nscDC24.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\nsr9189.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\nsr9754.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\nsrE078.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Mike Dobkin\AppData\Local\Temp\Quarantine.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\speedmax_4507.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Mike Dobkin\AppData\Local\Temp\System.Data.SQLite68664.dll
C:\Users\Mike Dobkin\AppData\Local\Temp\System.Data.SQLite77278.dll
C:\Users\Mike Dobkin\AppData\Local\Temp\updater_135618.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\~cdiss03.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2011-06-24 22:12] - [2010-11-20 09:27] - 0520192 ____A (Microsoft Corporation) 91F24E9FB8D7F38A211FDB676ABAF96F
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-19 20:51
 
==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Mike Dobkin (administrator) on MIKEDOBKIN-PC on 26-05-2014 21:39:41
Running from C:\Users\Mike Dobkin\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Akamai Technologies, Inc.) C:\Users\Mike Dobkin\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Mike Dobkin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Adobe Systems Inc.) D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Akamai Technologies, Inc.) C:\Users\Mike Dobkin\AppData\Local\Akamai\netsession_win.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-09] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3189016 2009-10-01] (Dell Inc.)
HKLM\...\Run: [IntelliPoint] => "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [357376 2009-09-16] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [mcagent_exe] => "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [634880 2011-12-20] ()
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1779952 2009-07-07] ()
HKLM-x32\...\Run: [Bing Bar] => "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1355.0\mswinext.exe"
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1632216 2012-07-23] (Autodesk, Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [Adobe ARM] => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [39136 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [825560 2012-12-18] (Adobe Systems Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\.DEFAULT\...\Run: [explheme] => C:\Windows\system32\maketend.exe
HKU\.DEFAULT\...\Run: [20dab4] => C:\20dab47\20dab47.exe [194560 2014-05-21] (jiiSoft)
HKU\.DEFAULT\...\Run: [20dab47] => C:\Windows\system32\config\systemprofile\AppData\Roaming\20dab47.exe
HKU\.DEFAULT\...\Run: [explCERT] => C:\Windows\system32\makeocom.exe
HKU\.DEFAULT\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Mike Dobkin\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\MountPoints2: {1502b506-22c6-11e2-bf23-0026b916417b} - F:\TL-Bootstrap.exe
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\MountPoints2: {247488cc-adea-11e0-b730-0026b916417b} - F:\setup.exe -a
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\MountPoints2: {a4ca5fed-f22a-11de-b249-806e6f6e6963} - E:\Setup.exe
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\MountPoints2: {b26ac49d-3e75-11e3-973e-0026b916417b} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\MountPoints2: {c4d8bbd8-bf23-11e1-af85-0026b916417b} - F:\setup.exe -a
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\Mike Dobkin\AppData\Roaming\srxyvrc\stqitxw\wow.dll ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mike Dobkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Mike Dobkin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: http=127.0.0.1:49529;https=127.0.0.1:49529
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
URLSearchHook: HKLM-x32 - AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {F6114AF5-9782-48EF-895B-9D14041578CA} URL = 
BHO: Savings Hen BHO - {1564A235-9C55-4C1F-8CE4-B30B77C0B99A} - C:\Program Files (x86)\Savings Hen\FrameworkBHO64.dll ()
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name - {0347C33E-8762-4905-BF09-768834316C61} -  No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
BHO-x32: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -  No File
Toolbar: HKLM-x32 - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll (Google Inc.)
Toolbar: HKLM-x32 - AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: HKLM-x32 {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files%20(x86)/Autodesk%20Architectural%20Desktop%203/AcDcToday.ocx
DPF: HKLM-x32 {AE563720-B4F5-11D4-A415-00108302FDFD} file:///C:/Program%20Files%20(x86)/Autodesk%20Architectural%20Desktop%203/InstBanr.ocx
DPF: HKLM-x32 {C6637286-300D-11D4-AE0A-0010830243BD} file:///C:/Program%20Files%20(x86)/Autodesk%20Architectural%20Desktop%203/InstFred.ocx
DPF: HKLM-x32 {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files%20(x86)/Autodesk%20Architectural%20Desktop%203/AcPreview.ocx
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeExManDetect - D:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 - C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect - D:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Plugin-x32: www.exent.com/GameTreatWidget - C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-16]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-16]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-01-04]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Docs) - C:\Users\Mike Dobkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-15]
CHR Extension: (Google Drive) - C:\Users\Mike Dobkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-15]
CHR Extension: (YouTube) - C:\Users\Mike Dobkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-15]
CHR Extension: (Google Search) - C:\Users\Mike Dobkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-15]
CHR Extension: (Google Wallet) - C:\Users\Mike Dobkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-15]
CHR Extension: (Gmail) - C:\Users\Mike Dobkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-15]
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-04-19] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-04-19] (Secunia)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.)
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 A2DDA; D:\MY DOCUMENTS\RANDOM AUDIO FIX\RUN\a2ddax64.sys [26176 2014-05-21] (Emsisoft GmbH)
S2 CDAVFS; C:\Windows\SysWOW64\DRIVERS\CDAVFS.sys [67424 2010-01-31] (CyberDefender Corp.)
S3 cleanhlp; D:\My Documents\Random Audio Fix\Run\cleanhlp64.sys [57024 2014-05-21] (Emsisoft GmbH)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-26 21:39 - 2014-05-26 21:40 - 00026270 _____ () C:\Users\Mike Dobkin\Downloads\FRST.txt
2014-05-26 21:39 - 2014-05-26 21:39 - 00000000 ____D () C:\FRST
2014-05-26 21:38 - 2014-05-26 21:39 - 02066944 _____ (Farbar) C:\Users\Mike Dobkin\Downloads\FRST64.exe
2014-05-24 17:26 - 2014-05-24 17:26 - 00028827 _____ () C:\Users\Mike Dobkin\Desktop\dds.txt
2014-05-24 17:26 - 2014-05-24 17:26 - 00020875 _____ () C:\Users\Mike Dobkin\Desktop\attach.txt
2014-05-24 17:24 - 2014-05-24 17:24 - 00688992 ____R (Swearware) C:\Users\Mike Dobkin\Downloads\dds.com
2014-05-24 14:02 - 2014-05-24 14:02 - 00001653 _____ () C:\Users\Mike Dobkin\Desktop\JRT.txt
2014-05-23 19:14 - 2014-05-23 19:14 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-05-22 22:47 - 2014-05-22 22:47 - 01016261 _____ (Thisisu) C:\Users\Mike Dobkin\Downloads\JRT.exe
2014-05-22 22:47 - 2014-05-22 22:47 - 00000000 ____D () C:\Windows\ERUNT
2014-05-22 22:10 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-22 22:08 - 2014-05-24 13:47 - 00000000 ____D () C:\AdwCleaner
2014-05-22 22:08 - 2014-05-22 22:08 - 01326389 _____ () C:\Users\Mike Dobkin\Downloads\adwcleaner_3.210.exe
2014-05-21 22:50 - 2014-05-21 22:50 - 00240128 _____ (Sograge) C:\Windows\SysWOW64\makeocom.exe
2014-05-21 22:50 - 2014-05-21 22:50 - 00008150 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-05-21 22:50 - 2014-05-21 22:50 - 00004080 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-05-21 22:50 - 2014-05-21 22:50 - 00000282 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-05-21 22:50 - 2014-05-21 22:50 - 00000000 __SHD () C:\Users\Mike Dobkin\AppData\Roaming\srxyvrc
2014-05-21 22:37 - 2014-05-21 22:37 - 00077312 _____ (Emsisoft GmbH) C:\Windows\system32\eamclean.exe
2014-05-21 22:37 - 2014-05-21 22:37 - 00001406 _____ () C:\Windows\system32\eamclean.dat
2014-05-21 06:30 - 2014-05-21 06:30 - 00001994 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_S_05212014_063007.txt
2014-05-21 06:23 - 2014-05-21 06:23 - 00001958 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_S_05212014_062306.txt
2014-05-20 22:24 - 2014-05-20 22:24 - 00000704 _____ () C:\Users\Mike Dobkin\Desktop\Emsisoft Emergency Kit.lnk
2014-05-20 22:21 - 2014-05-20 22:23 - 228583280 _____ () C:\Users\Mike Dobkin\Downloads\EmsisoftEmergencyKit.exe
2014-05-20 22:07 - 2014-05-20 22:08 - 10971424 _____ (SurfRight B.V.) C:\Users\Mike Dobkin\Downloads\HitmanPro_x64.exe
2014-05-20 22:07 - 2014-05-20 22:07 - 07080040 _____ () C:\Users\Mike Dobkin\Downloads\FinallyFast.setup.exe
2014-05-20 22:06 - 2014-05-20 22:06 - 00006632 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_D_05202014_220623.txt
2014-05-20 22:04 - 2014-05-20 22:04 - 00006387 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_S_05202014_220440.txt
2014-05-20 22:02 - 2014-05-21 06:01 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\Savings Hen
2014-05-20 22:02 - 2014-05-20 22:02 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-05-20 22:02 - 2014-05-20 22:02 - 00000000 ____D () C:\Program Files (x86)\Savings Hen
2014-05-20 22:00 - 2014-05-22 19:19 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\CrashDumps
2014-05-20 22:00 - 2014-05-20 22:08 - 00000000 ____D () C:\Users\Mike Dobkin\Desktop\RK_Quarantine
2014-05-20 21:59 - 2014-05-20 22:00 - 04527616 _____ () C:\Users\Mike Dobkin\Downloads\RogueKillerX64.exe
2014-05-20 21:59 - 2014-05-20 21:59 - 00004406 _____ () C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2014-05-20 21:44 - 2014-05-21 22:50 - 00000000 ___HD () C:\20dab47
2014-05-20 21:44 - 2014-05-20 21:44 - 00247808 _____ (Esufassi) C:\Windows\SysWOW64\maketend.exe
2014-05-20 21:11 - 2014-05-23 19:24 - 00003630 _____ () C:\Users\Mike Dobkin\Desktop\Rkill.txt
2014-05-20 21:11 - 2014-05-20 21:11 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Mike Dobkin\Downloads\iExplore (1).exe
2014-05-20 21:07 - 2014-05-20 21:07 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Mike Dobkin\Downloads\iexplore.exe
2014-05-20 20:51 - 2014-05-21 23:03 - 00000083 _____ () C:\Windows\system32\fdtjat.idt
2014-05-20 20:40 - 2014-05-20 20:40 - 00000064 _____ () C:\Windows\system32\ilpbn.vvr
2014-05-20 20:40 - 2014-05-20 20:40 - 00000000 _____ () C:\Windows\system32\gxvzr.cew
2014-05-20 20:24 - 2014-05-20 20:24 - 00310760 ____S () C:\Windows\system32\fcti.vpt
2014-05-20 20:24 - 2014-05-20 20:24 - 00000000 ____D () C:\Windows\Sun
2014-05-17 09:32 - 2014-05-26 21:31 - 00001344 _____ () C:\Windows\setupact.log
2014-05-17 09:32 - 2014-05-17 09:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-17 09:31 - 2014-05-24 13:48 - 00039818 _____ () C:\Windows\PFRO.log
2014-05-16 19:25 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 19:25 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 19:25 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-16 19:25 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-16 19:25 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-16 19:25 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-16 19:19 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-16 19:19 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-16 19:19 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-16 19:19 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-16 19:19 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-16 19:19 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-16 19:19 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-16 19:19 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-16 19:19 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-16 19:19 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-16 19:19 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-16 19:19 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-16 19:19 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-16 19:19 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-16 19:19 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-16 19:19 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-16 19:19 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-16 19:19 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-16 19:19 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-16 19:19 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-16 19:19 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-16 19:19 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-16 19:19 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-16 19:19 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-16 19:19 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-16 19:19 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-07 09:51 - 2014-05-07 09:51 - 03419388 _____ () C:\Users\Mike Dobkin\Desktop\M Berkenstock OKAP 3-15-14.tiff
2014-05-05 22:35 - 2014-05-16 19:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-05 21:09 - 2014-05-05 21:10 - 03419388 _____ () C:\Users\Mike Dobkin\Downloads\M Berkenstock OKAP 3-15-14.tiff
2014-05-05 21:07 - 2014-05-05 21:08 - 04800321 _____ () C:\Users\Mike Dobkin\Downloads\message_zdm.html
2014-05-02 00:23 - 2014-05-02 00:24 - 00009256 _____ () C:\Users\Mike Dobkin\Downloads\roster
2014-04-27 16:23 - 2014-04-27 16:23 - 00748477 _____ () C:\Users\Mike Dobkin\Downloads\Rainscreen II - Accent Reveal.dwg
2014-04-27 00:39 - 2014-04-27 00:39 - 00000000 __SHD () C:\Users\Mike Dobkin\AppData\Local\EmieUserList
2014-04-27 00:39 - 2014-04-27 00:39 - 00000000 __SHD () C:\Users\Mike Dobkin\AppData\Local\EmieSiteList
2014-04-26 15:45 - 2014-03-09 21:59 - 00002348 _____ () C:\Users\Mike Dobkin\Desktop\Dobkin-RDP.RDP
2014-04-26 15:44 - 2014-04-26 15:44 - 00002348 _____ () C:\Users\Mike Dobkin\Downloads\Dobkin-RDP (18).RDP
2014-04-26 14:00 - 2014-04-26 14:00 - 00002348 _____ () C:\Users\Mike Dobkin\Downloads\Dobkin-RDP (17).RDP
 
==================== One Month Modified Files and Folders =======
 
2014-05-26 21:40 - 2014-05-26 21:39 - 00026270 _____ () C:\Users\Mike Dobkin\Downloads\FRST.txt
2014-05-26 21:40 - 2014-03-15 12:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-26 21:39 - 2014-05-26 21:39 - 00000000 ____D () C:\FRST
2014-05-26 21:39 - 2014-05-26 21:38 - 02066944 _____ (Farbar) C:\Users\Mike Dobkin\Downloads\FRST64.exe
2014-05-26 21:39 - 2012-07-15 17:49 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Roaming\Skype
2014-05-26 21:37 - 2009-07-14 00:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-26 21:37 - 2009-07-14 00:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-26 21:36 - 2010-01-29 03:44 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\Adobe
2014-05-26 21:35 - 2012-04-29 23:25 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\Htc
2014-05-26 21:32 - 2014-03-15 12:37 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-26 21:31 - 2014-05-17 09:32 - 00001344 _____ () C:\Windows\setupact.log
2014-05-26 21:31 - 2010-01-31 16:27 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-05-26 21:31 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-26 21:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2014-05-24 17:26 - 2014-05-24 17:26 - 00028827 _____ () C:\Users\Mike Dobkin\Desktop\dds.txt
2014-05-24 17:26 - 2014-05-24 17:26 - 00020875 _____ () C:\Users\Mike Dobkin\Desktop\attach.txt
2014-05-24 17:24 - 2014-05-24 17:24 - 00688992 ____R (Swearware) C:\Users\Mike Dobkin\Downloads\dds.com
2014-05-24 17:12 - 2012-03-29 10:36 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Roaming\Dropbox
2014-05-24 17:11 - 2014-01-01 19:22 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Roaming\DropboxMaster
2014-05-24 17:08 - 2014-03-15 12:37 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-24 16:51 - 2009-07-14 01:10 - 01863013 _____ () C:\Windows\WindowsUpdate.log
2014-05-24 14:40 - 2012-03-29 10:38 - 00001044 _____ () C:\Users\Mike Dobkin\Desktop\Dropbox.lnk
2014-05-24 14:40 - 2012-03-29 10:37 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 14:40 - 2010-01-27 21:47 - 00000000 ___RD () C:\Users\Mike Dobkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-24 14:02 - 2014-05-24 14:02 - 00001653 _____ () C:\Users\Mike Dobkin\Desktop\JRT.txt
2014-05-24 13:48 - 2014-05-17 09:31 - 00039818 _____ () C:\Windows\PFRO.log
2014-05-24 13:47 - 2014-05-22 22:08 - 00000000 ____D () C:\AdwCleaner
2014-05-23 19:24 - 2014-05-20 21:11 - 00003630 _____ () C:\Users\Mike Dobkin\Desktop\Rkill.txt
2014-05-23 19:14 - 2014-05-23 19:14 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-05-22 22:47 - 2014-05-22 22:47 - 01016261 _____ (Thisisu) C:\Users\Mike Dobkin\Downloads\JRT.exe
2014-05-22 22:47 - 2014-05-22 22:47 - 00000000 ____D () C:\Windows\ERUNT
2014-05-22 22:08 - 2014-05-22 22:08 - 01326389 _____ () C:\Users\Mike Dobkin\Downloads\adwcleaner_3.210.exe
2014-05-22 19:22 - 2011-05-25 20:05 - 00002704 _____ () C:\Users\Mike Dobkin\Documents\My Documents.lnk
2014-05-22 19:19 - 2014-05-20 22:00 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\CrashDumps
2014-05-21 23:03 - 2014-05-20 20:51 - 00000083 _____ () C:\Windows\system32\fdtjat.idt
2014-05-21 22:50 - 2014-05-21 22:50 - 00240128 _____ (Sograge) C:\Windows\SysWOW64\makeocom.exe
2014-05-21 22:50 - 2014-05-21 22:50 - 00008150 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-05-21 22:50 - 2014-05-21 22:50 - 00004080 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-05-21 22:50 - 2014-05-21 22:50 - 00000282 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-05-21 22:50 - 2014-05-21 22:50 - 00000000 __SHD () C:\Users\Mike Dobkin\AppData\Roaming\srxyvrc
2014-05-21 22:50 - 2014-05-20 21:44 - 00000000 ___HD () C:\20dab47
2014-05-21 22:50 - 2014-04-18 22:54 - 00000000 ____D () C:\ProgramData\Western Digital
2014-05-21 22:50 - 2010-08-21 16:28 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2014-05-21 22:37 - 2014-05-21 22:37 - 00077312 _____ (Emsisoft GmbH) C:\Windows\system32\eamclean.exe
2014-05-21 22:37 - 2014-05-21 22:37 - 00001406 _____ () C:\Windows\system32\eamclean.dat
2014-05-21 06:30 - 2014-05-21 06:30 - 00001994 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_S_05212014_063007.txt
2014-05-21 06:23 - 2014-05-21 06:23 - 00001958 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_S_05212014_062306.txt
2014-05-21 06:01 - 2014-05-20 22:02 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\Savings Hen
2014-05-20 22:24 - 2014-05-20 22:24 - 00000704 _____ () C:\Users\Mike Dobkin\Desktop\Emsisoft Emergency Kit.lnk
2014-05-20 22:23 - 2014-05-20 22:21 - 228583280 _____ () C:\Users\Mike Dobkin\Downloads\EmsisoftEmergencyKit.exe
2014-05-20 22:08 - 2014-05-20 22:07 - 10971424 _____ (SurfRight B.V.) C:\Users\Mike Dobkin\Downloads\HitmanPro_x64.exe
2014-05-20 22:08 - 2014-05-20 22:00 - 00000000 ____D () C:\Users\Mike Dobkin\Desktop\RK_Quarantine
2014-05-20 22:07 - 2014-05-20 22:07 - 07080040 _____ () C:\Users\Mike Dobkin\Downloads\FinallyFast.setup.exe
2014-05-20 22:06 - 2014-05-20 22:06 - 00006632 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_D_05202014_220623.txt
2014-05-20 22:04 - 2014-05-20 22:04 - 00006387 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_S_05202014_220440.txt
2014-05-20 22:02 - 2014-05-20 22:02 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-05-20 22:02 - 2014-05-20 22:02 - 00000000 ____D () C:\Program Files (x86)\Savings Hen
2014-05-20 22:02 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-20 22:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-05-20 22:00 - 2014-05-20 21:59 - 04527616 _____ () C:\Users\Mike Dobkin\Downloads\RogueKillerX64.exe
2014-05-20 22:00 - 2014-02-05 23:12 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-20 22:00 - 2010-07-14 00:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-20 22:00 - 2009-12-26 09:02 - 00000000 ____D () C:\ProgramData\Sonic
2014-05-20 21:59 - 2014-05-20 21:59 - 00004406 _____ () C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2014-05-20 21:59 - 2010-12-07 00:11 - 00000000 ____D () C:\ProgramData\HP
2014-05-20 21:59 - 2010-08-21 23:59 - 00000000 ____D () C:\ProgramData\McNeel
2014-05-20 21:59 - 2010-07-14 23:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-20 21:59 - 2009-12-26 09:02 - 00000000 ____D () C:\ProgramData\Macrovision
2014-05-20 21:59 - 2009-12-26 09:00 - 00000000 ____D () C:\ProgramData\McAfee
2014-05-20 21:57 - 2014-02-05 23:00 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-20 21:57 - 2012-09-18 17:32 - 00000280 _____ () C:\ProgramData\defraggler_list.txt
2014-05-20 21:57 - 2010-08-29 20:35 - 00000000 ____D () C:\ProgramData\Cisco
2014-05-20 21:57 - 2010-02-26 02:22 - 00000000 ____D () C:\ProgramData\Autodesk
2014-05-20 21:57 - 2009-12-26 08:37 - 00000000 ____D () C:\ProgramData\Dell
2014-05-20 21:46 - 2010-05-14 16:05 - 00000000 ____D () C:\ProgramData\AIM Toolbar
2014-05-20 21:46 - 2009-12-26 08:47 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-20 21:44 - 2014-05-20 21:44 - 00247808 _____ (Esufassi) C:\Windows\SysWOW64\maketend.exe
2014-05-20 21:30 - 2014-03-15 14:14 - 00000254 _____ () C:\CDAVFSuser.log
2014-05-20 21:11 - 2014-05-20 21:11 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Mike Dobkin\Downloads\iExplore (1).exe
2014-05-20 21:07 - 2014-05-20 21:07 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Mike Dobkin\Downloads\iexplore.exe
2014-05-20 20:59 - 2014-03-14 22:25 - 00018139 _____ () C:\CybDefInstallInfo.log
2014-05-20 20:59 - 2014-03-14 22:25 - 00000113 _____ () C:\CybDefWebInstaller.log
2014-05-20 20:59 - 2009-07-13 22:34 - 00000666 _____ () C:\Windows\win.ini
2014-05-20 20:48 - 2014-03-15 14:14 - 00000254 _____ () C:\CDAVFSuserBackup.log
2014-05-20 20:41 - 2009-07-14 01:08 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-20 20:40 - 2014-05-20 20:40 - 00000064 _____ () C:\Windows\system32\ilpbn.vvr
2014-05-20 20:40 - 2014-05-20 20:40 - 00000000 _____ () C:\Windows\system32\gxvzr.cew
2014-05-20 20:24 - 2014-05-20 20:24 - 00310760 ____S () C:\Windows\system32\fcti.vpt
2014-05-20 20:24 - 2014-05-20 20:24 - 00000000 ____D () C:\Windows\Sun
2014-05-19 20:58 - 2014-01-25 14:21 - 00000000 ____D () C:\Windows\rescache
2014-05-17 09:32 - 2014-05-17 09:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-16 20:51 - 2009-07-14 01:13 - 00776000 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-16 19:42 - 2014-03-15 12:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-16 19:41 - 2014-03-15 12:37 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 19:41 - 2014-03-15 12:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-16 19:39 - 2010-01-27 21:51 - 00000000 ___RD () C:\Users\Mike Dobkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 19:35 - 2014-05-05 22:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 19:25 - 2014-03-15 12:37 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-16 19:24 - 2013-07-20 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 19:21 - 2010-01-29 23:30 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-09 02:14 - 2014-05-16 19:19 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 02:11 - 2014-05-16 19:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 22:49 - 2013-01-04 11:29 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-05-07 22:18 - 2010-09-09 06:36 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Roaming\ZoomBrowser EX
2014-05-07 22:09 - 2010-06-22 02:02 - 00000000 ____D () C:\ProgramData\ZoomBrowser
2014-05-07 22:01 - 2014-03-15 12:37 - 00003904 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 22:01 - 2014-03-15 12:37 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 09:51 - 2014-05-07 09:51 - 03419388 _____ () C:\Users\Mike Dobkin\Desktop\M Berkenstock OKAP 3-15-14.tiff
2014-05-06 17:26 - 2010-02-12 00:38 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\CutePDF Writer
2014-05-06 00:40 - 2014-05-16 19:25 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:17 - 2014-05-16 19:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 23:25 - 2014-05-16 19:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 23:07 - 2014-05-16 19:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 23:00 - 2014-05-16 19:25 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-16 19:25 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 21:10 - 2014-05-05 21:09 - 03419388 _____ () C:\Users\Mike Dobkin\Downloads\M Berkenstock OKAP 3-15-14.tiff
2014-05-05 21:08 - 2014-05-05 21:07 - 04800321 _____ () C:\Users\Mike Dobkin\Downloads\message_zdm.html
2014-05-02 00:24 - 2014-05-02 00:23 - 00009256 _____ () C:\Users\Mike Dobkin\Downloads\roster
2014-04-27 16:23 - 2014-04-27 16:23 - 00748477 _____ () C:\Users\Mike Dobkin\Downloads\Rainscreen II - Accent Reveal.dwg
2014-04-27 00:39 - 2014-04-27 00:39 - 00000000 __SHD () C:\Users\Mike Dobkin\AppData\Local\EmieUserList
2014-04-27 00:39 - 2014-04-27 00:39 - 00000000 __SHD () C:\Users\Mike Dobkin\AppData\Local\EmieSiteList
2014-04-26 15:44 - 2014-04-26 15:44 - 00002348 _____ () C:\Users\Mike Dobkin\Downloads\Dobkin-RDP (18).RDP
2014-04-26 14:00 - 2014-04-26 14:00 - 00002348 _____ () C:\Users\Mike Dobkin\Downloads\Dobkin-RDP (17).RDP
2014-04-26 13:42 - 2011-11-10 23:50 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\Akamai
2014-04-26 13:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
 
Files to move or delete:
====================
C:\Users\Mike Dobkin\taskmgr.exe
 
 
Some content of TEMP:
====================
C:\Users\Mike Dobkin\AppData\Local\Temp\BackupSetup.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkpk0rm.dll
C:\Users\Mike Dobkin\AppData\Local\Temp\HitmanPro.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\nscDC24.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\nsr9189.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\nsr9754.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\nsrE078.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Mike Dobkin\AppData\Local\Temp\Quarantine.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\speedmax_4507.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Mike Dobkin\AppData\Local\Temp\System.Data.SQLite68664.dll
C:\Users\Mike Dobkin\AppData\Local\Temp\System.Data.SQLite77278.dll
C:\Users\Mike Dobkin\AppData\Local\Temp\updater_135618.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\~cdiss03.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2011-06-24 22:12] - [2010-11-20 09:27] - 0520192 ____A (Microsoft Corporation) 91F24E9FB8D7F38A211FDB676ABAF96F
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-19 20:51
 
==================== End Of Log ============================
 
 
ADDITION.TEXT
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Mike Dobkin at 2014-05-26 21:40:43
Running from C:\Users\Mike Dobkin\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
1310 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
1310_Help (x32 Version: 82.0.58.000 - Hewlett-Packard) Hidden
1310Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7 Wonders II (HKLM-x32\...\exent_586350) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.3.0.3670 - Adobe Systems Incorporated) Hidden
Adobe Connect 9 Add-in (HKCU\...\Adobe Connect 9 Add-in) (Version: 11,9,959,0 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Design Standard (HKLM-x32\...\{0327A4BF-62BF-48BB-8928-B971B749E9E1}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.0.0 - Adobe Systems Incorporated)
Adobe® Content Viewer (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AIM Toolbar (HKLM-x32\...\AIM Toolbar) (Version:  - )
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AnswerWorks Runtime (HKLM-x32\...\AnswerWorks) (Version:  - )
Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 3.4.2.0 - Auslogics Labs Pty Ltd)
Autodesk Architectural Desktop 3.3 (HKLM-x32\...\{5783F2D7-0134-0409-0000-0060B0CE6BBA}) (Version: 15.6.030.376 - Autodesk)
Autodesk Backburner 2008.1 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2008.1.1 - Autodesk, Inc.)
Autodesk Download Manager (HKLM-x32\...\{CCA78313-443C-4674-81B8-88919D137258}) (Version: 2.0.2.0 - Autodesk, Inc.)
Autodesk Revit 2013 (HKLM\...\Autodesk Revit 2013) (Version: 12.02.21203 - Autodesk)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bing Bar (HKLM-x32\...\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}) (Version: 7.2.241.0 - Microsoft Corporation)
Bonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Canon Digital Camera Solution Disk 40-46 Software Starter Guide (HKLM-x32\...\SoftwareStarterGuide-DCSD40_46) (Version: 1.1.0.1 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.0.0.20 - Canon Inc.)
Canon Personal Printing Guide (HKLM-x32\...\Personal Printing Guide) (Version: 1.0.0.1 - Canon Inc.)
Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSD1200IS_IXUS95IS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.2.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.4.0.9 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.5.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.2.0.4 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.2.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.3.0.7 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.0.9 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Cisco AnyConnect VPN Client (HKLM-x32\...\{6005535D-8A83-4108-A757-E1AB9886AECA}) (Version: 2.3.0254 - Cisco Systems, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Complete Care Consumer Service Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberDefender Early Detection Center (HKLM-x32\...\{AC5352DA-F4F2-4A59-A1BF-41546342746B}) (Version: 6.01.25.01 - CyberDefender Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.05 - Piriform)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.1.0029 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.102.101.303 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
FARO LS 1.1.408.2 (HKLM-x32\...\{91221AAC-F2A0-4028-8016-C7DAF63CB6CC}) (Version: 4.8.2.25521 - FARO Scanner Production)
FARO LS 4.8.2.25521 (HKLM-x32\...\FARO LS_is1) (Version:  - FARO Technologies)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google SketchUp Pro 7 (HKLM-x32\...\{E1C256F5-58C6-44E9-939A-E1189C8126E2}) (Version: 2.0.10247 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - )
Google Toolbar for Internet Explorer (x32 Version: 4.0.0.002 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.153 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Grasshopper (HKLM-x32\...\Grasshopper) (Version:  - )
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.018 - HTC Corporation)
HTC Sync (HKLM-x32\...\{7A3FFA58-876F-489C-B6CF-0503916224DF}) (Version: 3.0.5617 - HTC Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1968 - Intel Corporation)
iTunes (HKLM\...\{28D73032-5DAA-4F83-B154-85105DBCCB92}) (Version: 10.3.1.55 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.5.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 26 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416026FF}) (Version: 6.0.260 - Oracle)
Java™ 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.260 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Karamba (32bit) (HKLM-x32\...\{FBE63977-19A9-44F5-9BEB-F1ADA76C539E}) (Version: 1.0.2 - Clemens Preisinger)
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Maxwell for Rhino x86 (HKLM-x32\...\{3439D337-3F7F-48CA-8965-6819B9F2FD28}) (Version: 2.6.0 - Next Limit Technologies)
Maxwell Shell Extension (x64) (HKLM\...\{A7D9775A-2F07-413A-B312-3464B3CB79CD}) (Version: 2.6.0 - Next Limit Technologies)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.1.177.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{67635FB6-2F63-4FFB-830B-D4C01597EBA4}) (Version: 1.2.1 - DELL)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 8.0 Support DLLs (HKLM-x32\...\{342F5437-C87D-4BB5-89B9-B23E16C6A395}) (Version: 1.0.0 - McNeel & Associates)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Pepakura Designer 3 (HKLM-x32\...\pepakura_designer3en) (Version:  - TamaSoftware)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
QualXServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.11 - Dell Inc.)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5951 - Realtek Semiconductor Corp.)
Revit 2013 (Version: 12.02.21203 - Autodesk) Hidden
Revit 2013 Language Pack - English (Version: 12.02.21203 - Autodesk) Hidden
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
Safari (HKLM-x32\...\{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}) (Version: 5.33.21.1 - Apple Inc.)
Savings Hen (HKLM-x32\...\38959_Savings Hen) (Version: 1.0 - Smart Apps) <==== ATTENTION
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Secunia PSI (2.0.0.3003) (HKLM-x32\...\Secunia PSI) (Version:  - )
SketchUp 2013 (HKLM-x32\...\{E74C0D09-8730-4714-8C6F-019FBF7F1B42}) (Version: 13.0.3689 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13348 - Skype Technologies S.A.)
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.2.1 - Tweaking.com)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{319951E8-E272-4F02-A752-DD6FCD7D4519}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9680B76D-042F-4FF2-BD87-6E859531452D}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Weaverbird (HKLM-x32\...\{CEB756FF-E49E-48E4-8D40-4DB6DD3FFE6E}) (Version: 0.5.16.0 - Piacentino Architecture)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2014-02-05 21:56 - 2014-05-20 22:02 - 00000902 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
54.221.22.25 epcaecmamppaanbcebonhemckaapciho
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {4B229C52-7D7C-4ADA-B0FE-F0666752DEDE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-15] (Google Inc.)
Task: {4B79CF49-C498-49EA-8A34-186E93F23D05} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe <==== ATTENTION
Task: {5113BB53-F18F-45DB-9307-E3BC773DB6C8} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {682672DF-2548-4570-B522-546D6C00C71C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {6ADE3DE2-82C4-4D55-83F5-D6C8789E38AB} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {6B7CF5D3-13A8-4696-BD5D-4B89A120DA59} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-12-20] ()
Task: {6E48162D-0F98-487A-9920-673C08B0CE95} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {7C53B96D-1890-4263-89AB-56AB5023203C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {875202BA-8CDE-43FB-9472-A69B2B1C5470} - System32\Tasks\D1234567\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-16] (Dell Inc.)
Task: {9FBC52F0-4F12-4DE2-9C98-214461D2DBC0} - System32\Tasks\AdobeAAMUpdater-1.0-MikeDobkin-PC-Mike Dobkin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {A2430D4C-B350-4937-9579-2D2EE819B6D8} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {A544110A-1ECC-481F-9ADA-A741B020FF36} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-15] (Google Inc.)
Task: {A5B1BB65-F0B1-4A6E-8129-4C79175FEA4E} - \PC Speed Maximizer Schedule No Task File <==== ATTENTION
Task: {A7A5C550-5109-4FF8-BF6E-B21ED23BD509} - System32\Tasks\Start Registry Reviver => C:\Program Files (x86)\Reviversoft\Registry Reviver\RegistryReviver.exe
Task: {AF2ADB7A-529F-4236-9885-F4031F31C821} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-16] (Adobe Systems Incorporated)
Task: {BB2300E4-44C0-46FE-A9E0-B1E550DCA6A7} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-12-26 08:37 - 2009-07-16 20:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2009-12-26 08:37 - 2009-07-16 20:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2010-01-30 13:13 - 2009-11-05 09:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2011-09-15 12:06 - 2011-09-15 12:06 - 00088576 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2011-12-20 13:32 - 2011-12-20 13:32 - 00634880 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
2009-10-15 05:10 - 2009-10-15 05:10 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2009-07-07 12:23 - 2009-07-07 12:23 - 01779952 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2014-05-26 21:36 - 2014-05-26 21:36 - 00043008 _____ () C:\Users\Mike Dobkin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkpk0rm.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Mike Dobkin\AppData\Roaming\Dropbox\bin\libcef.dll
2010-03-15 16:57 - 2010-03-15 16:57 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-12-20 13:32 - 2011-12-20 13:32 - 00103936 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
2011-12-20 13:32 - 2011-12-20 13:32 - 00516599 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
2011-12-20 13:32 - 2011-12-20 13:32 - 00094208 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
2011-12-20 13:32 - 2011-12-20 13:32 - 00389120 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll
2011-12-20 13:32 - 2011-12-20 13:32 - 00143360 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
2011-12-20 13:32 - 2011-12-20 13:32 - 00172032 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
2011-12-20 13:32 - 2011-12-20 13:32 - 00559244 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
2011-12-20 13:32 - 2011-12-20 13:32 - 01515520 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
2009-07-07 12:24 - 2009-07-07 12:24 - 00268528 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-07-07 12:23 - 2009-07-07 12:23 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2009-07-07 12:24 - 2009-07-07 12:24 - 00095472 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2009-07-07 12:24 - 2009-07-07 12:24 - 00140528 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-07-07 12:23 - 2009-07-07 12:23 - 00017648 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\13159538.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\13159538.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: hp color LaserJet 5550
Description: hp color LaserJet 5550
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart Prem C310 series
Description: Photosmart Prem C310 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart Prem C310 series
Description: Photosmart Prem C310 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: X5XSEx_Pr143
Description: X5XSEx_Pr143
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: X5XSEx_Pr143
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: HP LaserJet 300 colorMFP M375nw
Description: HP LaserJet 300 colorMFP M375nw
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet CP1525nw
Description: HP LaserJet CP1525nw
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart Prem C310 series
Description: Photosmart Prem C310 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet 7500 E910
Description: Officejet 7500 E910
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart Prem C310 series
Description: Photosmart Prem C310 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet J4680 series
Description: Officejet J4680 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 4100 Series
Description: HP LaserJet 4100 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/26/2014 09:40:33 PM) (Source: .NET Runtime) (EventID: 1024) (User: )
Description: Shim database version C:\Windows\Microsoft.NET\Framework64\v4.0.30319 doesn't have a matching runtime directory
 
Error: (05/26/2014 09:35:57 PM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()
 
Error: (05/26/2014 09:34:56 PM) (Source: .NET Runtime) (EventID: 1024) (User: )
Description: Shim database version C:\Windows\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory
 
Error: (05/26/2014 09:34:41 PM) (Source: MsiInstaller) (EventID: 11711) (User: MikeDobkin-PC)
Description: Product: Bing Bar -- Error 1711. An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.
 
Error: (05/26/2014 09:34:40 PM) (Source: MsiInstaller) (EventID: 11711) (User: MikeDobkin-PC)
Description: Product: Bing Bar -- Error 1711. An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.
 
Error: (05/26/2014 09:32:31 PM) (Source: .NET Runtime) (EventID: 1024) (User: )
Description: Shim database version C:\Windows\Microsoft.NET\Framework64\v4.0.30319 doesn't have a matching runtime directory
 
Error: (05/26/2014 09:31:41 PM) (Source: .NET Runtime) (EventID: 1024) (User: )
Description: Shim database version C:\Windows\Microsoft.NET\Framework64\v4.0.30319 doesn't have a matching runtime directory
 
Error: (05/24/2014 05:29:16 PM) (Source: MsiInstaller) (EventID: 11711) (User: MikeDobkin-PC)
Description: Product: Microsoft_VC80_CRT_x86 -- Error 1711.An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the installation.
 
Error: (05/24/2014 05:29:15 PM) (Source: MsiInstaller) (EventID: 11711) (User: MikeDobkin-PC)
Description: Product: Microsoft_VC80_CRT_x86 -- Error 1711.An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the installation.
 
Error: (05/24/2014 05:29:14 PM) (Source: MsiInstaller) (EventID: 11711) (User: MikeDobkin-PC)
Description: Product: Microsoft_VC80_CRT_x86 -- Error 1711.An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the installation.
 
 
System errors:
=============
Error: (05/26/2014 09:38:27 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
Error: (05/26/2014 09:31:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The X5XSEx_Pr143 service failed to start due to the following error: 
%%3
 
Error: (05/26/2014 09:31:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CDAVFS service failed to start due to the following error: 
%%1275
 
Error: (05/26/2014 09:31:38 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\DRIVERS\CDAVFS.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (05/24/2014 05:11:09 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
Error: (05/24/2014 05:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The X5XSEx_Pr143 service failed to start due to the following error: 
%%3
 
Error: (05/24/2014 05:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053
 
Error: (05/24/2014 05:07:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (05/24/2014 05:07:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
%%1053
 
Error: (05/24/2014 05:07:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (03/26/2011 05:42:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (03/16/2011 05:00:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 444 seconds with 60 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2011-06-23 07:57:30.780
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-06-22 22:38:13.376
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-06-22 22:27:30.950
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-06-22 21:08:42.772
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-06-22 20:49:08.153
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-06-22 20:36:43.388
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-06-22 20:23:13.029
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-06-22 20:01:29.470
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-06-22 00:55:11.156
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-06-22 00:43:57.587
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 43%
Total physical RAM: 3892.54 MB
Available physical RAM: 2195.34 MB
Total Pagefile: 7783.27 MB
Available Pagefile: 5584.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:58.59 GB) (Free:13.08 GB) NTFS
Drive d: () (Fixed) (Total:397.3 GB) (Free:106.1 GB) NTFS
Drive e: (Rhino 5.0) (CDROM) (Total:1.13 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E635605C)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=397 GB) - (Type=OF Extended)
 
==================== End Of Log ============================
 
SEARCH.TXT
 
Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Mike Dobkin at 2014-05-26 21:47:18
Running from C:\Users\Mike Dobkin\Downloads
Boot Mode: Normal
 
================== Search Files: "rpcss.dll" =============
 
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2011-06-24 22:12] - [2010-11-20 09:27] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
 
C:\Windows\System32\rpcss.dll
[2011-06-24 22:12] - [2010-11-20 09:27] - 0520192 ____A (Microsoft Corporation) 91F24E9FB8D7F38A211FDB676ABAF96F
 
====== End Of Search ======

Hello Gringo, thank you for the quick response. Here are my logs:

 

FRST.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Mike Dobkin (administrator) on MIKEDOBKIN-PC on 26-05-2014 21:39:41
Running from C:\Users\Mike Dobkin\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Akamai Technologies, Inc.) C:\Users\Mike Dobkin\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Mike Dobkin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Adobe Systems Inc.) D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Akamai Technologies, Inc.) C:\Users\Mike Dobkin\AppData\Local\Akamai\netsession_win.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-09] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3189016 2009-10-01] (Dell Inc.)
HKLM\...\Run: [IntelliPoint] => "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [357376 2009-09-16] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [mcagent_exe] => "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [634880 2011-12-20] ()
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1779952 2009-07-07] ()
HKLM-x32\...\Run: [Bing Bar] => "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1355.0\mswinext.exe"
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1632216 2012-07-23] (Autodesk, Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [Adobe ARM] => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [39136 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [825560 2012-12-18] (Adobe Systems Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\.DEFAULT\...\Run: [explheme] => C:\Windows\system32\maketend.exe
HKU\.DEFAULT\...\Run: [20dab4] => C:\20dab47\20dab47.exe [194560 2014-05-21] (jiiSoft)
HKU\.DEFAULT\...\Run: [20dab47] => C:\Windows\system32\config\systemprofile\AppData\Roaming\20dab47.exe
HKU\.DEFAULT\...\Run: [explCERT] => C:\Windows\system32\makeocom.exe
HKU\.DEFAULT\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Mike Dobkin\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\MountPoints2: {1502b506-22c6-11e2-bf23-0026b916417b} - F:\TL-Bootstrap.exe
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\MountPoints2: {247488cc-adea-11e0-b730-0026b916417b} - F:\setup.exe -a
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\MountPoints2: {a4ca5fed-f22a-11de-b249-806e6f6e6963} - E:\Setup.exe
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\MountPoints2: {b26ac49d-3e75-11e3-973e-0026b916417b} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\MountPoints2: {c4d8bbd8-bf23-11e1-af85-0026b916417b} - F:\setup.exe -a
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\Mike Dobkin\AppData\Roaming\srxyvrc\stqitxw\wow.dll ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mike Dobkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Mike Dobkin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: http=127.0.0.1:49529;https=127.0.0.1:49529
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
URLSearchHook: HKLM-x32 - AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {F6114AF5-9782-48EF-895B-9D14041578CA} URL = 
BHO: Savings Hen BHO - {1564A235-9C55-4C1F-8CE4-B30B77C0B99A} - C:\Program Files (x86)\Savings Hen\FrameworkBHO64.dll ()
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name - {0347C33E-8762-4905-BF09-768834316C61} -  No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
BHO-x32: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -  No File
Toolbar: HKLM-x32 - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll (Google Inc.)
Toolbar: HKLM-x32 - AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: HKLM-x32 {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files%20(x86)/Autodesk%20Architectural%20Desktop%203/AcDcToday.ocx
DPF: HKLM-x32 {AE563720-B4F5-11D4-A415-00108302FDFD} file:///C:/Program%20Files%20(x86)/Autodesk%20Architectural%20Desktop%203/InstBanr.ocx
DPF: HKLM-x32 {C6637286-300D-11D4-AE0A-0010830243BD} file:///C:/Program%20Files%20(x86)/Autodesk%20Architectural%20Desktop%203/InstFred.ocx
DPF: HKLM-x32 {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files%20(x86)/Autodesk%20Architectural%20Desktop%203/AcPreview.ocx
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeExManDetect - D:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 - C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect - D:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Plugin-x32: www.exent.com/GameTreatWidget - C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-16]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-16]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-01-04]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Docs) - C:\Users\Mike Dobkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-15]
CHR Extension: (Google Drive) - C:\Users\Mike Dobkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-15]
CHR Extension: (YouTube) - C:\Users\Mike Dobkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-15]
CHR Extension: (Google Search) - C:\Users\Mike Dobkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-15]
CHR Extension: (Google Wallet) - C:\Users\Mike Dobkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-15]
CHR Extension: (Gmail) - C:\Users\Mike Dobkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-15]
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-04-19] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-04-19] (Secunia)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.)
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 A2DDA; D:\MY DOCUMENTS\RANDOM AUDIO FIX\RUN\a2ddax64.sys [26176 2014-05-21] (Emsisoft GmbH)
S2 CDAVFS; C:\Windows\SysWOW64\DRIVERS\CDAVFS.sys [67424 2010-01-31] (CyberDefender Corp.)
S3 cleanhlp; D:\My Documents\Random Audio Fix\Run\cleanhlp64.sys [57024 2014-05-21] (Emsisoft GmbH)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-26 21:39 - 2014-05-26 21:40 - 00026270 _____ () C:\Users\Mike Dobkin\Downloads\FRST.txt
2014-05-26 21:39 - 2014-05-26 21:39 - 00000000 ____D () C:\FRST
2014-05-26 21:38 - 2014-05-26 21:39 - 02066944 _____ (Farbar) C:\Users\Mike Dobkin\Downloads\FRST64.exe
2014-05-24 17:26 - 2014-05-24 17:26 - 00028827 _____ () C:\Users\Mike Dobkin\Desktop\dds.txt
2014-05-24 17:26 - 2014-05-24 17:26 - 00020875 _____ () C:\Users\Mike Dobkin\Desktop\attach.txt
2014-05-24 17:24 - 2014-05-24 17:24 - 00688992 ____R (Swearware) C:\Users\Mike Dobkin\Downloads\dds.com
2014-05-24 14:02 - 2014-05-24 14:02 - 00001653 _____ () C:\Users\Mike Dobkin\Desktop\JRT.txt
2014-05-23 19:14 - 2014-05-23 19:14 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-05-22 22:47 - 2014-05-22 22:47 - 01016261 _____ (Thisisu) C:\Users\Mike Dobkin\Downloads\JRT.exe
2014-05-22 22:47 - 2014-05-22 22:47 - 00000000 ____D () C:\Windows\ERUNT
2014-05-22 22:10 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-22 22:08 - 2014-05-24 13:47 - 00000000 ____D () C:\AdwCleaner
2014-05-22 22:08 - 2014-05-22 22:08 - 01326389 _____ () C:\Users\Mike Dobkin\Downloads\adwcleaner_3.210.exe
2014-05-21 22:50 - 2014-05-21 22:50 - 00240128 _____ (Sograge) C:\Windows\SysWOW64\makeocom.exe
2014-05-21 22:50 - 2014-05-21 22:50 - 00008150 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-05-21 22:50 - 2014-05-21 22:50 - 00004080 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-05-21 22:50 - 2014-05-21 22:50 - 00000282 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-05-21 22:50 - 2014-05-21 22:50 - 00000000 __SHD () C:\Users\Mike Dobkin\AppData\Roaming\srxyvrc
2014-05-21 22:37 - 2014-05-21 22:37 - 00077312 _____ (Emsisoft GmbH) C:\Windows\system32\eamclean.exe
2014-05-21 22:37 - 2014-05-21 22:37 - 00001406 _____ () C:\Windows\system32\eamclean.dat
2014-05-21 06:30 - 2014-05-21 06:30 - 00001994 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_S_05212014_063007.txt
2014-05-21 06:23 - 2014-05-21 06:23 - 00001958 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_S_05212014_062306.txt
2014-05-20 22:24 - 2014-05-20 22:24 - 00000704 _____ () C:\Users\Mike Dobkin\Desktop\Emsisoft Emergency Kit.lnk
2014-05-20 22:21 - 2014-05-20 22:23 - 228583280 _____ () C:\Users\Mike Dobkin\Downloads\EmsisoftEmergencyKit.exe
2014-05-20 22:07 - 2014-05-20 22:08 - 10971424 _____ (SurfRight B.V.) C:\Users\Mike Dobkin\Downloads\HitmanPro_x64.exe
2014-05-20 22:07 - 2014-05-20 22:07 - 07080040 _____ () C:\Users\Mike Dobkin\Downloads\FinallyFast.setup.exe
2014-05-20 22:06 - 2014-05-20 22:06 - 00006632 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_D_05202014_220623.txt
2014-05-20 22:04 - 2014-05-20 22:04 - 00006387 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_S_05202014_220440.txt
2014-05-20 22:02 - 2014-05-21 06:01 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\Savings Hen
2014-05-20 22:02 - 2014-05-20 22:02 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-05-20 22:02 - 2014-05-20 22:02 - 00000000 ____D () C:\Program Files (x86)\Savings Hen
2014-05-20 22:00 - 2014-05-22 19:19 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\CrashDumps
2014-05-20 22:00 - 2014-05-20 22:08 - 00000000 ____D () C:\Users\Mike Dobkin\Desktop\RK_Quarantine
2014-05-20 21:59 - 2014-05-20 22:00 - 04527616 _____ () C:\Users\Mike Dobkin\Downloads\RogueKillerX64.exe
2014-05-20 21:59 - 2014-05-20 21:59 - 00004406 _____ () C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2014-05-20 21:44 - 2014-05-21 22:50 - 00000000 ___HD () C:\20dab47
2014-05-20 21:44 - 2014-05-20 21:44 - 00247808 _____ (Esufassi) C:\Windows\SysWOW64\maketend.exe
2014-05-20 21:11 - 2014-05-23 19:24 - 00003630 _____ () C:\Users\Mike Dobkin\Desktop\Rkill.txt
2014-05-20 21:11 - 2014-05-20 21:11 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Mike Dobkin\Downloads\iExplore (1).exe
2014-05-20 21:07 - 2014-05-20 21:07 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Mike Dobkin\Downloads\iexplore.exe
2014-05-20 20:51 - 2014-05-21 23:03 - 00000083 _____ () C:\Windows\system32\fdtjat.idt
2014-05-20 20:40 - 2014-05-20 20:40 - 00000064 _____ () C:\Windows\system32\ilpbn.vvr
2014-05-20 20:40 - 2014-05-20 20:40 - 00000000 _____ () C:\Windows\system32\gxvzr.cew
2014-05-20 20:24 - 2014-05-20 20:24 - 00310760 ____S () C:\Windows\system32\fcti.vpt
2014-05-20 20:24 - 2014-05-20 20:24 - 00000000 ____D () C:\Windows\Sun
2014-05-17 09:32 - 2014-05-26 21:31 - 00001344 _____ () C:\Windows\setupact.log
2014-05-17 09:32 - 2014-05-17 09:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-17 09:31 - 2014-05-24 13:48 - 00039818 _____ () C:\Windows\PFRO.log
2014-05-16 19:25 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 19:25 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 19:25 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-16 19:25 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-16 19:25 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-16 19:25 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-16 19:19 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-16 19:19 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-16 19:19 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-16 19:19 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-16 19:19 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-16 19:19 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-16 19:19 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-16 19:19 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-16 19:19 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-16 19:19 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-16 19:19 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-16 19:19 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-16 19:19 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-16 19:19 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-16 19:19 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-16 19:19 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-16 19:19 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-16 19:19 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-16 19:19 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-16 19:19 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-16 19:19 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-16 19:19 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-16 19:19 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-16 19:19 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-16 19:19 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-16 19:19 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-07 09:51 - 2014-05-07 09:51 - 03419388 _____ () C:\Users\Mike Dobkin\Desktop\M Berkenstock OKAP 3-15-14.tiff
2014-05-05 22:35 - 2014-05-16 19:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-05 21:09 - 2014-05-05 21:10 - 03419388 _____ () C:\Users\Mike Dobkin\Downloads\M Berkenstock OKAP 3-15-14.tiff
2014-05-05 21:07 - 2014-05-05 21:08 - 04800321 _____ () C:\Users\Mike Dobkin\Downloads\message_zdm.html
2014-05-02 00:23 - 2014-05-02 00:24 - 00009256 _____ () C:\Users\Mike Dobkin\Downloads\roster
2014-04-27 16:23 - 2014-04-27 16:23 - 00748477 _____ () C:\Users\Mike Dobkin\Downloads\Rainscreen II - Accent Reveal.dwg
2014-04-27 00:39 - 2014-04-27 00:39 - 00000000 __SHD () C:\Users\Mike Dobkin\AppData\Local\EmieUserList
2014-04-27 00:39 - 2014-04-27 00:39 - 00000000 __SHD () C:\Users\Mike Dobkin\AppData\Local\EmieSiteList
2014-04-26 15:45 - 2014-03-09 21:59 - 00002348 _____ () C:\Users\Mike Dobkin\Desktop\Dobkin-RDP.RDP
2014-04-26 15:44 - 2014-04-26 15:44 - 00002348 _____ () C:\Users\Mike Dobkin\Downloads\Dobkin-RDP (18).RDP
2014-04-26 14:00 - 2014-04-26 14:00 - 00002348 _____ () C:\Users\Mike Dobkin\Downloads\Dobkin-RDP (17).RDP
 
==================== One Month Modified Files and Folders =======
 
2014-05-26 21:40 - 2014-05-26 21:39 - 00026270 _____ () C:\Users\Mike Dobkin\Downloads\FRST.txt
2014-05-26 21:40 - 2014-03-15 12:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-26 21:39 - 2014-05-26 21:39 - 00000000 ____D () C:\FRST
2014-05-26 21:39 - 2014-05-26 21:38 - 02066944 _____ (Farbar) C:\Users\Mike Dobkin\Downloads\FRST64.exe
2014-05-26 21:39 - 2012-07-15 17:49 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Roaming\Skype
2014-05-26 21:37 - 2009-07-14 00:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-26 21:37 - 2009-07-14 00:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-26 21:36 - 2010-01-29 03:44 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\Adobe
2014-05-26 21:35 - 2012-04-29 23:25 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\Htc
2014-05-26 21:32 - 2014-03-15 12:37 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-26 21:31 - 2014-05-17 09:32 - 00001344 _____ () C:\Windows\setupact.log
2014-05-26 21:31 - 2010-01-31 16:27 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-05-26 21:31 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-26 21:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2014-05-24 17:26 - 2014-05-24 17:26 - 00028827 _____ () C:\Users\Mike Dobkin\Desktop\dds.txt
2014-05-24 17:26 - 2014-05-24 17:26 - 00020875 _____ () C:\Users\Mike Dobkin\Desktop\attach.txt
2014-05-24 17:24 - 2014-05-24 17:24 - 00688992 ____R (Swearware) C:\Users\Mike Dobkin\Downloads\dds.com
2014-05-24 17:12 - 2012-03-29 10:36 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Roaming\Dropbox
2014-05-24 17:11 - 2014-01-01 19:22 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Roaming\DropboxMaster
2014-05-24 17:08 - 2014-03-15 12:37 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-24 16:51 - 2009-07-14 01:10 - 01863013 _____ () C:\Windows\WindowsUpdate.log
2014-05-24 14:40 - 2012-03-29 10:38 - 00001044 _____ () C:\Users\Mike Dobkin\Desktop\Dropbox.lnk
2014-05-24 14:40 - 2012-03-29 10:37 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 14:40 - 2010-01-27 21:47 - 00000000 ___RD () C:\Users\Mike Dobkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-24 14:02 - 2014-05-24 14:02 - 00001653 _____ () C:\Users\Mike Dobkin\Desktop\JRT.txt
2014-05-24 13:48 - 2014-05-17 09:31 - 00039818 _____ () C:\Windows\PFRO.log
2014-05-24 13:47 - 2014-05-22 22:08 - 00000000 ____D () C:\AdwCleaner
2014-05-23 19:24 - 2014-05-20 21:11 - 00003630 _____ () C:\Users\Mike Dobkin\Desktop\Rkill.txt
2014-05-23 19:14 - 2014-05-23 19:14 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-05-22 22:47 - 2014-05-22 22:47 - 01016261 _____ (Thisisu) C:\Users\Mike Dobkin\Downloads\JRT.exe
2014-05-22 22:47 - 2014-05-22 22:47 - 00000000 ____D () C:\Windows\ERUNT
2014-05-22 22:08 - 2014-05-22 22:08 - 01326389 _____ () C:\Users\Mike Dobkin\Downloads\adwcleaner_3.210.exe
2014-05-22 19:22 - 2011-05-25 20:05 - 00002704 _____ () C:\Users\Mike Dobkin\Documents\My Documents.lnk
2014-05-22 19:19 - 2014-05-20 22:00 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\CrashDumps
2014-05-21 23:03 - 2014-05-20 20:51 - 00000083 _____ () C:\Windows\system32\fdtjat.idt
2014-05-21 22:50 - 2014-05-21 22:50 - 00240128 _____ (Sograge) C:\Windows\SysWOW64\makeocom.exe
2014-05-21 22:50 - 2014-05-21 22:50 - 00008150 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-05-21 22:50 - 2014-05-21 22:50 - 00004080 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-05-21 22:50 - 2014-05-21 22:50 - 00000282 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-05-21 22:50 - 2014-05-21 22:50 - 00000000 __SHD () C:\Users\Mike Dobkin\AppData\Roaming\srxyvrc
2014-05-21 22:50 - 2014-05-20 21:44 - 00000000 ___HD () C:\20dab47
2014-05-21 22:50 - 2014-04-18 22:54 - 00000000 ____D () C:\ProgramData\Western Digital
2014-05-21 22:50 - 2010-08-21 16:28 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2014-05-21 22:37 - 2014-05-21 22:37 - 00077312 _____ (Emsisoft GmbH) C:\Windows\system32\eamclean.exe
2014-05-21 22:37 - 2014-05-21 22:37 - 00001406 _____ () C:\Windows\system32\eamclean.dat
2014-05-21 06:30 - 2014-05-21 06:30 - 00001994 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_S_05212014_063007.txt
2014-05-21 06:23 - 2014-05-21 06:23 - 00001958 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_S_05212014_062306.txt
2014-05-21 06:01 - 2014-05-20 22:02 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\Savings Hen
2014-05-20 22:24 - 2014-05-20 22:24 - 00000704 _____ () C:\Users\Mike Dobkin\Desktop\Emsisoft Emergency Kit.lnk
2014-05-20 22:23 - 2014-05-20 22:21 - 228583280 _____ () C:\Users\Mike Dobkin\Downloads\EmsisoftEmergencyKit.exe
2014-05-20 22:08 - 2014-05-20 22:07 - 10971424 _____ (SurfRight B.V.) C:\Users\Mike Dobkin\Downloads\HitmanPro_x64.exe
2014-05-20 22:08 - 2014-05-20 22:00 - 00000000 ____D () C:\Users\Mike Dobkin\Desktop\RK_Quarantine
2014-05-20 22:07 - 2014-05-20 22:07 - 07080040 _____ () C:\Users\Mike Dobkin\Downloads\FinallyFast.setup.exe
2014-05-20 22:06 - 2014-05-20 22:06 - 00006632 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_D_05202014_220623.txt
2014-05-20 22:04 - 2014-05-20 22:04 - 00006387 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_S_05202014_220440.txt
2014-05-20 22:02 - 2014-05-20 22:02 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-05-20 22:02 - 2014-05-20 22:02 - 00000000 ____D () C:\Program Files (x86)\Savings Hen
2014-05-20 22:02 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-20 22:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-05-20 22:00 - 2014-05-20 21:59 - 04527616 _____ () C:\Users\Mike Dobkin\Downloads\RogueKillerX64.exe
2014-05-20 22:00 - 2014-02-05 23:12 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-20 22:00 - 2010-07-14 00:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-20 22:00 - 2009-12-26 09:02 - 00000000 ____D () C:\ProgramData\Sonic
2014-05-20 21:59 - 2014-05-20 21:59 - 00004406 _____ () C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2014-05-20 21:59 - 2010-12-07 00:11 - 00000000 ____D () C:\ProgramData\HP
2014-05-20 21:59 - 2010-08-21 23:59 - 00000000 ____D () C:\ProgramData\McNeel
2014-05-20 21:59 - 2010-07-14 23:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-20 21:59 - 2009-12-26 09:02 - 00000000 ____D () C:\ProgramData\Macrovision
2014-05-20 21:59 - 2009-12-26 09:00 - 00000000 ____D () C:\ProgramData\McAfee
2014-05-20 21:57 - 2014-02-05 23:00 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-20 21:57 - 2012-09-18 17:32 - 00000280 _____ () C:\ProgramData\defraggler_list.txt
2014-05-20 21:57 - 2010-08-29 20:35 - 00000000 ____D () C:\ProgramData\Cisco
2014-05-20 21:57 - 2010-02-26 02:22 - 00000000 ____D () C:\ProgramData\Autodesk
2014-05-20 21:57 - 2009-12-26 08:37 - 00000000 ____D () C:\ProgramData\Dell
2014-05-20 21:46 - 2010-05-14 16:05 - 00000000 ____D () C:\ProgramData\AIM Toolbar
2014-05-20 21:46 - 2009-12-26 08:47 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-20 21:44 - 2014-05-20 21:44 - 00247808 _____ (Esufassi) C:\Windows\SysWOW64\maketend.exe
2014-05-20 21:30 - 2014-03-15 14:14 - 00000254 _____ () C:\CDAVFSuser.log
2014-05-20 21:11 - 2014-05-20 21:11 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Mike Dobkin\Downloads\iExplore (1).exe
2014-05-20 21:07 - 2014-05-20 21:07 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Mike Dobkin\Downloads\iexplore.exe
2014-05-20 20:59 - 2014-03-14 22:25 - 00018139 _____ () C:\CybDefInstallInfo.log
2014-05-20 20:59 - 2014-03-14 22:25 - 00000113 _____ () C:\CybDefWebInstaller.log
2014-05-20 20:59 - 2009-07-13 22:34 - 00000666 _____ () C:\Windows\win.ini
2014-05-20 20:48 - 2014-03-15 14:14 - 00000254 _____ () C:\CDAVFSuserBackup.log
2014-05-20 20:41 - 2009-07-14 01:08 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-20 20:40 - 2014-05-20 20:40 - 00000064 _____ () C:\Windows\system32\ilpbn.vvr
2014-05-20 20:40 - 2014-05-20 20:40 - 00000000 _____ () C:\Windows\system32\gxvzr.cew
2014-05-20 20:24 - 2014-05-20 20:24 - 00310760 ____S () C:\Windows\system32\fcti.vpt
2014-05-20 20:24 - 2014-05-20 20:24 - 00000000 ____D () C:\Windows\Sun
2014-05-19 20:58 - 2014-01-25 14:21 - 00000000 ____D () C:\Windows\rescache
2014-05-17 09:32 - 2014-05-17 09:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-16 20:51 - 2009-07-14 01:13 - 00776000 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-16 19:42 - 2014-03-15 12:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-16 19:41 - 2014-03-15 12:37 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 19:41 - 2014-03-15 12:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-16 19:39 - 2010-01-27 21:51 - 00000000 ___RD () C:\Users\Mike Dobkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 19:35 - 2014-05-05 22:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 19:25 - 2014-03-15 12:37 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-16 19:24 - 2013-07-20 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 19:21 - 2010-01-29 23:30 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-09 02:14 - 2014-05-16 19:19 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 02:11 - 2014-05-16 19:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 22:49 - 2013-01-04 11:29 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-05-07 22:18 - 2010-09-09 06:36 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Roaming\ZoomBrowser EX
2014-05-07 22:09 - 2010-06-22 02:02 - 00000000 ____D () C:\ProgramData\ZoomBrowser
2014-05-07 22:01 - 2014-03-15 12:37 - 00003904 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 22:01 - 2014-03-15 12:37 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 09:51 - 2014-05-07 09:51 - 03419388 _____ () C:\Users\Mike Dobkin\Desktop\M Berkenstock OKAP 3-15-14.tiff
2014-05-06 17:26 - 2010-02-12 00:38 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\CutePDF Writer
2014-05-06 00:40 - 2014-05-16 19:25 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:17 - 2014-05-16 19:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 23:25 - 2014-05-16 19:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 23:07 - 2014-05-16 19:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 23:00 - 2014-05-16 19:25 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-16 19:25 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 21:10 - 2014-05-05 21:09 - 03419388 _____ () C:\Users\Mike Dobkin\Downloads\M Berkenstock OKAP 3-15-14.tiff
2014-05-05 21:08 - 2014-05-05 21:07 - 04800321 _____ () C:\Users\Mike Dobkin\Downloads\message_zdm.html
2014-05-02 00:24 - 2014-05-02 00:23 - 00009256 _____ () C:\Users\Mike Dobkin\Downloads\roster
2014-04-27 16:23 - 2014-04-27 16:23 - 00748477 _____ () C:\Users\Mike Dobkin\Downloads\Rainscreen II - Accent Reveal.dwg
2014-04-27 00:39 - 2014-04-27 00:39 - 00000000 __SHD () C:\Users\Mike Dobkin\AppData\Local\EmieUserList
2014-04-27 00:39 - 2014-04-27 00:39 - 00000000 __SHD () C:\Users\Mike Dobkin\AppData\Local\EmieSiteList
2014-04-26 15:44 - 2014-04-26 15:44 - 00002348 _____ () C:\Users\Mike Dobkin\Downloads\Dobkin-RDP (18).RDP
2014-04-26 14:00 - 2014-04-26 14:00 - 00002348 _____ () C:\Users\Mike Dobkin\Downloads\Dobkin-RDP (17).RDP
2014-04-26 13:42 - 2011-11-10 23:50 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\Akamai
2014-04-26 13:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
 
Files to move or delete:
====================
C:\Users\Mike Dobkin\taskmgr.exe
 
 
Some content of TEMP:
====================
C:\Users\Mike Dobkin\AppData\Local\Temp\BackupSetup.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkpk0rm.dll
C:\Users\Mike Dobkin\AppData\Local\Temp\HitmanPro.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\nscDC24.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\nsr9189.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\nsr9754.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\nsrE078.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Mike Dobkin\AppData\Local\Temp\Quarantine.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\speedmax_4507.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Mike Dobkin\AppData\Local\Temp\System.Data.SQLite68664.dll
C:\Users\Mike Dobkin\AppData\Local\Temp\System.Data.SQLite77278.dll
C:\Users\Mike Dobkin\AppData\Local\Temp\updater_135618.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\~cdiss03.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2011-06-24 22:12] - [2010-11-20 09:27] - 0520192 ____A (Microsoft Corporation) 91F24E9FB8D7F38A211FDB676ABAF96F
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-19 20:51
 
==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Mike Dobkin (administrator) on MIKEDOBKIN-PC on 26-05-2014 21:39:41
Running from C:\Users\Mike Dobkin\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Akamai Technologies, Inc.) C:\Users\Mike Dobkin\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Mike Dobkin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Adobe Systems Inc.) D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Akamai Technologies, Inc.) C:\Users\Mike Dobkin\AppData\Local\Akamai\netsession_win.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-09] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3189016 2009-10-01] (Dell Inc.)
HKLM\...\Run: [IntelliPoint] => "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [357376 2009-09-16] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [mcagent_exe] => "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [634880 2011-12-20] ()
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1779952 2009-07-07] ()
HKLM-x32\...\Run: [Bing Bar] => "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1355.0\mswinext.exe"
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1632216 2012-07-23] (Autodesk, Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [Adobe ARM] => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [39136 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [825560 2012-12-18] (Adobe Systems Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\.DEFAULT\...\Run: [explheme] => C:\Windows\system32\maketend.exe
HKU\.DEFAULT\...\Run: [20dab4] => C:\20dab47\20dab47.exe [194560 2014-05-21] (jiiSoft)
HKU\.DEFAULT\...\Run: [20dab47] => C:\Windows\system32\config\systemprofile\AppData\Roaming\20dab47.exe
HKU\.DEFAULT\...\Run: [explCERT] => C:\Windows\system32\makeocom.exe
HKU\.DEFAULT\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Mike Dobkin\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\MountPoints2: {1502b506-22c6-11e2-bf23-0026b916417b} - F:\TL-Bootstrap.exe
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\MountPoints2: {247488cc-adea-11e0-b730-0026b916417b} - F:\setup.exe -a
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\MountPoints2: {a4ca5fed-f22a-11de-b249-806e6f6e6963} - E:\Setup.exe
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\MountPoints2: {b26ac49d-3e75-11e3-973e-0026b916417b} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...\MountPoints2: {c4d8bbd8-bf23-11e1-af85-0026b916417b} - F:\setup.exe -a
HKU\S-1-5-21-3102976740-1053152927-314319372-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\Mike Dobkin\AppData\Roaming\srxyvrc\stqitxw\wow.dll ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mike Dobkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Mike Dobkin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: http=127.0.0.1:49529;https=127.0.0.1:49529
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
URLSearchHook: HKLM-x32 - AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {F6114AF5-9782-48EF-895B-9D14041578CA} URL = 
BHO: Savings Hen BHO - {1564A235-9C55-4C1F-8CE4-B30B77C0B99A} - C:\Program Files (x86)\Savings Hen\FrameworkBHO64.dll ()
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name - {0347C33E-8762-4905-BF09-768834316C61} -  No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
BHO-x32: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -  No File
Toolbar: HKLM-x32 - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll (Google Inc.)
Toolbar: HKLM-x32 - AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: HKLM-x32 {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files%20(x86)/Autodesk%20Architectural%20Desktop%203/AcDcToday.ocx
DPF: HKLM-x32 {AE563720-B4F5-11D4-A415-00108302FDFD} file:///C:/Program%20Files%20(x86)/Autodesk%20Architectural%20Desktop%203/InstBanr.ocx
DPF: HKLM-x32 {C6637286-300D-11D4-AE0A-0010830243BD} file:///C:/Program%20Files%20(x86)/Autodesk%20Architectural%20Desktop%203/InstFred.ocx
DPF: HKLM-x32 {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files%20(x86)/Autodesk%20Architectural%20Desktop%203/AcPreview.ocx
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeExManDetect - D:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 - C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect - D:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Plugin-x32: www.exent.com/GameTreatWidget - C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-16]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-16]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-01-04]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Docs) - C:\Users\Mike Dobkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-15]
CHR Extension: (Google Drive) - C:\Users\Mike Dobkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-15]
CHR Extension: (YouTube) - C:\Users\Mike Dobkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-15]
CHR Extension: (Google Search) - C:\Users\Mike Dobkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-15]
CHR Extension: (Google Wallet) - C:\Users\Mike Dobkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-15]
CHR Extension: (Gmail) - C:\Users\Mike Dobkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-15]
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-04-19] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-04-19] (Secunia)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.)
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 A2DDA; D:\MY DOCUMENTS\RANDOM AUDIO FIX\RUN\a2ddax64.sys [26176 2014-05-21] (Emsisoft GmbH)
S2 CDAVFS; C:\Windows\SysWOW64\DRIVERS\CDAVFS.sys [67424 2010-01-31] (CyberDefender Corp.)
S3 cleanhlp; D:\My Documents\Random Audio Fix\Run\cleanhlp64.sys [57024 2014-05-21] (Emsisoft GmbH)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-26 21:39 - 2014-05-26 21:40 - 00026270 _____ () C:\Users\Mike Dobkin\Downloads\FRST.txt
2014-05-26 21:39 - 2014-05-26 21:39 - 00000000 ____D () C:\FRST
2014-05-26 21:38 - 2014-05-26 21:39 - 02066944 _____ (Farbar) C:\Users\Mike Dobkin\Downloads\FRST64.exe
2014-05-24 17:26 - 2014-05-24 17:26 - 00028827 _____ () C:\Users\Mike Dobkin\Desktop\dds.txt
2014-05-24 17:26 - 2014-05-24 17:26 - 00020875 _____ () C:\Users\Mike Dobkin\Desktop\attach.txt
2014-05-24 17:24 - 2014-05-24 17:24 - 00688992 ____R (Swearware) C:\Users\Mike Dobkin\Downloads\dds.com
2014-05-24 14:02 - 2014-05-24 14:02 - 00001653 _____ () C:\Users\Mike Dobkin\Desktop\JRT.txt
2014-05-23 19:14 - 2014-05-23 19:14 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-05-22 22:47 - 2014-05-22 22:47 - 01016261 _____ (Thisisu) C:\Users\Mike Dobkin\Downloads\JRT.exe
2014-05-22 22:47 - 2014-05-22 22:47 - 00000000 ____D () C:\Windows\ERUNT
2014-05-22 22:10 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-22 22:08 - 2014-05-24 13:47 - 00000000 ____D () C:\AdwCleaner
2014-05-22 22:08 - 2014-05-22 22:08 - 01326389 _____ () C:\Users\Mike Dobkin\Downloads\adwcleaner_3.210.exe
2014-05-21 22:50 - 2014-05-21 22:50 - 00240128 _____ (Sograge) C:\Windows\SysWOW64\makeocom.exe
2014-05-21 22:50 - 2014-05-21 22:50 - 00008150 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-05-21 22:50 - 2014-05-21 22:50 - 00004080 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-05-21 22:50 - 2014-05-21 22:50 - 00000282 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-05-21 22:50 - 2014-05-21 22:50 - 00000000 __SHD () C:\Users\Mike Dobkin\AppData\Roaming\srxyvrc
2014-05-21 22:37 - 2014-05-21 22:37 - 00077312 _____ (Emsisoft GmbH) C:\Windows\system32\eamclean.exe
2014-05-21 22:37 - 2014-05-21 22:37 - 00001406 _____ () C:\Windows\system32\eamclean.dat
2014-05-21 06:30 - 2014-05-21 06:30 - 00001994 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_S_05212014_063007.txt
2014-05-21 06:23 - 2014-05-21 06:23 - 00001958 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_S_05212014_062306.txt
2014-05-20 22:24 - 2014-05-20 22:24 - 00000704 _____ () C:\Users\Mike Dobkin\Desktop\Emsisoft Emergency Kit.lnk
2014-05-20 22:21 - 2014-05-20 22:23 - 228583280 _____ () C:\Users\Mike Dobkin\Downloads\EmsisoftEmergencyKit.exe
2014-05-20 22:07 - 2014-05-20 22:08 - 10971424 _____ (SurfRight B.V.) C:\Users\Mike Dobkin\Downloads\HitmanPro_x64.exe
2014-05-20 22:07 - 2014-05-20 22:07 - 07080040 _____ () C:\Users\Mike Dobkin\Downloads\FinallyFast.setup.exe
2014-05-20 22:06 - 2014-05-20 22:06 - 00006632 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_D_05202014_220623.txt
2014-05-20 22:04 - 2014-05-20 22:04 - 00006387 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_S_05202014_220440.txt
2014-05-20 22:02 - 2014-05-21 06:01 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\Savings Hen
2014-05-20 22:02 - 2014-05-20 22:02 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-05-20 22:02 - 2014-05-20 22:02 - 00000000 ____D () C:\Program Files (x86)\Savings Hen
2014-05-20 22:00 - 2014-05-22 19:19 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\CrashDumps
2014-05-20 22:00 - 2014-05-20 22:08 - 00000000 ____D () C:\Users\Mike Dobkin\Desktop\RK_Quarantine
2014-05-20 21:59 - 2014-05-20 22:00 - 04527616 _____ () C:\Users\Mike Dobkin\Downloads\RogueKillerX64.exe
2014-05-20 21:59 - 2014-05-20 21:59 - 00004406 _____ () C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2014-05-20 21:44 - 2014-05-21 22:50 - 00000000 ___HD () C:\20dab47
2014-05-20 21:44 - 2014-05-20 21:44 - 00247808 _____ (Esufassi) C:\Windows\SysWOW64\maketend.exe
2014-05-20 21:11 - 2014-05-23 19:24 - 00003630 _____ () C:\Users\Mike Dobkin\Desktop\Rkill.txt
2014-05-20 21:11 - 2014-05-20 21:11 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Mike Dobkin\Downloads\iExplore (1).exe
2014-05-20 21:07 - 2014-05-20 21:07 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Mike Dobkin\Downloads\iexplore.exe
2014-05-20 20:51 - 2014-05-21 23:03 - 00000083 _____ () C:\Windows\system32\fdtjat.idt
2014-05-20 20:40 - 2014-05-20 20:40 - 00000064 _____ () C:\Windows\system32\ilpbn.vvr
2014-05-20 20:40 - 2014-05-20 20:40 - 00000000 _____ () C:\Windows\system32\gxvzr.cew
2014-05-20 20:24 - 2014-05-20 20:24 - 00310760 ____S () C:\Windows\system32\fcti.vpt
2014-05-20 20:24 - 2014-05-20 20:24 - 00000000 ____D () C:\Windows\Sun
2014-05-17 09:32 - 2014-05-26 21:31 - 00001344 _____ () C:\Windows\setupact.log
2014-05-17 09:32 - 2014-05-17 09:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-17 09:31 - 2014-05-24 13:48 - 00039818 _____ () C:\Windows\PFRO.log
2014-05-16 19:25 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 19:25 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 19:25 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-16 19:25 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-16 19:25 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-16 19:25 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-16 19:19 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-16 19:19 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-16 19:19 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-16 19:19 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-16 19:19 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-16 19:19 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-16 19:19 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-16 19:19 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-16 19:19 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-16 19:19 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-16 19:19 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-16 19:19 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-16 19:19 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-16 19:19 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-16 19:19 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-16 19:19 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-16 19:19 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-16 19:19 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-16 19:19 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-16 19:19 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-16 19:19 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-16 19:19 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-16 19:19 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-16 19:19 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-16 19:19 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-16 19:19 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-16 19:19 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-16 19:19 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-07 09:51 - 2014-05-07 09:51 - 03419388 _____ () C:\Users\Mike Dobkin\Desktop\M Berkenstock OKAP 3-15-14.tiff
2014-05-05 22:35 - 2014-05-16 19:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-05 21:09 - 2014-05-05 21:10 - 03419388 _____ () C:\Users\Mike Dobkin\Downloads\M Berkenstock OKAP 3-15-14.tiff
2014-05-05 21:07 - 2014-05-05 21:08 - 04800321 _____ () C:\Users\Mike Dobkin\Downloads\message_zdm.html
2014-05-02 00:23 - 2014-05-02 00:24 - 00009256 _____ () C:\Users\Mike Dobkin\Downloads\roster
2014-04-27 16:23 - 2014-04-27 16:23 - 00748477 _____ () C:\Users\Mike Dobkin\Downloads\Rainscreen II - Accent Reveal.dwg
2014-04-27 00:39 - 2014-04-27 00:39 - 00000000 __SHD () C:\Users\Mike Dobkin\AppData\Local\EmieUserList
2014-04-27 00:39 - 2014-04-27 00:39 - 00000000 __SHD () C:\Users\Mike Dobkin\AppData\Local\EmieSiteList
2014-04-26 15:45 - 2014-03-09 21:59 - 00002348 _____ () C:\Users\Mike Dobkin\Desktop\Dobkin-RDP.RDP
2014-04-26 15:44 - 2014-04-26 15:44 - 00002348 _____ () C:\Users\Mike Dobkin\Downloads\Dobkin-RDP (18).RDP
2014-04-26 14:00 - 2014-04-26 14:00 - 00002348 _____ () C:\Users\Mike Dobkin\Downloads\Dobkin-RDP (17).RDP
 
==================== One Month Modified Files and Folders =======
 
2014-05-26 21:40 - 2014-05-26 21:39 - 00026270 _____ () C:\Users\Mike Dobkin\Downloads\FRST.txt
2014-05-26 21:40 - 2014-03-15 12:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-26 21:39 - 2014-05-26 21:39 - 00000000 ____D () C:\FRST
2014-05-26 21:39 - 2014-05-26 21:38 - 02066944 _____ (Farbar) C:\Users\Mike Dobkin\Downloads\FRST64.exe
2014-05-26 21:39 - 2012-07-15 17:49 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Roaming\Skype
2014-05-26 21:37 - 2009-07-14 00:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-26 21:37 - 2009-07-14 00:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-26 21:36 - 2010-01-29 03:44 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\Adobe
2014-05-26 21:35 - 2012-04-29 23:25 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\Htc
2014-05-26 21:32 - 2014-03-15 12:37 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-26 21:31 - 2014-05-17 09:32 - 00001344 _____ () C:\Windows\setupact.log
2014-05-26 21:31 - 2010-01-31 16:27 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-05-26 21:31 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-26 21:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2014-05-24 17:26 - 2014-05-24 17:26 - 00028827 _____ () C:\Users\Mike Dobkin\Desktop\dds.txt
2014-05-24 17:26 - 2014-05-24 17:26 - 00020875 _____ () C:\Users\Mike Dobkin\Desktop\attach.txt
2014-05-24 17:24 - 2014-05-24 17:24 - 00688992 ____R (Swearware) C:\Users\Mike Dobkin\Downloads\dds.com
2014-05-24 17:12 - 2012-03-29 10:36 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Roaming\Dropbox
2014-05-24 17:11 - 2014-01-01 19:22 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Roaming\DropboxMaster
2014-05-24 17:08 - 2014-03-15 12:37 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-24 16:51 - 2009-07-14 01:10 - 01863013 _____ () C:\Windows\WindowsUpdate.log
2014-05-24 14:40 - 2012-03-29 10:38 - 00001044 _____ () C:\Users\Mike Dobkin\Desktop\Dropbox.lnk
2014-05-24 14:40 - 2012-03-29 10:37 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 14:40 - 2010-01-27 21:47 - 00000000 ___RD () C:\Users\Mike Dobkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-24 14:02 - 2014-05-24 14:02 - 00001653 _____ () C:\Users\Mike Dobkin\Desktop\JRT.txt
2014-05-24 13:48 - 2014-05-17 09:31 - 00039818 _____ () C:\Windows\PFRO.log
2014-05-24 13:47 - 2014-05-22 22:08 - 00000000 ____D () C:\AdwCleaner
2014-05-23 19:24 - 2014-05-20 21:11 - 00003630 _____ () C:\Users\Mike Dobkin\Desktop\Rkill.txt
2014-05-23 19:14 - 2014-05-23 19:14 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-05-22 22:47 - 2014-05-22 22:47 - 01016261 _____ (Thisisu) C:\Users\Mike Dobkin\Downloads\JRT.exe
2014-05-22 22:47 - 2014-05-22 22:47 - 00000000 ____D () C:\Windows\ERUNT
2014-05-22 22:08 - 2014-05-22 22:08 - 01326389 _____ () C:\Users\Mike Dobkin\Downloads\adwcleaner_3.210.exe
2014-05-22 19:22 - 2011-05-25 20:05 - 00002704 _____ () C:\Users\Mike Dobkin\Documents\My Documents.lnk
2014-05-22 19:19 - 2014-05-20 22:00 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\CrashDumps
2014-05-21 23:03 - 2014-05-20 20:51 - 00000083 _____ () C:\Windows\system32\fdtjat.idt
2014-05-21 22:50 - 2014-05-21 22:50 - 00240128 _____ (Sograge) C:\Windows\SysWOW64\makeocom.exe
2014-05-21 22:50 - 2014-05-21 22:50 - 00008150 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-05-21 22:50 - 2014-05-21 22:50 - 00004080 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-05-21 22:50 - 2014-05-21 22:50 - 00000282 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-05-21 22:50 - 2014-05-21 22:50 - 00000000 __SHD () C:\Users\Mike Dobkin\AppData\Roaming\srxyvrc
2014-05-21 22:50 - 2014-05-20 21:44 - 00000000 ___HD () C:\20dab47
2014-05-21 22:50 - 2014-04-18 22:54 - 00000000 ____D () C:\ProgramData\Western Digital
2014-05-21 22:50 - 2010-08-21 16:28 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2014-05-21 22:37 - 2014-05-21 22:37 - 00077312 _____ (Emsisoft GmbH) C:\Windows\system32\eamclean.exe
2014-05-21 22:37 - 2014-05-21 22:37 - 00001406 _____ () C:\Windows\system32\eamclean.dat
2014-05-21 06:30 - 2014-05-21 06:30 - 00001994 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_S_05212014_063007.txt
2014-05-21 06:23 - 2014-05-21 06:23 - 00001958 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_S_05212014_062306.txt
2014-05-21 06:01 - 2014-05-20 22:02 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\Savings Hen
2014-05-20 22:24 - 2014-05-20 22:24 - 00000704 _____ () C:\Users\Mike Dobkin\Desktop\Emsisoft Emergency Kit.lnk
2014-05-20 22:23 - 2014-05-20 22:21 - 228583280 _____ () C:\Users\Mike Dobkin\Downloads\EmsisoftEmergencyKit.exe
2014-05-20 22:08 - 2014-05-20 22:07 - 10971424 _____ (SurfRight B.V.) C:\Users\Mike Dobkin\Downloads\HitmanPro_x64.exe
2014-05-20 22:08 - 2014-05-20 22:00 - 00000000 ____D () C:\Users\Mike Dobkin\Desktop\RK_Quarantine
2014-05-20 22:07 - 2014-05-20 22:07 - 07080040 _____ () C:\Users\Mike Dobkin\Downloads\FinallyFast.setup.exe
2014-05-20 22:06 - 2014-05-20 22:06 - 00006632 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_D_05202014_220623.txt
2014-05-20 22:04 - 2014-05-20 22:04 - 00006387 _____ () C:\Users\Mike Dobkin\Desktop\RKreport[0]_S_05202014_220440.txt
2014-05-20 22:02 - 2014-05-20 22:02 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-05-20 22:02 - 2014-05-20 22:02 - 00000000 ____D () C:\Program Files (x86)\Savings Hen
2014-05-20 22:02 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-20 22:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-05-20 22:00 - 2014-05-20 21:59 - 04527616 _____ () C:\Users\Mike Dobkin\Downloads\RogueKillerX64.exe
2014-05-20 22:00 - 2014-02-05 23:12 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-20 22:00 - 2010-07-14 00:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-20 22:00 - 2009-12-26 09:02 - 00000000 ____D () C:\ProgramData\Sonic
2014-05-20 21:59 - 2014-05-20 21:59 - 00004406 _____ () C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2014-05-20 21:59 - 2010-12-07 00:11 - 00000000 ____D () C:\ProgramData\HP
2014-05-20 21:59 - 2010-08-21 23:59 - 00000000 ____D () C:\ProgramData\McNeel
2014-05-20 21:59 - 2010-07-14 23:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-20 21:59 - 2009-12-26 09:02 - 00000000 ____D () C:\ProgramData\Macrovision
2014-05-20 21:59 - 2009-12-26 09:00 - 00000000 ____D () C:\ProgramData\McAfee
2014-05-20 21:57 - 2014-02-05 23:00 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-20 21:57 - 2012-09-18 17:32 - 00000280 _____ () C:\ProgramData\defraggler_list.txt
2014-05-20 21:57 - 2010-08-29 20:35 - 00000000 ____D () C:\ProgramData\Cisco
2014-05-20 21:57 - 2010-02-26 02:22 - 00000000 ____D () C:\ProgramData\Autodesk
2014-05-20 21:57 - 2009-12-26 08:37 - 00000000 ____D () C:\ProgramData\Dell
2014-05-20 21:46 - 2010-05-14 16:05 - 00000000 ____D () C:\ProgramData\AIM Toolbar
2014-05-20 21:46 - 2009-12-26 08:47 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-20 21:44 - 2014-05-20 21:44 - 00247808 _____ (Esufassi) C:\Windows\SysWOW64\maketend.exe
2014-05-20 21:30 - 2014-03-15 14:14 - 00000254 _____ () C:\CDAVFSuser.log
2014-05-20 21:11 - 2014-05-20 21:11 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Mike Dobkin\Downloads\iExplore (1).exe
2014-05-20 21:07 - 2014-05-20 21:07 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Mike Dobkin\Downloads\iexplore.exe
2014-05-20 20:59 - 2014-03-14 22:25 - 00018139 _____ () C:\CybDefInstallInfo.log
2014-05-20 20:59 - 2014-03-14 22:25 - 00000113 _____ () C:\CybDefWebInstaller.log
2014-05-20 20:59 - 2009-07-13 22:34 - 00000666 _____ () C:\Windows\win.ini
2014-05-20 20:48 - 2014-03-15 14:14 - 00000254 _____ () C:\CDAVFSuserBackup.log
2014-05-20 20:41 - 2009-07-14 01:08 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-20 20:40 - 2014-05-20 20:40 - 00000064 _____ () C:\Windows\system32\ilpbn.vvr
2014-05-20 20:40 - 2014-05-20 20:40 - 00000000 _____ () C:\Windows\system32\gxvzr.cew
2014-05-20 20:24 - 2014-05-20 20:24 - 00310760 ____S () C:\Windows\system32\fcti.vpt
2014-05-20 20:24 - 2014-05-20 20:24 - 00000000 ____D () C:\Windows\Sun
2014-05-19 20:58 - 2014-01-25 14:21 - 00000000 ____D () C:\Windows\rescache
2014-05-17 09:32 - 2014-05-17 09:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-16 20:51 - 2009-07-14 01:13 - 00776000 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-16 19:42 - 2014-03-15 12:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-16 19:41 - 2014-03-15 12:37 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 19:41 - 2014-03-15 12:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-16 19:39 - 2010-01-27 21:51 - 00000000 ___RD () C:\Users\Mike Dobkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 19:35 - 2014-05-05 22:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 19:25 - 2014-03-15 12:37 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-16 19:24 - 2013-07-20 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 19:21 - 2010-01-29 23:30 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-09 02:14 - 2014-05-16 19:19 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 02:11 - 2014-05-16 19:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 22:49 - 2013-01-04 11:29 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-05-07 22:18 - 2010-09-09 06:36 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Roaming\ZoomBrowser EX
2014-05-07 22:09 - 2010-06-22 02:02 - 00000000 ____D () C:\ProgramData\ZoomBrowser
2014-05-07 22:01 - 2014-03-15 12:37 - 00003904 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 22:01 - 2014-03-15 12:37 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 09:51 - 2014-05-07 09:51 - 03419388 _____ () C:\Users\Mike Dobkin\Desktop\M Berkenstock OKAP 3-15-14.tiff
2014-05-06 17:26 - 2010-02-12 00:38 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\CutePDF Writer
2014-05-06 00:40 - 2014-05-16 19:25 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:17 - 2014-05-16 19:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 23:25 - 2014-05-16 19:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 23:07 - 2014-05-16 19:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 23:00 - 2014-05-16 19:25 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-16 19:25 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 21:10 - 2014-05-05 21:09 - 03419388 _____ () C:\Users\Mike Dobkin\Downloads\M Berkenstock OKAP 3-15-14.tiff
2014-05-05 21:08 - 2014-05-05 21:07 - 04800321 _____ () C:\Users\Mike Dobkin\Downloads\message_zdm.html
2014-05-02 00:24 - 2014-05-02 00:23 - 00009256 _____ () C:\Users\Mike Dobkin\Downloads\roster
2014-04-27 16:23 - 2014-04-27 16:23 - 00748477 _____ () C:\Users\Mike Dobkin\Downloads\Rainscreen II - Accent Reveal.dwg
2014-04-27 00:39 - 2014-04-27 00:39 - 00000000 __SHD () C:\Users\Mike Dobkin\AppData\Local\EmieUserList
2014-04-27 00:39 - 2014-04-27 00:39 - 00000000 __SHD () C:\Users\Mike Dobkin\AppData\Local\EmieSiteList
2014-04-26 15:44 - 2014-04-26 15:44 - 00002348 _____ () C:\Users\Mike Dobkin\Downloads\Dobkin-RDP (18).RDP
2014-04-26 14:00 - 2014-04-26 14:00 - 00002348 _____ () C:\Users\Mike Dobkin\Downloads\Dobkin-RDP (17).RDP
2014-04-26 13:42 - 2011-11-10 23:50 - 00000000 ____D () C:\Users\Mike Dobkin\AppData\Local\Akamai
2014-04-26 13:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
 
Files to move or delete:
====================
C:\Users\Mike Dobkin\taskmgr.exe
 
 
Some content of TEMP:
====================
C:\Users\Mike Dobkin\AppData\Local\Temp\BackupSetup.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkpk0rm.dll
C:\Users\Mike Dobkin\AppData\Local\Temp\HitmanPro.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\nscDC24.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\nsr9189.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\nsr9754.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\nsrE078.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Mike Dobkin\AppData\Local\Temp\Quarantine.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\speedmax_4507.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Mike Dobkin\AppData\Local\Temp\System.Data.SQLite68664.dll
C:\Users\Mike Dobkin\AppData\Local\Temp\System.Data.SQLite77278.dll
C:\Users\Mike Dobkin\AppData\Local\Temp\updater_135618.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\~cdiss03.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2011-06-24 22:12] - [2010-11-20 09:27] - 0520192 ____A (Microsoft Corporation) 91F24E9FB8D7F38A211FDB676ABAF96F
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-19 20:51
 
==================== End Of Log ============================
 
 
ADDITION.TEXT
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Mike Dobkin at 2014-05-26 21:40:43
Running from C:\Users\Mike Dobkin\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
1310 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
1310_Help (x32 Version: 82.0.58.000 - Hewlett-Packard) Hidden
1310Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7 Wonders II (HKLM-x32\...\exent_586350) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.3.0.3670 - Adobe Systems Incorporated) Hidden
Adobe Connect 9 Add-in (HKCU\...\Adobe Connect 9 Add-in) (Version: 11,9,959,0 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Design Standard (HKLM-x32\...\{0327A4BF-62BF-48BB-8928-B971B749E9E1}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.0.0 - Adobe Systems Incorporated)
Adobe® Content Viewer (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AIM Toolbar (HKLM-x32\...\AIM Toolbar) (Version:  - )
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AnswerWorks Runtime (HKLM-x32\...\AnswerWorks) (Version:  - )
Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 3.4.2.0 - Auslogics Labs Pty Ltd)
Autodesk Architectural Desktop 3.3 (HKLM-x32\...\{5783F2D7-0134-0409-0000-0060B0CE6BBA}) (Version: 15.6.030.376 - Autodesk)
Autodesk Backburner 2008.1 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2008.1.1 - Autodesk, Inc.)
Autodesk Download Manager (HKLM-x32\...\{CCA78313-443C-4674-81B8-88919D137258}) (Version: 2.0.2.0 - Autodesk, Inc.)
Autodesk Revit 2013 (HKLM\...\Autodesk Revit 2013) (Version: 12.02.21203 - Autodesk)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bing Bar (HKLM-x32\...\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}) (Version: 7.2.241.0 - Microsoft Corporation)
Bonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Canon Digital Camera Solution Disk 40-46 Software Starter Guide (HKLM-x32\...\SoftwareStarterGuide-DCSD40_46) (Version: 1.1.0.1 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.0.0.20 - Canon Inc.)
Canon Personal Printing Guide (HKLM-x32\...\Personal Printing Guide) (Version: 1.0.0.1 - Canon Inc.)
Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSD1200IS_IXUS95IS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.2.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.4.0.9 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.5.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.2.0.4 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.2.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.3.0.7 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.0.9 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Cisco AnyConnect VPN Client (HKLM-x32\...\{6005535D-8A83-4108-A757-E1AB9886AECA}) (Version: 2.3.0254 - Cisco Systems, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Complete Care Consumer Service Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberDefender Early Detection Center (HKLM-x32\...\{AC5352DA-F4F2-4A59-A1BF-41546342746B}) (Version: 6.01.25.01 - CyberDefender Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.05 - Piriform)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.1.0029 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.102.101.303 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
FARO LS 1.1.408.2 (HKLM-x32\...\{91221AAC-F2A0-4028-8016-C7DAF63CB6CC}) (Version: 4.8.2.25521 - FARO Scanner Production)
FARO LS 4.8.2.25521 (HKLM-x32\...\FARO LS_is1) (Version:  - FARO Technologies)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google SketchUp Pro 7 (HKLM-x32\...\{E1C256F5-58C6-44E9-939A-E1189C8126E2}) (Version: 2.0.10247 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - )
Google Toolbar for Internet Explorer (x32 Version: 4.0.0.002 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.153 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Grasshopper (HKLM-x32\...\Grasshopper) (Version:  - )
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.018 - HTC Corporation)
HTC Sync (HKLM-x32\...\{7A3FFA58-876F-489C-B6CF-0503916224DF}) (Version: 3.0.5617 - HTC Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1968 - Intel Corporation)
iTunes (HKLM\...\{28D73032-5DAA-4F83-B154-85105DBCCB92}) (Version: 10.3.1.55 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.5.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 26 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416026FF}) (Version: 6.0.260 - Oracle)
Java™ 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.260 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Karamba (32bit) (HKLM-x32\...\{FBE63977-19A9-44F5-9BEB-F1ADA76C539E}) (Version: 1.0.2 - Clemens Preisinger)
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Maxwell for Rhino x86 (HKLM-x32\...\{3439D337-3F7F-48CA-8965-6819B9F2FD28}) (Version: 2.6.0 - Next Limit Technologies)
Maxwell Shell Extension (x64) (HKLM\...\{A7D9775A-2F07-413A-B312-3464B3CB79CD}) (Version: 2.6.0 - Next Limit Technologies)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.1.177.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{67635FB6-2F63-4FFB-830B-D4C01597EBA4}) (Version: 1.2.1 - DELL)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 8.0 Support DLLs (HKLM-x32\...\{342F5437-C87D-4BB5-89B9-B23E16C6A395}) (Version: 1.0.0 - McNeel & Associates)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Pepakura Designer 3 (HKLM-x32\...\pepakura_designer3en) (Version:  - TamaSoftware)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
QualXServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.11 - Dell Inc.)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5951 - Realtek Semiconductor Corp.)
Revit 2013 (Version: 12.02.21203 - Autodesk) Hidden
Revit 2013 Language Pack - English (Version: 12.02.21203 - Autodesk) Hidden
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
Safari (HKLM-x32\...\{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}) (Version: 5.33.21.1 - Apple Inc.)
Savings Hen (HKLM-x32\...\38959_Savings Hen) (Version: 1.0 - Smart Apps) <==== ATTENTION
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Secunia PSI (2.0.0.3003) (HKLM-x32\...\Secunia PSI) (Version:  - )
SketchUp 2013 (HKLM-x32\...\{E74C0D09-8730-4714-8C6F-019FBF7F1B42}) (Version: 13.0.3689 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13348 - Skype Technologies S.A.)
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.2.1 - Tweaking.com)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{319951E8-E272-4F02-A752-DD6FCD7D4519}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9680B76D-042F-4FF2-BD87-6E859531452D}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Weaverbird (HKLM-x32\...\{CEB756FF-E49E-48E4-8D40-4DB6DD3FFE6E}) (Version: 0.5.16.0 - Piacentino Architecture)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2014-02-05 21:56 - 2014-05-20 22:02 - 00000902 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
54.221.22.25 epcaecmamppaanbcebonhemckaapciho
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {4B229C52-7D7C-4ADA-B0FE-F0666752DEDE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-15] (Google Inc.)
Task: {4B79CF49-C498-49EA-8A34-186E93F23D05} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe <==== ATTENTION
Task: {5113BB53-F18F-45DB-9307-E3BC773DB6C8} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {682672DF-2548-4570-B522-546D6C00C71C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {6ADE3DE2-82C4-4D55-83F5-D6C8789E38AB} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {6B7CF5D3-13A8-4696-BD5D-4B89A120DA59} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-12-20] ()
Task: {6E48162D-0F98-487A-9920-673C08B0CE95} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {7C53B96D-1890-4263-89AB-56AB5023203C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {875202BA-8CDE-43FB-9472-A69B2B1C5470} - System32\Tasks\D1234567\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-16] (Dell Inc.)
Task: {9FBC52F0-4F12-4DE2-9C98-214461D2DBC0} - System32\Tasks\AdobeAAMUpdater-1.0-MikeDobkin-PC-Mike Dobkin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {A2430D4C-B350-4937-9579-2D2EE819B6D8} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {A544110A-1ECC-481F-9ADA-A741B020FF36} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-15] (Google Inc.)
Task: {A5B1BB65-F0B1-4A6E-8129-4C79175FEA4E} - \PC Speed Maximizer Schedule No Task File <==== ATTENTION
Task: {A7A5C550-5109-4FF8-BF6E-B21ED23BD509} - System32\Tasks\Start Registry Reviver => C:\Program Files (x86)\Reviversoft\Registry Reviver\RegistryReviver.exe
Task: {AF2ADB7A-529F-4236-9885-F4031F31C821} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-16] (Adobe Systems Incorporated)
Task: {BB2300E4-44C0-46FE-A9E0-B1E550DCA6A7} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-12-26 08:37 - 2009-07-16 20:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2009-12-26 08:37 - 2009-07-16 20:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2010-01-30 13:13 - 2009-11-05 09:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2011-09-15 12:06 - 2011-09-15 12:06 - 00088576 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2011-12-20 13:32 - 2011-12-20 13:32 - 00634880 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
2009-10-15 05:10 - 2009-10-15 05:10 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2009-07-07 12:23 - 2009-07-07 12:23 - 01779952 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2014-05-26 21:36 - 2014-05-26 21:36 - 00043008 _____ () C:\Users\Mike Dobkin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkpk0rm.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Mike Dobkin\AppData\Roaming\Dropbox\bin\libcef.dll
2010-03-15 16:57 - 2010-03-15 16:57 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-12-20 13:32 - 2011-12-20 13:32 - 00103936 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
2011-12-20 13:32 - 2011-12-20 13:32 - 00516599 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
2011-12-20 13:32 - 2011-12-20 13:32 - 00094208 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
2011-12-20 13:32 - 2011-12-20 13:32 - 00389120 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll
2011-12-20 13:32 - 2011-12-20 13:32 - 00143360 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
2011-12-20 13:32 - 2011-12-20 13:32 - 00172032 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
2011-12-20 13:32 - 2011-12-20 13:32 - 00559244 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
2011-12-20 13:32 - 2011-12-20 13:32 - 01515520 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
2009-07-07 12:24 - 2009-07-07 12:24 - 00268528 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-07-07 12:23 - 2009-07-07 12:23 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2009-07-07 12:24 - 2009-07-07 12:24 - 00095472 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2009-07-07 12:24 - 2009-07-07 12:24 - 00140528 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-07-07 12:23 - 2009-07-07 12:23 - 00017648 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\13159538.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\13159538.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: hp color LaserJet 5550
Description: hp color LaserJet 5550
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart Prem C310 series
Description: Photosmart Prem C310 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart Prem C310 series
Description: Photosmart Prem C310 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: X5XSEx_Pr143
Description: X5XSEx_Pr143
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: X5XSEx_Pr143
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: HP LaserJet 300 colorMFP M375nw
Description: HP LaserJet 300 colorMFP M375nw
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet CP1525nw
Description: HP LaserJet CP1525nw
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart Prem C310 series
Description: Photosmart Prem C310 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet 7500 E910
Description: Officejet 7500 E910
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart Prem C310 series
Description: Photosmart Prem C310 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet J4680 series
Description: Officejet J4680 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 4100 Series
Description: HP LaserJet 4100 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/26/2014 09:40:33 PM) (Source: .NET Runtime) (EventID: 1024) (User: )
Description: Shim database version C:\Windows\Microsoft.NET\Framework64\v4.0.30319 doesn't have a matching runtime directory
 
Error: (05/26/2014 09:35:57 PM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()
 
Error: (05/26/2014 09:34:56 PM) (Source: .NET Runtime) (EventID: 1024) (User: )
Description: Shim database version C:\Windows\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory
 
Error: (05/26/2014 09:34:41 PM) (Source: MsiInstaller) (EventID: 11711) (User: MikeDobkin-PC)
Description: Product: Bing Bar -- Error 1711. An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.
 
Error: (05/26/2014 09:34:40 PM) (Source: MsiInstaller) (EventID: 11711) (User: MikeDobkin-PC)
Description: Product: Bing Bar -- Error 1711. An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.
 
Error: (05/26/2014 09:32:31 PM) (Source: .NET Runtime) (EventID: 1024) (User: )
Description: Shim database version C:\Windows\Microsoft.NET\Framework64\v4.0.30319 doesn't have a matching runtime directory
 
Error: (05/26/2014 09:31:41 PM) (Source: .NET Runtime) (EventID: 1024) (User: )
Description: Shim database version C:\Windows\Microsoft.NET\Framework64\v4.0.30319 doesn't have a matching runtime directory
 
Error: (05/24/2014 05:29:16 PM) (Source: MsiInstaller) (EventID: 11711) (User: MikeDobkin-PC)
Description: Product: Microsoft_VC80_CRT_x86 -- Error 1711.An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the installation.
 
Error: (05/24/2014 05:29:15 PM) (Source: MsiInstaller) (EventID: 11711) (User: MikeDobkin-PC)
Description: Product: Microsoft_VC80_CRT_x86 -- Error 1711.An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the installation.
 
Error: (05/24/2014 05:29:14 PM) (Source: MsiInstaller) (EventID: 11711) (User: MikeDobkin-PC)
Description: Product: Microsoft_VC80_CRT_x86 -- Error 1711.An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the installation.
 
 
System errors:
=============
Error: (05/26/2014 09:38:27 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
Error: (05/26/2014 09:31:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The X5XSEx_Pr143 service failed to start due to the following error: 
%%3
 
Error: (05/26/2014 09:31:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CDAVFS service failed to start due to the following error: 
%%1275
 
Error: (05/26/2014 09:31:38 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\DRIVERS\CDAVFS.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (05/24/2014 05:11:09 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
Error: (05/24/2014 05:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The X5XSEx_Pr143 service failed to start due to the following error: 
%%3
 
Error: (05/24/2014 05:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053
 
Error: (05/24/2014 05:07:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (05/24/2014 05:07:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
%%1053
 
Error: (05/24/2014 05:07:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (03/26/2011 05:42:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (03/16/2011 05:00:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 444 seconds with 60 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2011-06-23 07:57:30.780
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-06-22 22:38:13.376
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-06-22 22:27:30.950
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-06-22 21:08:42.772
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-06-22 20:49:08.153
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-06-22 20:36:43.388
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-06-22 20:23:13.029
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-06-22 20:01:29.470
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-06-22 00:55:11.156
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-06-22 00:43:57.587
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 43%
Total physical RAM: 3892.54 MB
Available physical RAM: 2195.34 MB
Total Pagefile: 7783.27 MB
Available Pagefile: 5584.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:58.59 GB) (Free:13.08 GB) NTFS
Drive d: () (Fixed) (Total:397.3 GB) (Free:106.1 GB) NTFS
Drive e: (Rhino 5.0) (CDROM) (Total:1.13 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E635605C)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=397 GB) - (Type=OF Extended)
 
==================== End Of Log ============================
 
SEARCH.TXT
 
Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Mike Dobkin at 2014-05-26 21:47:18
Running from C:\Users\Mike Dobkin\Downloads
Boot Mode: Normal
 
================== Search Files: "rpcss.dll" =============
 
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2011-06-24 22:12] - [2010-11-20 09:27] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
 
C:\Windows\System32\rpcss.dll
[2011-06-24 22:12] - [2010-11-20 09:27] - 0520192 ____A (Microsoft Corporation) 91F24E9FB8D7F38A211FDB676ABAF96F
 
====== End Of Search ======


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:52 AM

Posted 31 May 2014 - 04:33 AM

Hello Pinwheel




I need you to download this script I have made for you --> Attached File  fixlist.txt   2.3KB   3 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Pinwheel

Pinwheel
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 31 May 2014 - 04:03 PM

Hi Gringo,

 

     I got an error message, but it still made a fixlog.txt text file. Here is the error message I got:

 

Line 9272 (File 
D:\My Documents\Random audio Fix\FRST64.exe")

 

Error: Variable cannot be accessed in this manner.

 

     Here is contents of my fixlog.txt file:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02
Ran by Mike Dobkin at 2014-05-31 17:03:27 Run:5
Running from D:\My Documents\Random Audio Fix
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
HKU\.DEFAULT\...\Run: [explheme] => C:\Windows\system32\maketend.exe
HKU\.DEFAULT\...\Run: [20dab4] => C:\20dab47\20dab47.exe [194560 2014-05-21] (jiiSoft)
HKU\.DEFAULT\...\Run: [20dab47] => C:\Windows\system32\config\systemprofile\AppData\Roaming\20dab47.exe
HKU\.DEFAULT\...\Run: [explCERT] => C:\Windows\system32\makeocom.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
2014-05-21 22:50 - 2014-05-21 22:50 - 00240128 _____ (Sograge) C:\Windows\SysWOW64\makeocom.exe
2014-05-21 22:50 - 2014-05-21 22:50 - 00008150 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-05-21 22:50 - 2014-05-21 22:50 - 00004080 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-05-21 22:50 - 2014-05-21 22:50 - 00000282 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-05-21 22:50 - 2014-05-21 22:50 - 00000000 __SHD () C:\Users\Mike Dobkin\AppData\Roaming\srxyvrc
2014-05-20 20:51 - 2014-05-21 23:03 - 00000083 _____ () C:\Windows\system32\fdtjat.idt
2014-05-20 20:40 - 2014-05-20 20:40 - 00000064 _____ () C:\Windows\system32\ilpbn.vvr
2014-05-20 20:40 - 2014-05-20 20:40 - 00000000 _____ () C:\Windows\system32\gxvzr.cew
2014-05-20 20:24 - 2014-05-20 20:24 - 00310760 ____S () C:\Windows\system32\fcti.vpt
C:\Users\Mike Dobkin\taskmgr.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\BackupSetup.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkpk0rm.dll
C:\Users\Mike Dobkin\AppData\Local\Temp\HitmanPro.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\nscDC24.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\nsr9189.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\nsr9754.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\nsrE078.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Mike Dobkin\AppData\Local\Temp\Quarantine.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\speedmax_4507.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Mike Dobkin\AppData\Local\Temp\System.Data.SQLite68664.dll
C:\Users\Mike Dobkin\AppData\Local\Temp\System.Data.SQLite77278.dll
C:\Users\Mike Dobkin\AppData\Local\Temp\updater_135618.exe
C:\Users\Mike Dobkin\AppData\Local\Temp\~cdiss03.exe
 
 
*****************
 
"C:\Windows\System32\rpcss.dll" => Could not move.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\explheme => Value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\20dab4 => Value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\20dab47 => Value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\explCERT => Value not found.
"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
"C:\Windows\SysWOW64\makeocom.exe" => File/Directory not found.
"C:\ProgramData\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\ProgramData\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\ProgramData\DECRYPT_INSTRUCTION.URL" => File/Directory not found.
 
"C:\Users\Mike Dobkin\AppData\Roaming\srxyvrc" directory move:
 

Edited by Pinwheel, 31 May 2014 - 04:06 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:52 AM

Posted 31 May 2014 - 09:21 PM


Hello Pinwheel,

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Pinwheel

Pinwheel
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 31 May 2014 - 10:46 PM

Hi Gringo,

 

     Thank you for your help. I'll answer your questions in reverse order, so I can post the log last.

 

1) The computer seems fine for now - no problems are apparent, and I noticed my task manager has a lot less items on it.

2) There weren't any problems, the computer restarted once

3) Here's the log:

 

ComboFix 14-05-29.01 - Mike Dobkin 05/31/2014  23:14:40.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.2470 [GMT -4:00]
Running from: c:\users\Mike Dobkin\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1051646004
c:\programdata\39706360
c:\programdata\46522104
c:\users\Mike Dobkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair
c:\users\Mike Dobkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair\Uninstall Windows 7 Repair.lnk
c:\users\Mike Dobkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair\Windows 7 Repair.lnk
c:\users\Mike Dobkin\Taskmgr.exe
.
Infected copy of c:\windows\SysWow64\ntdll.dll was found and disinfected 
Restored copy from - c:\windows\winsxs\wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.22436_none_c1c770f6605a21ff\ntdll.dll 
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-01 to 2014-06-01  )))))))))))))))))))))))))))))))
.
.
2014-06-01 03:22 . 2014-06-01 03:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-01 03:22 . 2014-06-01 03:22 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-05-27 01:39 . 2014-05-31 21:03 -------- d-----w- C:\FRST
2014-05-23 23:14 . 2014-05-23 23:14 -------- d-----w- C:\TDSSKiller_Quarantine
2014-05-23 02:47 . 2014-05-23 02:47 -------- d-----w- c:\windows\ERUNT
2014-05-23 02:10 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-23 02:08 . 2014-05-24 17:47 -------- d-----w- C:\AdwCleaner
2014-05-22 02:50 . 2014-05-22 02:50 -------- d-sh--w- c:\users\Mike Dobkin\AppData\Roaming\srxyvrc
2014-05-22 02:37 . 2014-05-22 02:37 77312 ----a-w- c:\windows\system32\eamclean.exe
2014-05-21 02:02 . 2014-05-21 10:01 -------- d-----w- c:\users\Mike Dobkin\AppData\Local\Savings Hen
2014-05-21 02:02 . 2014-05-21 02:02 -------- d-----w- c:\program files (x86)\Savings Hen
2014-05-21 02:02 . 2014-05-21 10:01 -------- d-----w- C:\temp
2014-05-21 02:00 . 2014-05-22 23:19 -------- d-----w- c:\users\Mike Dobkin\AppData\Local\CrashDumps
2014-05-21 01:44 . 2014-05-21 01:44 247808 ----a-w- c:\windows\SysWow64\maketend.exe
2014-05-21 01:44 . 2014-05-22 02:50 -------- d-----w- C:\20dab47
2014-05-21 01:33 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A28BB067-5C3F-4A32-B4CB-20A213D7DC0D}\mpengine.dll
2014-05-21 00:52 . 2014-04-17 09:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE1169A7-DAE4-4B25-8E35-33717AD4EFD6}\mpengine.dll
2014-05-21 00:24 . 2014-05-21 00:24 -------- d-----w- c:\windows\Sun
2014-05-16 23:25 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-16 23:25 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-16 23:25 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-16 23:25 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-06 02:35 . 2014-05-16 23:35 -------- d-s---w- c:\windows\system32\CompatTel
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-16 23:41 . 2014-03-15 16:37 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-16 23:41 . 2014-03-15 16:37 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-16 23:21 . 2010-01-30 03:30 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-03-31 13:35 . 2011-06-25 02:07 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-06 09:31 . 2014-04-24 01:30 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-24 01:30 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-24 01:30 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-24 01:30 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-24 01:30 2767360 ----a-w- c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-24 01:30 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-24 01:30 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-24 01:30 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-24 01:30 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-24 01:30 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-24 01:30 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-24 01:30 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-24 01:30 5784064 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-24 01:30 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-24 01:30 586240 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-24 01:30 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-24 01:30 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-24 01:30 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-24 01:30 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-24 01:30 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-24 01:30 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-24 01:30 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-24 01:30 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-24 01:30 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-24 01:30 628736 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-24 01:30 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-24 01:30 2043904 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-24 01:30 13551104 ----a-w- c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-24 01:30 1967104 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-24 01:30 2260480 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-24 01:30 1400832 ----a-w- c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-24 01:30 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-24 01:30 1789440 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-04 09:44 . 2014-04-10 01:34 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-10 01:34 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-10 01:34 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-10 01:34 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-10 01:34 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-10 01:34 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-10 01:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-10 01:34 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-10 01:34 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-10 01:34 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-10 01:34 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Mike Dobkin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Mike Dobkin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Mike Dobkin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-06 6563608]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Akamai NetSession Interface"="c:\users\Mike Dobkin\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"ADSK DLMSession"="c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2012-07-23 1632216]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe Acrobat Speed Launcher"="d:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-12-18 39136]
"Acrobat Assistant 8.0"="d:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-12-18 825560]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\users\Mike Dobkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mike Dobkin\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-19 33322312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-15 329944]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 CDAVFS;CDAVFS;c:\windows\system32\DRIVERS\CDAVFS.sys;c:\windows\SYSNATIVE\DRIVERS\CDAVFS.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 X5XSEx_Pr143;X5XSEx_Pr143;c:\program files (x86)\Free Ride Games\X5XSEx_Pr143.Sys;c:\program files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 cleanhlp;cleanhlp;d:\my documents\Random Audio Fix\Run\cleanhlp64.sys;d:\my documents\Random Audio Fix\Run\cleanhlp64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;d:\my documents\RANDOM AUDIO FIX\RUN\a2ddax64.sys;d:\my documents\RANDOM AUDIO FIX\RUN\a2ddax64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-31 21:06 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-15 23:41]
.
2014-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-15 16:37]
.
2014-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-15 16:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1564A235-9C55-4C1F-8CE4-B30B77C0B99A}]
2014-05-01 20:44 492888 ----a-w- c:\program files (x86)\Savings Hen\FrameworkBHO64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Mike Dobkin\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Mike Dobkin\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Mike Dobkin\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Mike Dobkin\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-23 408600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-23 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-23 390168]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-09-16 357376]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:49529;https=127.0.0.1:49529
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Exetender - c:\program files (x86)\Free Ride Games\GPlayer.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-SwitchBoard - c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
Wow6432Node-HKLM-Run-mcagent_exe - c:\program files (x86)\McAfee.com\Agent\mcagent.exe
Wow6432Node-HKLM-Run-Bing Bar - c:\program files (x86)\MSN Toolbar\Platform\5.0.1355.0\mswinext.exe
Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
Wow6432Node-HKLM-Run-Adobe ARM - c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Wow6432Node-HKU-Default-Run-Exetender - c:\program files (x86)\Free Ride Games\GPlayer.exe
SafeBoot-13159538.sys
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-IntelliPoint - c:\program files\Microsoft IntelliPoint\ipoint.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2487367 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2736428 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2742595 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2160841 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2446708 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2478663 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572078 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2633870 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2686827 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2729449 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2736428 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2737019 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2742595 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2789642 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2804576 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\à®*]
@=multi:"?\02???????????????\09(\00??\01\00\01'??????????2014/03/18/20:30\00?????\07\04?\01\00\04\00\01????????\01?Z?????9\04?\02\00\04\00\01?????????????????????????????3\00?????????\00\08\00??\01\00\00\00???????????????5\04?\02\00\04\00\01\00???????????????????????????????\03N\00??\01\00\01???????????:\00\00?????? ???I\00\00??\01\00\00\00????\00\00??????\14\00\00\00\00\00\00\0036&\00???????????????????a???????\00`\00??\01\00\00????????????????5\04?\02\00\04\00\01\00???????????????????????????????????\05\04??\00\04\00\01i???r???\04\04?\00\00\04\00\01u???u???????U????????????x?? ???I\00\00??\00\00\00\00????\19\00???U??\00 \00\00 \00$\00??R\00???????????????????????????????????????????????5\04?\02\00\04\00\01\00??????????????????????????0???°????????????????????????????\0f\01?\01\00\03\00\01d????????\08\00????????????????\00????5\04?\02\00\04\00\01\00????????????????????????????????????????\08\00????GDRGDR.cab\00??????\01???\00???\00???\00,\00??\01\00\00????5\04?\02\00\04\00\01C???????????????????????????????????????????\00l\00??\01\00\00\03??6.1\00?????\15\02?\00\00\01\00\01??????????????????~?~\08\00?????\14\02?\00\00\01\00\01 ???????????????\14\02?\00\00\01\00\01????????????????\14\02?\00\00\01\00\01???????????\00\00???\14\02?\00\00\01\00\01\00??????????????? ???a\00\00??\01\00\00\00????\00\00??????\10\00\00\00\00\00\00\00e\00\08\00???????\01???????\0b`\00?~\01\00\01??????e\00\00???\0b \00??\01\00\01????????????\0f\01?\01\00\03\00\01????????????????\00\08\00??\01\00\00????????????\0c\01?\01\00\03\00\01C???????????\00?\00??\07\00\00\00??OceanPark\00???\02??????????????\00????\00.\00??\01\00\00\00???\00I\00??\01\00\00???????\00\00???\0e\01?\01\00\03\00\01s?????????????O?????????\0f\01?\01\00\03\00\01???????????????1.0\00?????\04?\00??\03\00\01????????\05\04?\00\00\04\00\01????????\00C\00??\01\00\00??????????????????????????\00\00\00\00\00\00\00\00\00\00\00???\0a\04?1\00\01\00\01v?????\00?????\00E\00??\01\00\00????\07\04?\01\00\04\00\01\00????\08\00????Security Update\00\01????\03???\01???\01???\01\18\00ig??????????????????????????t\00???\0f\04??A\04\00\013???????h???\0c\01?\01\00\03\00\01P??????0\00???????????\00<\00??\01\00\00p???????????????????????\0c:\00??\01\00\01U???????????\0d<\00??\01\00\01\00??????????ppviewersp3-en-us.MSP\00???\00\1e\00??\01\00\00???????????????????\00\00???\00\04?0\00\01\00\00I???5\04?\02\00\04\00\01\00???????????????????????????????\00J\00??\02\00\00\00???\01???????5\04?\02\00\04\00\01????????????????????????????????\008\00??\01\00\00????\07\04?\00\00\04\00\017???????????\09\16\00??\01\00\01????????t???\01???\00???\00???\09\04?0\00\01\00\01???????????????????? ???I\00\00?\11\01\00\00\00????\00\00??????\1e\00\00\00\00\00\00\00\\F\14\00???????????????\00N\00??\01\00\00^???????\00N\00??\01\00\00~???????????\00\04?\00\00\04\00\00????????????????\00(\00??\01\00\00????\00?\00??\01\00\00????5\04?\02\00\04\00\01?????????????????????????????\08\00t???Microsoft\00H??????????????????????\0c\16\00??\01\00\01U???????????????????????????????5\04?\02\00\04\00\01???????????????????????????1\00\08\00\00\00??????????\00???????????????\"\00???\0b\16\00??\01\00\012??????\00????\0d\"\00??\02\00\01m??????y8??%windir%\\tracing\000???\11\04?\00\00\04\00\01a????????gmpi???\0f\04?\00?\04\00\01f???????k\08\00????PenIMC_X86.dll\00?????????,3??? ???I\00\00??\00\00\00\00????\19\00???U??\00 \00\00 \00$\00Y\00O\00???????????????????????????????????????????\01???????5\04?\02\00\04\00\013???????????????????????????????¨?¨0\00???????????????????\08?\00??\01\00\017??????????????????update.mum\00??????\0f\01?\01\00\03\00\01\00????????\08\00?????\00®\00??\01\00\00????\08P\00??\01\00\017???????\07\06\00??\07\00\01????u???\00@\00??\01\00\00????\04D\00??\01\00\01???????????????Microsoft Office Enterprise 2007\005???????????????????\0ft\00??\01\00\01????????????\04???&???&?I?\01???\01??????? ???I\00\00??\00\00\00\00????\02\00?g????\00 \00\00\1c\00~\00??\0e\00???????\06???\0a\02?\00\00\01\00\01???????????????????????LocalSystem\00h???9\04?\02\00\04\00\01????????????????????????????????????????????????\10\1c\00??\01\00\01???????????Microsoft .NET Framework 4 Client Profile\00\08\00????PATCH_CAB\00???\0c\04?p\00\04\00\01????????????g?d?°??\01s\08\00????? D\00??\01\00\01m???????????????????????????\0fK\00??\01\00\01U???????t\08\00?????\04\04?\01\00\04\00\01-??9C???\05\04?\02\00\04\00\011??eF??È????????????\00\1e\00??\01\00\00????\08\04?\00\00\04\00\01???????7.71.80.42\00?????????????????Error Application\00???????????????\0ad\00??\01\00\019?????r????????????????????Microsoft .NET Framework 4 Client Profile\00???\00\08\00??\01\00\00????\01???????\0b\12\00??\01\00\01????????????¨?¨?????\10\16\00??\01\00\01\00???????????????h?U???u????????n\00???e?c?°??\01????\0f\01?\01\00\03\00\01\00????????\08\00?????????\"???????? \00\00\00\00\00\00\00\00\00\00\00???&F\00??\01\00\01e???????????????????\00??#113\00???????????????????????????????????? ????\00\00??\00\00\00\00????\01\00???G??\00 \00\00@\00D\00?? \00??????????????????????????????????????????c:\\Program Files (x86)\\QuickTime\\\00??1.0\00\\\00???\01?Z?????\10Ä\00??\01\00\01????????????????5\04?\02\00\04\00\01u??????????????????????????????1.0\00?????????????\00J\00??\01\00\00????´??????????? T\00??\01\00\01????????????????????\04h\00??\01\00\01???????4.0.30319.298\00???????\00N\00??\01\00\00?????°?????????????\00?x?? ???I\00\00??\00\00\00\00????\19\00???U??\00 \00\00 \00$\00??Q\00??????????????????????????????????????????????http://support.microsoft.com/kb/2687311\00?????5\04?\02\00\04\00\013???????????????????????????????\00F\00??\01\00\00\00???????????????????5\04?\02\00\04\00\015???????????????????????????????????????\07\04?\01\00\04\00\01????????\0e\01?\01\00\03\00\01????????h??????? ???I\00\00??\00\00\00\00????\02\00?\"????\00 \00\00\1e\00Ð\00?H+\00?????????????????????b?H???????????????????????\0e\01?\01\00\03\00\01?????????\08\00????????c:\\Program Files (x86)\\Microsoft\\BingBar\\7.2.241.0\\BingExt.dll\00???????????????????????\08\00?????\04`\00??\01\00\01\00??????? ???I\00\00??\00\00\00\00????\19\00???U??\00 \00\00 \00$\00??O\00???????????????????????????????????????????\0d\16\00??\01\00\01????????t??????????7.71.80\00?????S\04?\02\00\04\00\01g???????????????????????????????????????????????\00@\00??\02\00\001??6.1\00\00????I?i????c:\\Program Files (x86)\\Java\\jre6\\lib\\ext\\\00???\0bz\00??\01\00\01u?????e?????????\0e\04???\04\00\01???????????????????? ???I\00\00??\01\00\00\00????\00\00??????\14\00\00\00\00\00\00\004e&\00???????????????????\00\08\00????{89FCA069-AB28-4731-97C2-A9BF40D60D2B}\00t?????????^????????x?? ???I\00\00??\00\00\00\00????\19\00???U??\00 \00\00 \00$\00b7Q\00???????????????????????????????????????????????\01?Z????? ???a\00\00??\00\00\00\00????\00\00??????\00 \00\00\00\00\00\00??\0c\00???????????\01??????????@???????e\00???\0c\02?\00\00\01\00\01\00???????\00???\08\04?\01\00\04\00\01???????update.mum\00??????\0a\04?\00\00\04\00\015???????4??{CAE5E39D-46A2-4954-B96F-5075B0BE9836}\000-1???????????????????????????????\07\04?\00\00\04\00\01U??????????????????http://support.microsoft.com/kb/2687311\00\00????????????S\04?\02\00\04\00\01g???????????????????????????????????????????????\00\04?\00\00\04\00\00????\0d\04?\01\00\04\00\01¯???????????5\04?\02\00\04\00\01n??????????????????????????1\00???\00\1e\00?_\01\00\00????\0a\04?\00\00\04\00\01 ??????\"\00???\00\08\00??\01\00\00????\0f\01?\01\00\03\00\01???????????????????????? ?\00??\01\00\01????????????????????\07\08\00??\01\00\01????????\0dX\00??\01\00\01??????????????????????????????u????????\00???? ???A\00\00?Y\00\00\00\00????\01\00?i????\00 \00\00\00\00N\0060\0b\00???????????\0d\"\00??\02\00\01????????????\00\04?ƒ\02\04\00\00????????\0e\14\00??\01\00\01 ??????????????Like this page\00??????????????????\0e\10\00??\01\00\01I???????????\0cD\00??\01\00\017??????????6.1\00????????????????????????Microsoft Office Thumbnail Handler\00?\00\00???????\0fÔ\00??\01\00\01????????t???\0a\04?\01\00\04\00\011??????\00???6.1\00?????\00 \00??\01\00\00???KINGSTON\00\00???????&D\00??\01\00\01e???????????????????????~???????\09\04?0\00\01\00\01\09???????????\00\1e\00?_\01\00\00???????e\00???????????????\0a?\00??\07\00\01????????????????????5\04?\02\00\04\00\01???????????????????????????0???? ???I\00\00?\01\03\00\00\00?L??\01\00?i????  \00\00\00\00\1c\00re&\00???????????????????o??? ???I\00\00??\00\00\00\00????\01\00?i????\00 \00\00\00\00N\0074\0e\00???????d???\0d\04?\05\00\04\00\01\00???????????????\00\1e\00??\01\00\00????\00$\00??\01\00\00????\08\04?\01\00\04\00\01???????9.0.30729\00??????6.1\00????? ???a\00\00??\00\00\00\00????\07\00?U????\00\00\00\00\1c\00J\00K\00\03\00???????\00\1c\00??\01\00\00´??Microsoft Office Enterprise 2007\00????????\01???????????\00\08\00??\01\00\00????\08\04?G\00\04\00\01\07???????\08(\00??\01\00\01???????6.1.7601.22465@@2\00???\00\1e\00?_\01\00\00????\11B\00??\01\00\01??????????u????????El?K°u°u°u???\0b\12\00??\01\00\01??????r?????\08\04?\01\00\04\00\017???????????????\0d&\00??\01\00\01U???????????????????????????5\04?\02\00\04\00\013??????????????????????????????????0\00???\0e\04?\00\00\04\00\01???????????????????????????4.30.2107.0\00?????????????5\04?\02\00\04\00\01???????????????????????????0\00??????????? ????\00\00??\00\00\00\00????\01\00???G??\00 \00\00@\00^\00?? \00??????????????????? ^\00??\01\00\01\0c???????????????????????????????????\0d<\00??\01\00\01\00??????????????????\00\00??? ???a\00\00??\01\00\00\00????\00\00??????\06\00\00\00\00\00\00\000\00\08\00???????\04b\00??\01\00\01???????????BDATunePIA,6.1.0.0,,31bf3856ad364e35\00\00???\0e(\00??\03\00\01\00???????\00???k?j?????????\00\1e\00??\01\00\00???????http://support.microsoft.com/kb/2687307\00\00??????????????????????ue????\0b\16\00??\01\00\01C???????????????S\04?\02\00\04\00\01g???????????????????????????????????????????????\05N\00??\01\00\01???d???S-1-5-18\00\00???????\002\00??\01\00\00????\00\08\00??\01\00\00\00???????????\0f?\00??\01\00\01C???????????????????????L???\08\04?\01\00\04\00\01/???????\0f\04??I\04\00\01C???????????????????????????\00t\00??\01\00\00????\0b?\00??\01\00\01????????????\01??????PATCH_CAB\00??update /queue\00??6.1\00?????????????\0d\04?\01\00\04\00\01-???????????\0a\04?\00\00\04\00\01???????????????????\00\00???\09\04?0\00\01\00\01U?????e6\00??http://support.microsoft.com/kb/2687307\00?????\0eG\00??\07\00\01t???????s???\00N\00??\01\00\00????????\14\04?\00\00\04\00\01???????????????????\00;??? ???a\00\00??\01\00\00\00????\00\00??????\06\00\00\00\00\00\00\00,,\08\00???????\0d\04???\04\00\01????????????? \00\00\00\00\00\00\00\00\00\00\00???S\04?\02\00\04\00\01g???????????????????????????????????????????????\00\08\00??\01\00\00???20120308\00/???????\0b°\00??\01\00\01????????????U?U?????????????\0d\04?0\00\01\00\01???????????????????http://support.microsoft.com\00????\0f\01?\01\00\03\00\01w???????????°?°?????\15\02?\00\00\01\00\01\00???????????e???\0ft\00??\01\00\01G???????U???\0d\02?\00\00\01\00\01????????~??????\00????\00(\00??\01\00\00????????????\0c\04?p\00\04\00\01C???????\00??????????ENTERPRISE\00?????update.mum\00\00e????\01???????\0f?\00??\01\00\01???????????Facebook\009???i?i???????????????????????i?L???????u???\00\02?\00\00\01\00\00????????G???\07\04?\01\00\04\00\01U???????g??????\01???????SYSTEM\00\00\00????\08\04???\04\00\019???????\0c\04?p\00\04\00\01C??????????????????accessmuisp3-en-us.MSP\00m/\00???\08\04?\01\00\04\00\017???????\0e\01?\01\00\03\00\01????????????\0b.\00??\01\00\01 ?????eat???\00|\00??\01\00\00????\00`\00??\01\00\00????\14\02?\00\00\01\00\01????????????U???\0bn\00??\01\00\01\00?????e?????\00\08\00??\01\00\000????????O?????WindowsUpdateAgent\00\00s\00???????????\00R\00??\01\00\00?\08\00?????????????????\00N\00??\01\00\00s??4.30.2107\00\08\00e????\0a\04?\00\00\04\00\01.???????????\12\04?\00?\04\00\01.?????????\00?\0c???\0b\04?\00\10\04\00\01??????e\00]???\04\04?\01\00\04\00\01\00???????\15\02?\00\00\01\00\01P??????????Q?\08\00?????????????\00N\00??\01\00\00????\0a\04?\00\00\04\00\01C???????\00???\00\1e\00?_\01\00\00????????????????9\04?\02\00\04\00\01U??????????????????????????????????6.1.7601.22465@2\00????\0c\04?p\00\04\00\01\00???????????\0a\12\00??\01\00\01????????????\01???????L?I?J?I?I?I?I???\0e\01?\01\00\03\00\018???????C???\02???\01???\01???\01??????Microsoft\00H??????\0f\04?0\00\01\00\019???????????\0d\02?\00\00\01\00\01????????????????????????????\00\02?\00\00\01\00\00???????????? ???I\00\00??\01\00\00\00????\00\00??????\14\00\00\00\00\00\00\0036&\00???????????????????a\08\00?????\0a\04?\00\00\04\00\01????????????\0e\01?\01\00\03\00\01P???????\00???\09\04?\00\00\04\00\01-????e424???\09\12\00??\01\00\01F????dA1}???\004\00??\01\00\00????\02???????????\0a\04??\00\04\00\01\00???????????????????\02??????????6.1.7601.22465@2\00?\08\00?????\0b\12\00??\01\00\01????????????\0c\12\00??\01\00\010??????0\00??? ???A\00\00?G\00\00\00\00????\01\00?g?U??\00 \00\00j\00\04\00\01\005\00???????????????????????????\00???\07\04?\00\00\04\00\01U??????update /queue\00\08\00?????????????\0a4\00??\03\00\01I?????i?S???\00\1e\00??\01\00\00?\08\00????20120515\00-???\04*\00??\01\00\01????????\0b?\00??\01\00\01}?????e7\00???????????????????????\00$\00??\01\00\00/\08\00?????\01???????\08\04?\01\00\04\00\019???????5\04?\02\00\04\00\01???????????????????????????1\00???\17^\00??\01\00\01????????????Z??u???????1\00??4.30.2100.0\00??x?? ???I\00\00?g\00\00\00\00????\02\00?H?U??\00 \00\00¨\00\04\004eT\00????????????????????"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2014-05-31  23:33:59 - machine was rebooted
ComboFix-quarantined-files.txt  2014-06-01 03:33
.
Pre-Run: 13,483,077,632 bytes free
Post-Run: 14,504,263,680 bytes free
.
- - End Of File - - 7BEC05360804C7BB9A9826687EA05E51
A36C5E4F47E84449FF07ED3517B43A31


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:52 AM

Posted 06 June 2014 - 06:39 AM


Hello Pinwheel

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Pinwheel

Pinwheel
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 12 June 2014 - 07:58 PM

Hi Gringo,

 

     I apologize, as I did not get around to running the script until tonight, and I did not realize you close topics after 5 days until now. 

 

     There has definitely been a major difference since running combofix the first time. Since I added the script I haven't noticed any differences yet, but here is my log:

 

ComboFix 14-05-29.01 - Mike Dobkin 06/12/2014  20:34:42.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.1866 [GMT -4:00]
Running from: c:\users\Mike Dobkin\Desktop\ComboFix.exe
Command switches used :: c:\users\Mike Dobkin\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Drivers\atapi.sys . . . is infected!!
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-13 to 2014-06-13  )))))))))))))))))))))))))))))))
.
.
2014-06-13 00:47 . 2014-06-13 00:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-13 00:47 . 2014-06-13 00:47 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-05-27 01:39 . 2014-05-31 21:03 -------- d-----w- C:\FRST
2014-05-23 23:14 . 2014-05-23 23:14 -------- d-----w- C:\TDSSKiller_Quarantine
2014-05-23 02:47 . 2014-05-23 02:47 -------- d-----w- c:\windows\ERUNT
2014-05-23 02:10 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-23 02:08 . 2014-05-24 17:47 -------- d-----w- C:\AdwCleaner
2014-05-22 02:50 . 2014-05-22 02:50 -------- d-sh--w- c:\users\Mike Dobkin\AppData\Roaming\srxyvrc
2014-05-22 02:37 . 2014-05-22 02:37 77312 ----a-w- c:\windows\system32\eamclean.exe
2014-05-21 02:02 . 2014-05-21 10:01 -------- d-----w- c:\users\Mike Dobkin\AppData\Local\Savings Hen
2014-05-21 02:02 . 2014-05-21 02:02 -------- d-----w- c:\program files (x86)\Savings Hen
2014-05-21 02:02 . 2014-05-21 10:01 -------- d-----w- C:\temp
2014-05-21 02:00 . 2014-05-22 23:19 -------- d-----w- c:\users\Mike Dobkin\AppData\Local\CrashDumps
2014-05-21 01:44 . 2014-05-21 01:44 247808 ----a-w- c:\windows\SysWow64\maketend.exe
2014-05-21 01:44 . 2014-05-22 02:50 -------- d-----w- C:\20dab47
2014-05-21 00:24 . 2014-05-21 00:24 -------- d-----w- c:\windows\Sun
2014-05-16 23:25 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-16 23:25 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-16 23:25 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-16 23:25 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-16 23:41 . 2014-03-15 16:37 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-16 23:41 . 2014-03-15 16:37 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-16 23:21 . 2010-01-30 03:30 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-03-31 13:35 . 2011-06-25 02:07 270496 ------w- c:\windows\system32\MpSigStub.exe
1997-07-22 00:30 1045776 --sha-w- c:\windows\SysWOW64\Msjet35.dll
1997-06-23 08:00 123664 --sha-w- c:\windows\SysWOW64\Msjint35.dll
1997-06-23 17:06 24848 --sha-w- c:\windows\SysWOW64\Msjter35.dll
1997-06-23 17:06 252176 --sha-w- c:\windows\SysWOW64\Msrd2x35.dll
1997-06-23 17:06 287504 --sha-w- c:\windows\SysWOW64\Msxbse35.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Mike Dobkin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Mike Dobkin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Mike Dobkin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-06 6563608]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Akamai NetSession Interface"="c:\users\Mike Dobkin\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"ADSK DLMSession"="c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2012-07-23 1632216]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe Acrobat Speed Launcher"="d:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-12-18 39136]
"Acrobat Assistant 8.0"="d:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-12-18 825560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"!BingBar"="c:\program files (x86)\Microsoft\BingBar\7.3.132.0oemBingBarSetup-Partner.EXE" [2014-03-19 11504800]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\users\Mike Dobkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mike Dobkin\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-19 33322312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-15 329944]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
R2 CDAVFS;CDAVFS;c:\windows\system32\DRIVERS\CDAVFS.sys;c:\windows\SYSNATIVE\DRIVERS\CDAVFS.sys [x]
R2 X5XSEx_Pr143;X5XSEx_Pr143;c:\program files (x86)\Free Ride Games\X5XSEx_Pr143.Sys;c:\program files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 cleanhlp;cleanhlp;d:\my documents\Random Audio Fix\Run\cleanhlp64.sys;d:\my documents\Random Audio Fix\Run\cleanhlp64.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x]
R4 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
R4 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R4 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;d:\my documents\RANDOM AUDIO FIX\RUN\a2ddax64.sys;d:\my documents\RANDOM AUDIO FIX\RUN\a2ddax64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-13 00:08 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-15 23:41]
.
2014-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-15 16:37]
.
2014-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-15 16:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1564A235-9C55-4C1F-8CE4-B30B77C0B99A}]
2014-05-01 20:44 492888 ----a-w- c:\program files (x86)\Savings Hen\FrameworkBHO64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Mike Dobkin\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Mike Dobkin\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Mike Dobkin\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Mike Dobkin\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-23 408600]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-23 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-23 390168]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-09-16 357376]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:49529;https=127.0.0.1:49529
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2487367 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2736428 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2742595 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2160841 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2446708 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2478663 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572078 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2633870 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2686827 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2729449 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2736428 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2737019 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2742595 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2789642 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2804576 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\à®*]
@=multi:"?\02???????????????\06\04?\00\00\04\00\01'???????\10\04??I\04\00\010???????????????????\07\04?\01\00\04\00\01????????\01?Z?????9\04?\02\00\04\00\01?????????????????????????????3\00?????????\00\08\00??\01\00\00\00???????????????5\04?\02\00\04\00\01\00???????????????????????????????\03P\00??\01\00\01???????????:\00\00?????? ???I\00\00??\01\00\00\00????\00\00??????\14\00\00\00\00\00\00\0036&\00???????????????????a???????\00`\00??\01\00\00????????????????5\04?\02\00\04\00\01\00???????????????????????????????????\05\04??\00\04\00\01i???r???\04\04?\00\00\04\00\01u???u???????U????????????x?? ???I\00\00??\00\00\00\00????\19\00???U??\00 \00\00 \00$\00??R\00???????????????????????????????????????????????5\04?\02\00\04\00\01\00??????????????????????????0???°????????????????????????????\0f\01?\01\00\03\00\01d????????\08\00????????????????\00????5\04?\02\00\04\00\01\00????????????????????????????????????????\08\00????GDRGDR.cab\00??????\01???\00???\00???\00,\00??\01\00\00????5\04?\02\00\04\00\01C???????????????????????????????????????????\00l\00??\01\00\00\03??6.1\00?????\15\02?\00\00\01\00\01??????????????????~?~\08\00?????\14\02?\00\00\01\00\01 ???????????????\14\02?\00\00\01\00\01????????????????\14\02?\00\00\01\00\01???????????\00\00???\14\02?\00\00\01\00\01\00??????????????? ???a\00\00??\01\00\00\00????\00\00??????\10\00\00\00\00\00\00\00e\00\08\00???????\01???????\0b`\00?~\01\00\01??????e\00\00???\0b \00??\01\00\01????????????\0f\01?\01\00\03\00\01????????????????\00\08\00??\01\00\00????????????\0c\01?\01\00\03\00\01C???????????\00?\00??\07\00\00\00??OceanPark\00???\02??????????????\00????\00.\00??\01\00\00\00???\00I\00??\01\00\00???????\00\00???\0e\01?\01\00\03\00\01s?????????????O?????????\0f\01?\01\00\03\00\01???????????????1.0\00?????\04?\00??\03\00\01????????\05\04?\00\00\04\00\01????????\00C\00??\01\00\00??????????????????????????\00\00\00\00\00\00\00\00\00\00\00???\0a\04?1\00\01\00\01v?????\00?????\00E\00??\01\00\00????\07\04?\01\00\04\00\01\00????\08\00????Security Update\00\01????\03???\01???\01???\01\18\00ig??????????????????????????t\00???\0f\04??A\04\00\013???????h???\0c\01?\01\00\03\00\01P??????0\00???????????\00<\00??\01\00\00p???????????????????????\0c:\00??\01\00\01U???????????\0d<\00??\01\00\01\00??????????ppviewersp3-en-us.MSP\00???\00\1e\00??\01\00\00???????????????????\00\00???\00\04?0\00\01\00\00I???5\04?\02\00\04\00\01\00???????????????????????????????\00J\00??\02\00\00\00???\01???????5\04?\02\00\04\00\01????????????????????????????????\008\00??\01\00\00????\07\04?\00\00\04\00\017???????????\09\16\00??\01\00\01????????t???\01???\00???\00???\09\04?0\00\01\00\01???????????????????? ???I\00\00?\11\01\00\00\00????\00\00??????\1e\00\00\00\00\00\00\00\\F\14\00???????????????\00N\00??\01\00\00^???????\00N\00??\01\00\00~???????????\00\04?\00\00\04\00\00????????????????\00(\00??\01\00\00????\00?\00??\01\00\00????5\04?\02\00\04\00\01?????????????????????????????\08\00t???Microsoft\00H??????????????????????\0c\16\00??\01\00\01U???????????????????????????????5\04?\02\00\04\00\01???????????????????????????1\00\08\00\00\00??????????\00???????????????\"\00???\0b\16\00??\01\00\012??????\00????\0d\"\00??\02\00\01m??????y8??%windir%\\tracing\000???\11\04?\00\00\04\00\01a????????gmpi???\0f\04?\00?\04\00\01f???????k\08\00????PenIMC_X86.dll\00?????????,3??? ???I\00\00??\00\00\00\00????\19\00???U??\00 \00\00 \00$\00Y\00O\00???????????????????????????????????????????\01???????5\04?\02\00\04\00\013???????????????????????????????¨?¨0\00???????????????????\08?\00??\01\00\017??????????????????update.mum\00??????\0f\01?\01\00\03\00\01\00????????\08\00?????\00®\00??\01\00\00????\08P\00??\01\00\017???????\07\06\00??\07\00\01????u???\00@\00??\01\00\00????\04D\00??\01\00\01???????????????Microsoft Office Enterprise 2007\005???????????????????\0ft\00??\01\00\01????????????\04???&???&?I?\01???\01??????? ???I\00\00??\00\00\00\00????\02\00?g????\00 \00\00\1c\00~\00??\0e\00???????\06???\0a\02?\00\00\01\00\01???????????????????????LocalSystem\00h???9\04?\02\00\04\00\01????????????????????????????????????????????????\10\1c\00??\01\00\01???????????Microsoft .NET Framework 4 Client Profile\00\08\00????PATCH_CAB\00???\0c\04?p\00\04\00\01????????????g?d?°??\01s\08\00????? D\00??\01\00\01m???????????????????????????\0fK\00??\01\00\01U???????t\08\00?????\04\04?\01\00\04\00\01-??9C???\05\04?\02\00\04\00\011??eF??È????????????\00\1e\00??\01\00\00????\08\04?\00\00\04\00\01???????7.71.80.42\00?????????????????Error Application\00???????????????\0ad\00??\01\00\019?????r????????????????????Microsoft .NET Framework 4 Client Profile\00???\00\08\00??\01\00\00????\01???????\0b\12\00??\01\00\01????????????¨?¨?????\10\16\00??\01\00\01\00???????????????h?U???u????????n\00???e?c?°??\01????\0f\01?\01\00\03\00\01\00????????\08\00?????????\"???????? \00\00\00\00\00\00\00\00\00\00\00???&F\00??\01\00\01e???????????????????\00??#113\00???????????????????????????????????? ????\00\00??\00\00\00\00????\01\00???G??\00 \00\00@\00D\00?? \00??????????????????????????????????????????c:\\Program Files (x86)\\QuickTime\\\00??1.0\00\\\00???\01?Z?????\10Ä\00??\01\00\01????????????????5\04?\02\00\04\00\01u??????????????????????????????1.0\00?????????????\00J\00??\01\00\00????´??????????? T\00??\01\00\01????????????????????\04h\00??\01\00\01???????4.0.30319.298\00???????\00N\00??\01\00\00?????°?????????????\00?x?? ???I\00\00??\00\00\00\00????\19\00???U??\00 \00\00 \00$\00??Q\00??????????????????????????????????????????????http://support.microsoft.com/kb/2687311\00?????5\04?\02\00\04\00\013???????????????????????????????\00F\00??\01\00\00\00???????????????????5\04?\02\00\04\00\015???????????????????????????????????????\07\04?\01\00\04\00\01????????\0e\01?\01\00\03\00\01????????h??????? ???I\00\00??\00\00\00\00????\02\00?\"????\00 \00\00\1e\00Ð\00?H+\00?????????????????????b?H???????????????????????\0e\01?\01\00\03\00\01?????????\08\00????????c:\\Program Files (x86)\\Microsoft\\BingBar\\7.2.241.0\\BingExt.dll\00???????????????????????\08\00?????\04`\00??\01\00\01\00??????? ???I\00\00??\00\00\00\00????\19\00???U??\00 \00\00 \00$\00??O\00???????????????????????????????????????????\0d\16\00??\01\00\01????????t??????????7.71.80\00?????S\04?\02\00\04\00\01g???????????????????????????????????????????????\00@\00??\02\00\001??6.1\00\00????I?i????c:\\Program Files (x86)\\Java\\jre6\\lib\\ext\\\00???\0bz\00??\01\00\01u?????e?????????\0e\04???\04\00\01???????????????????? ???I\00\00??\01\00\00\00????\00\00??????\14\00\00\00\00\00\00\004e&\00???????????????????\00\08\00????{89FCA069-AB28-4731-97C2-A9BF40D60D2B}\00t?????????^????????x?? ???I\00\00??\00\00\00\00????\19\00???U??\00 \00\00 \00$\00b7Q\00???????????????????????????????????????????????\01?Z????? ???a\00\00??\00\00\00\00????\00\00??????\00 \00\00\00\00\00\00??\0c\00???????????\01??????????@???????e\00???\0c\02?\00\00\01\00\01\00???????\00???\08\04?\01\00\04\00\01???????update.mum\00??????\0a\04?\00\00\04\00\015???????4??{CAE5E39D-46A2-4954-B96F-5075B0BE9836}\000-1???????????????????????????????\07\04?\00\00\04\00\01U??????????????????http://support.microsoft.com/kb/2687311\00\00????????????S\04?\02\00\04\00\01g???????????????????????????????????????????????\00\04?\00\00\04\00\00????\0d\04?\01\00\04\00\01¯???????????5\04?\02\00\04\00\01n??????????????????????????1\00???\00\1e\00?_\01\00\00????\0a\04?\00\00\04\00\01 ??????\"\00???\00\08\00??\01\00\00????\0f\01?\01\00\03\00\01???????????????????????? ?\00??\01\00\01????????????????????\07\08\00??\01\00\01????????\0dX\00??\01\00\01??????????????????????????????u????????\00???? ???A\00\00?Y\00\00\00\00????\01\00?i????\00 \00\00\00\00N\0060\0b\00???????????\0d\"\00??\02\00\01????????????\00\04?ƒ\02\04\00\00????????\0e\14\00??\01\00\01 ??????????????Like this page\00??????????????????\0e\10\00??\01\00\01I???????????\0cD\00??\01\00\017??????????6.1\00????????????????????????Microsoft Office Thumbnail Handler\00?\00\00???????\0fÔ\00??\01\00\01????????t???\0a\04?\01\00\04\00\011??????\00???6.1\00?????\00 \00??\01\00\00???KINGSTON\00\00???????&D\00??\01\00\01e???????????????????????~???????\09\04?0\00\01\00\01\09???????????\00\1e\00?_\01\00\00???????e\00???????????????\0a?\00??\07\00\01????????????????????5\04?\02\00\04\00\01???????????????????????????0???? ???I\00\00?\01\03\00\00\00?L??\01\00?i????  \00\00\00\00\1c\00re&\00???????????????????o??? ???I\00\00??\00\00\00\00????\01\00?i????\00 \00\00\00\00N\0074\0e\00???????d???\0d\04?\05\00\04\00\01\00???????????????\00\1e\00??\01\00\00????\00$\00??\01\00\00????\08\04?\01\00\04\00\01???????9.0.30729\00??????6.1\00????? ???a\00\00??\00\00\00\00????\07\00?U????\00\00\00\00\1c\00J\00K\00\03\00???????\00\1c\00??\01\00\00´??Microsoft Office Enterprise 2007\00????????\01???????????\00\08\00??\01\00\00????\08\04?G\00\04\00\01\07???????\08(\00??\01\00\01???????6.1.7601.22465@@2\00???\00\1e\00?_\01\00\00????\11B\00??\01\00\01??????????u????????El?K°u°u°u???\0b\12\00??\01\00\01??????r?????\08\04?\01\00\04\00\017???????????????\0d&\00??\01\00\01U???????????????????????????5\04?\02\00\04\00\013??????????????????????????????????0\00???\0e\04?\00\00\04\00\01???????????????????????????4.30.2107.0\00?????????????5\04?\02\00\04\00\01???????????????????????????0\00??????????? ????\00\00??\00\00\00\00????\01\00???G??\00 \00\00@\00^\00?? \00??????????????????? ^\00??\01\00\01\0c???????????????????????????????????\0d<\00??\01\00\01\00??????????????????\00\00??? ???a\00\00??\01\00\00\00????\00\00??????\06\00\00\00\00\00\00\000\00\08\00???????\04b\00??\01\00\01???????????BDATunePIA,6.1.0.0,,31bf3856ad364e35\00\00???\0e(\00??\03\00\01\00???????\00???k?j?????????\00\1e\00??\01\00\00???????http://support.microsoft.com/kb/2687307\00\00??????????????????????ue????\0b\16\00??\01\00\01C???????????????S\04?\02\00\04\00\01g???????????????????????????????????????????????\05N\00??\01\00\01???d???S-1-5-18\00\00???????\002\00??\01\00\00????\00\08\00??\01\00\00\00???????????\0f?\00??\01\00\01C???????????????????????L???\08\04?\01\00\04\00\01/???????\0f\04??I\04\00\01C???????????????????????????\00t\00??\01\00\00????\0b?\00??\01\00\01????????????\01??????PATCH_CAB\00??update /queue\00??6.1\00?????????????\0d\04?\01\00\04\00\01-???????????\0a\04?\00\00\04\00\01???????????????????\00\00???\09\04?0\00\01\00\01U?????e6\00??http://support.microsoft.com/kb/2687307\00?????\0eG\00??\07\00\01t???????s???\00N\00??\01\00\00????????\14\04?\00\00\04\00\01???????????????????\00;??? ???a\00\00??\01\00\00\00????\00\00??????\06\00\00\00\00\00\00\00,,\08\00???????\0d\04???\04\00\01????????????? \00\00\00\00\00\00\00\00\00\00\00???S\04?\02\00\04\00\01g???????????????????????????????????????????????\00\08\00??\01\00\00???20120308\00/???????\0b°\00??\01\00\01????????????U?U?????????????\0d\04?0\00\01\00\01???????????????????http://support.microsoft.com\00????\0f\01?\01\00\03\00\01w???????????°?°?????\15\02?\00\00\01\00\01\00???????????e???\0ft\00??\01\00\01G???????U???\0d\02?\00\00\01\00\01????????~??????\00????\00(\00??\01\00\00????????????\0c\04?p\00\04\00\01C???????\00??????????ENTERPRISE\00?????update.mum\00\00e????\01???????\0f?\00??\01\00\01???????????Facebook\009???i?i???????????????????????i?L???????u???\00\02?\00\00\01\00\00????????G???\07\04?\01\00\04\00\01U???????g??????\01???????SYSTEM\00\00\00????\08\04???\04\00\019???????\0c\04?p\00\04\00\01C??????????????????accessmuisp3-en-us.MSP\00m/\00???\08\04?\01\00\04\00\017???????\0e\01?\01\00\03\00\01????????????\0b.\00??\01\00\01 ?????eat???\00|\00??\01\00\00????\00`\00??\01\00\00????\14\02?\00\00\01\00\01????????????U???\0bn\00??\01\00\01\00?????e?????\00\08\00??\01\00\000????????O?????WindowsUpdateAgent\00\00s\00???????????\00R\00??\01\00\00?\08\00?????????????????\00N\00??\01\00\00s??4.30.2107\00\08\00e????\0a\04?\00\00\04\00\01.???????????\12\04?\00?\04\00\01.?????????\00?\0c???\0b\04?\00\10\04\00\01??????e\00]???\04\04?\01\00\04\00\01\00???????\15\02?\00\00\01\00\01P??????????Q?\08\00?????????????\00N\00??\01\00\00????\0a\04?\00\00\04\00\01C???????\00???\00\1e\00?_\01\00\00????????????????9\04?\02\00\04\00\01U??????????????????????????????????6.1.7601.22465@2\00????\0c\04?p\00\04\00\01\00???????????\0a\12\00??\01\00\01????????????\01???????L?I?J?I?I?I?I???\0e\01?\01\00\03\00\018???????C???\02???\01???\01???\01??????Microsoft\00H??????\0f\04?0\00\01\00\019???????????\0d\02?\00\00\01\00\01????????????????????????????\00\02?\00\00\01\00\00???????????? ???I\00\00??\01\00\00\00????\00\00??????\14\00\00\00\00\00\00\0036&\00???????????????????a\08\00?????\0a\04?\00\00\04\00\01????????????\0e\01?\01\00\03\00\01P???????\00???\09\04?\00\00\04\00\01-????e424???\09\12\00??\01\00\01F????dA1}???\004\00??\01\00\00????\02???????????\0a\04??\00\04\00\01\00???????????????????\02??????????6.1.7601.22465@2\00?\08\00?????\0b\12\00??\01\00\01????????????\0c\12\00??\01\00\010??????0\00??? ???A\00\00?G\00\00\00\00????\01\00?g?U??\00 \00\00j\00\04\00\01\005\00???????????????????????????\00???\07\04?\01\00\04\00\01U??????update /queue\00\08\00?????????????\0a4\00??\03\00\01I?????i?S???\00\1e\00??\01\00\00?\08\00????20120515\00-???\04*\00??\01\00\01????????\0b?\00??\01\00\01}?????e7\00???????????????????????\00$\00??\01\00\00/\08\00?????\01???????\08\04?\01\00\04\00\019???????5\04?\02\00\04\00\01???????????????????????????1\00???\17^\00??\01\00\01????????????Z??u???????1\00??4.30.2100.0\00??x?? ???I\00\00?g\00\00\00\00????\02\00?H?U??\00 \00\00¨\00\04\004eT\00????????????????????"
.
Completion time: 2014-06-12  20:50:20
ComboFix-quarantined-files.txt  2014-06-13 00:50
ComboFix2.txt  2014-06-01 03:34
.
Pre-Run: 11,957,272,576 bytes free
Post-Run: 13,862,400,000 bytes free
.
- - End Of File - - B124AAF0FF41CDE033749F29965E5A1D
A36C5E4F47E84449FF07ED3517B43A31


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:52 AM

Posted 14 June 2014 - 08:00 PM


Hello Pinwheel

I would like to see a report that combofix makes.

extra combofix report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Pinwheel

Pinwheel
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 16 June 2014 - 09:26 PM

Hi Gringo, here's what the report says:
 
 Update for Microsoft Office 2007 (KB2508958)
1310
1310_Help
1310Trb
7 Wonders II
Adobe AIR
Adobe Connect 9 Add-in
Adobe Creative Suite 6 Design Standard
Adobe Flash Player 13 ActiveX
Adobe Help Manager
Adobe Reader XI (11.0.02)
Adobe® Content Viewer
Advanced Audio FX Engine
AIM Toolbar
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Akamai NetSession Interface
AnswerWorks Runtime
Apple Application Support
Apple Software Update
Auslogics Duplicate File Finder
Autodesk Architectural Desktop 3.3
Autodesk Backburner 2008.1
Autodesk Download Manager
Banctec Service Agreement
Bing Bar
BufferChm
Canon Digital Camera Solution Disk 40-46 Software Starter Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Cisco AnyConnect VPN Client
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Complete Care Business Service Agreement
Complete Care Consumer Service Agreement
Consumer In-Home Service Agreement
Copy
CyberDefender Early Detection Center
D3DX10
Dell DataSafe Online
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell Support Center (Support Software)
Dell Webcam Central
Destinations
DeviceDiscovery
DocProc
Dropbox
FARO LS 1.1.408.2
FARO LS 4.8.2.25521
Fax
Google Chrome
Google SketchUp Pro 7
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
GPBaseService2
Grasshopper
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
Intel® Graphics Media Accelerator Driver
Java Auto Updater
Java™ 6 Update 26
Junk Mail filter update
Karamba (32bit)
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Maxwell for Rhino x86
Mesh Runtime
Messenger Companion
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729
Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729
Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729
Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 8.0 Support DLLs
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft Works
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
PDF Settings CS6
Pepakura Designer 3
PowerDVD DX
QualXServ Service Agreement
QuickTime
Realtek High Definition Audio Driver
Roxio Burn
Safari
Savings Hen
Scan
Secunia PSI (2.0.0.3003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
SketchUp 2013
Skype Click to Call
Skype™ 5.10
SmartWebPrinting
SolutionCenter
Status
Toolbox
TrayApp
Tweaking.com - Windows Repair (All in One)
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177
Weaverbird
WebReg
WinDirStat 1.1.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 5.01 (32-bit)


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:52 AM

Posted 17 June 2014 - 06:34 AM


Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
  • Programs to remove

    • Java™ 6 Update 26


Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java
  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close
Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. default settings are fine
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:52 AM

Posted 20 June 2014 - 09:21 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Pinwheel

Pinwheel
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 21 June 2014 - 09:59 AM

Hi Gringo,

 

    Thank you for checking in, and I think I will need some more time, probably around a week. My computer has been having overheating issues, and it always seems to happen towards the end of my Malwarebytes scan.



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:52 AM

Posted 21 June 2014 - 04:45 PM

No problem and I will check on you later and thanks for letting me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users