Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Captcha Wont Stop


  • This topic is locked This topic is locked
20 replies to this topic

#1 intrin

intrin

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 29 July 2014 - 06:06 PM

I have scaned with Malwarebytes, Nothing shows up.

 

here is DDS Log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.55.2
Run by Jeff at 17:01:22 on 2014-07-29
Microsoft Windows 8.1 Pro  6.3.9600.0.1252.1.2057.18.8190.6526 [GMT -6:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\dwm.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\GManager.exe
C:\Windows\system32\dashost.exe
C:\Program Files\Microsoft Kinect Drivers\Service\KinectManagementService.exe
C:\Program Files\MakerBot\MakerWare\conveyor-svc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\pia_manager\pia_manager.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\SettingSyncHost.exe
C:\Windows\System32\skydrive.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\Duplicati\Duplicati.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Program Files (x86)\EUT\C811\SUA\UTM.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [AdobeBridge] <no file>
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [UTM.exe] cmd /c "start "" "C:\Program Files (x86)\EUT\C811\SUA\UTM.exe""
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Jeff\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jeff\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\DUPLIC~1.LNK - C:\Program Files\Duplicati\Duplicati.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: EnableLUA = dword:0
IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
IE: Open Client to monitor &3 - C:\Windows\web\AOpenClient.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
TCP: NameServer = 69.145.248.50 8.8.8.8 69.145.232.4
TCP: Interfaces\{8B8A79BC-A6D8-4FC4-9F76-52E49868ADD3} : DHCPNameServer = 209.222.18.222 209.222.18.218
TCP: Interfaces\{A9BA46E1-4D6E-4185-BD62-4E8FC63198A8} : DHCPNameServer = 69.145.248.50 8.8.8.8 69.145.232.4
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= C:\Windows\Jaksta\AC\x86\jaudcap.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages =  ""
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [MCTDUtil] C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe Launch SuperUtil
x64-Run: [FDispPos] C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe Launch FixPos
x64-Run: [Classic Start Menu] "C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: EnableLUA = dword:0
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
x64-IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
x64-Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\o3sckxvy.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel® Power Engine Plug-in Driver;C:\Windows\System32\drivers\intelpep.sys [2014-3-17 39768]
R0 mctkmdldr;mctkmdldr;C:\Windows\System32\drivers\mctKmdldr64.sys [2014-3-12 19584]
R1 ahcache;Application Compatibility Cache;C:\Windows\System32\drivers\ahcache.sys [2013-8-22 76800]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-3-17 283064]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW86.sys [2014-3-18 91648]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C63x64.sys [2013-8-22 129224]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-14 25816]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-5-19 64216]
R3 mctkmd;mctkmd;C:\Windows\System32\drivers\mctkmd64.sys [2014-3-12 157488]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\Windows\System32\drivers\NdisVirtualBus.sys [2013-8-22 16384]
R3 t2usb64;Trigger II External Graphics;C:\Windows\System32\drivers\t2usb64.sys [2014-3-12 428664]
S2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
S3 ADP80XX;ADP80XX;C:\Windows\System32\drivers\adp80xx.sys [2013-8-22 782176]
S3 bcmfn2;bcmfn2 Service;C:\Windows\System32\drivers\bcmfn2.sys [2013-8-22 17624]
S3 c811bus;G'zOne Commando 4G LTE Bus Driver;C:\Windows\System32\drivers\c811bus.sys [2014-5-12 169800]
S3 c811serd;G'zOne Commando 4G LTE USB Virtual Serial Port (WDM);C:\Windows\System32\drivers\c811serd.sys [2014-5-12 159048]
S3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-10-26 26784]
S3 DIRECTIO;DIRECTIO;C:\Program Files\PerformanceTest\DirectIo64.sys [2014-3-20 31160]
S3 iaLPSSi_GPIO;Intel® Serial IO GPIO Controller Driver;C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [2013-8-22 24568]
S3 iaLPSSi_I2C;Intel® Serial IO I2C Controller Driver;C:\Windows\System32\drivers\iaLPSSi_I2C.sys [2013-8-22 99320]
S3 iaStorAV;Intel® SATA RAID Controller Windows;C:\Windows\System32\drivers\iaStorAV.sys [2013-8-22 651248]
S3 kbldfltr;kbldfltr;C:\Windows\System32\drivers\kbldfltr.sys [2013-8-22 22272]
S3 KinectCamera;Kinect for Windows Camera Driver;C:\Windows\System32\drivers\kinectcamera.sys [2013-8-20 192512]
S3 LSI_SAS3;LSI_SAS3;C:\Windows\System32\drivers\lsi_sas3.sys [2013-8-22 81760]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-10-26 351520]
S3 LVUVC64;@oem31.inf,%PID_0826_DD%(UVC);Logitech HD Webcam C525(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-10-26 4758176]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc63.sys [2013-8-22 87040]
S3 ReFS;ReFS;C:\Windows\System32\drivers\refs.sys [2014-4-23 924504]
S3 SerCx2;Serial UART Support Library;C:\Windows\System32\drivers\SerCx2.sys [2014-3-17 146776]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\Windows\System32\drivers\stornvme.sys [2014-3-17 57176]
S3 UEFI;Microsoft UEFI Driver;C:\Windows\System32\drivers\uefi.sys [2013-8-22 26976]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-07-29 16:51:30    1031560    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A24C8E63-C062-480C-9562-588E3A765B19}\gapaengine.dll
2014-07-29 16:51:08    10924376    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{15009AFA-1018-4A5F-AC48-23346762D5E8}\mpengine.dll
2014-07-28 22:41:50    10924376    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-07-21 18:47:03    --------    d-----w-    C:\Program Files (x86)\Market Samurai
2014-07-17 14:01:10    703968    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-17 14:01:10    105440    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-10 10:29:39    1018880    ----a-w-    C:\Windows\System32\termsrv.dll
2014-07-10 07:53:28    966144    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-07-10 07:53:28    4190720    ----a-w-    C:\Windows\System32\win32k.sys
2014-07-10 07:53:28    2752512    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-07-10 07:53:27    834048    ----a-w-    C:\Windows\System32\osk.exe
2014-07-10 07:53:27    779264    ----a-w-    C:\Windows\SysWow64\osk.exe
2014-07-10 07:53:25    563200    ----a-w-    C:\Windows\System32\drivers\afd.sys
2014-07-10 07:53:22    565576    ----a-w-    C:\Windows\System32\drivers\cng.sys
2014-07-10 07:53:22    1417216    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-07-10 07:53:21    735232    ----a-w-    C:\Windows\SysWow64\adtschema.dll
2014-07-10 07:53:21    735232    ----a-w-    C:\Windows\System32\adtschema.dll
2014-07-10 07:53:21    436224    ----a-w-    C:\Windows\System32\certcli.dll
2014-07-10 07:53:21    318976    ----a-w-    C:\Windows\SysWow64\certcli.dll
2014-07-10 07:51:59    923136    ----a-w-    C:\Windows\System32\WSShared.dll
2014-07-10 07:45:41    79872    ----a-w-    C:\Windows\System32\WSReset.exe
2014-07-01 18:26:13    --------    d-----w-    C:\Program Files (x86)\LSoft Technologies
.
==================== Find3M  ====================
.
2014-07-29 23:00:35    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-18 23:51:38    5721088    ----a-w-    C:\Windows\System32\jscript9.dll
2014-06-18 23:27:07    2040832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-06-18 22:58:27    2266112    ----a-w-    C:\Windows\System32\wininet.dll
2014-06-18 22:52:18    4254720    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:45:59    1964544    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59    1791488    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-06-11 06:36:56    53248    ----a-w-    C:\Windows\SysWow64\tsgqec.dll
2014-06-11 06:36:05    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-11 06:36:05    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-06-11 06:36:05    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-06-11 06:36:05    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-06-11 06:36:04    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-06-11 06:36:04    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-06-11 06:36:04    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-06-06 13:04:45    586240    ----a-w-    C:\Windows\System32\qedit.dll
2014-06-06 12:18:07    488960    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-05-31 10:06:57    555736    ----a-w-    C:\Windows\System32\twinapi.appcore.dll
2014-05-31 03:40:44    13287936    ----a-w-    C:\Windows\System32\twinui.dll
2014-05-31 03:30:05    11792384    ----a-w-    C:\Windows\SysWow64\twinui.dll
2014-05-31 03:12:37    249344    ----a-w-    C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-31 03:06:23    93696    ----a-w-    C:\Windows\System32\wudriver.dll
2014-05-31 03:01:51    189952    ----a-w-    C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-31 02:56:02    80896    ----a-w-    C:\Windows\SysWow64\wudriver.dll
2014-05-31 02:37:54    1054208    ----a-w-    C:\Windows\System32\twinui.appcore.dll
2014-05-31 02:35:41    828928    ----a-w-    C:\Windows\SysWow64\twinui.appcore.dll
2014-05-31 02:32:24    756224    ----a-w-    C:\Windows\SysWow64\WSShared.dll
2014-05-30 09:20:36    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-05-30 08:43:06    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:27:56    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-05-19 06:31:41    57856    ----a-w-    C:\Windows\System32\drvcfg.exe
2014-05-19 06:21:30    110592    ----a-w-    C:\Windows\System32\drvinst.exe
2014-05-19 05:23:45    98816    ----a-w-    C:\Windows\SysWow64\drvinst.exe
2014-05-16 20:49:16    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-15 20:39:04    31232    ----a-w-    C:\Windows\System32\drivers\tap0901.sys
2014-05-12 13:26:14    64216    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-05-12 13:26:00    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-12 13:25:56    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-05-10 03:46:11    2151424    ----a-w-    C:\Windows\System32\msxml3.dll
2014-05-10 03:22:15    1312256    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2014-05-08 23:06:40    295424    ----a-w-    C:\Windows\System32\drivers\ks.sys
2014-05-05 04:02:33    3360256    ----a-w-    C:\Windows\System32\rdpcorets.dll
2014-05-02 07:46:14    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-02 07:46:11    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-05-01 13:31:39    55328    ----a-w-    C:\Windows\System32\drivers\wpcfltr.sys
2014-05-01 13:31:39    3048904    ----a-w-    C:\Windows\System32\WpcMon.exe
2014-05-01 07:14:57    3118080    ----a-w-    C:\Windows\System32\Wpc.dll
2014-05-01 07:05:14    2861056    ----a-w-    C:\Windows\System32\WpcWebSync.dll
2014-05-01 06:51:23    2344448    ----a-w-    C:\Windows\SysWow64\Wpc.dll
2014-05-01 05:24:11    2834944    ----a-w-    C:\Windows\System32\wpccpl.dll
.
============= FINISH: 17:03:33.56 ===============
 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 03 August 2014 - 06:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/542683 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:51 AM

Posted 08 August 2014 - 06:51 AM


Hello intrin

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 intrin

intrin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 08 August 2014 - 11:40 AM

# AdwCleaner v3.303 - Report created 08/08/2014 at 10:23:13
# Updated 06/08/2014 by Xplode
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : Jeff - DECODEDWIN
# Running from : C:\Users\Jeff\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\o3sckxvy.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\o3sckxvy.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522302298}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566306698}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522302298}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566306698}
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKLM\Software\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\o3sckxvy.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2823 octets] - [08/08/2014 10:21:49]
AdwCleaner[S0].txt - [2714 octets] - [08/08/2014 10:23:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2774 octets] ##########
 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 Pro x64
Ran by Jeff on Fri 08/08/2014 at 10:28:14.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Jeff\AppData\Roaming\mozilla\firefox\profiles\o3sckxvy.default\minidumps [9 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 08/08/2014 at 10:33:15.58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

 

 

 

 


noticed the captcha a few times before starting this process, will check back if i continue to have them!



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:51 AM

Posted 08 August 2014 - 12:25 PM


Hello intrin

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:51 AM

Posted 11 August 2014 - 07:03 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 intrin

intrin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 11 August 2014 - 05:30 PM

Hey sorry, missed your messages and then it slipt my mind! will do combofix



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:51 AM

Posted 12 August 2014 - 07:37 AM

Hello


No problem and I will be looking for the report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 intrin

intrin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 12 August 2014 - 09:28 AM

I ran combofix, it did a bunch of stuff, then it displayed an error message that said do not run in compatibility mode

looked like it saved some files but not sure where, and it did not open anything.

 

i think i have seen captcha like twice in the last few days



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:51 AM

Posted 13 August 2014 - 06:27 AM



I would like to know how the computer is doing at this time and I would like you to rerun FRST for me and send me a new report

If you cannot find it here is the link again.

Please download the Farbar Recovery Scan Tool from here:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ - Click on the BLUE download buttons only - ( The GREEN ones are ads)

save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it.
When the tool opens click Yes to disclaimer.

I would like for you to use these settings
Under whitelist I would like everything to be checked
Under optional scan
Only have Addition.txt select (the other three blank)
Press the Scan button.
It will make a two logs (FRST.txt) and (Addition.txt) in the same directory the tool is run from.

Please attach both reports to your reply to me
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 intrin

intrin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 16 August 2014 - 03:33 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by Jeff (administrator) on DECODEDWIN on 16-08-2014 14:29:46
Running from C:\Users\Jeff\Downloads
Platform: Windows 8.1 Pro (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\System32\GManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Kinect Drivers\Service\KinectManagementService.exe
( MakerBot) C:\Program Files\MakerBot\MakerWare\conveyor-svc.exe
() C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(HexaD) C:\Program Files\Duplicati\Duplicati.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(CASIO) C:\Program Files (x86)\EUT\C811\SUA\UTM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
(Intuit Inc. All rights reserved.) C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\axlbridge.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Adobe Systems, Incorporated) G:\programs\adobe\Adobe Photoshop CS5.1 (64 Bit)\Photoshop.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files (x86)\Market Samurai\Market Samurai.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(mIRC Co. Ltd.) C:\Program Files (x86)\mIRC\mirc.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MCTDUtil] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [FDispPos] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [UTM.exe] => C:\Program Files (x86)\EUT\C811\SUA\UTM.exe [1842256 2014-03-10] (CASIO)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1445442653-2713545844-972804960-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1445442653-2713545844-972804960-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1445442653-2713545844-972804960-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1445442653-2713545844-972804960-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-03-28] (AMD)
HKU\S-1-5-21-1445442653-2713545844-972804960-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1445442653-2713545844-972804960-1001\...\Run: [uTorrent] => C:\Users\Jeff\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-02] (BitTorrent Inc.)
HKU\S-1-5-21-1445442653-2713545844-972804960-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe [851632 2014-07-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-1445442653-2713545844-972804960-1001\...\MountPoints2: {30b89ce2-ab40-11e3-8256-001e2aabad40} - "F:\Setup.exe"
HKU\S-1-5-21-1445442653-2713545844-972804960-1001\...\MountPoints2: {c1be5d12-bf53-11e3-8264-902b349961e6} - "E:\TL-BootStrap.exe"
HKU\S-1-5-21-1445442653-2713545844-972804960-1001\...\MountPoints2: {de19b421-d922-11e3-8276-902b349961e6} - "E:\TL-BootStrap.exe"
AppInit_DLLs: C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [311584 2014-03-08] (Jaksta Technologies Pty Ltd)
AppInit_DLLs-x32: C:\Windows\Jaksta\AC\x86\jaudcap.dll => C:\Windows\Jaksta\AC\x86\jaudcap.dll [264480 2014-03-08] (Jaksta Technologies Pty Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Duplicati.lnk
ShortcutTarget: Duplicati.lnk -> C:\Program Files\Duplicati\Duplicati.exe (HexaD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 69.145.248.50 8.8.8.8 69.145.232.4

FireFox:
========
FF ProfilePath: C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\o3sckxvy.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: SeoQuake - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\o3sckxvy.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2014-06-19]
FF Extension: iMacros for Firefox - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\o3sckxvy.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2014-05-29]
FF Extension: AmabayFox - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\o3sckxvy.default\Extensions\AmabayFox@linked8.com.xpi [2014-03-28]
FF Extension: Firebug - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\o3sckxvy.default\Extensions\firebug@software.joehewitt.com.xpi [2014-03-22]
FF Extension: Adblock Plus - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\o3sckxvy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-14]
FF Extension: Greasemonkey - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\o3sckxvy.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-03-26]
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2014-05-15]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 GManager; C:\Windows\system32\GManager.exe [313432 2012-08-28] ()
R2 KinectManagement; C:\Program Files\Microsoft Kinect Drivers\Service\KinectManagementService.exe [98816 2013-08-20] (Microsoft Corporation) [File not signed]
R2 MakerBot Conveyor Service; C:\Program Files\MakerBot\MakerWare\conveyor-svc.exe [78336 2013-11-27] ( MakerBot)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MCTDesktopSvr; C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [199296 2011-05-03] ()
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-06-26] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-12-02] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-12-02] (Intuit Inc.) [File not signed]
S3 QuickBooksDB24; C:\Program Files (x86)\Intuit\QuickBooks 2014\QBDBMgrN.exe [679936 2013-12-02] (Intuit, Inc.) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
S3 c811bus; C:\Windows\System32\drivers\c811bus.sys [169800 2012-12-07] (MCCI Corporation)
S3 c811serd; C:\Windows\system32\DRIVERS\c811serd.sys [159048 2012-12-07] (MCCI Corporation)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31160 2014-03-11] ()
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-03-17] (Disc Soft Ltd)
S3 KinectCamera; C:\Windows\System32\Drivers\kinectcamera.sys [192512 2013-08-20] (Microsoft Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 mctkmd; C:\Windows\system32\drivers\mctkmd64.sys [157488 2014-02-14] (Magic Control Technology Corporation)
R0 mctkmdldr; C:\Windows\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 t2usb64; C:\Windows\system32\drivers\t2usb64.sys [428664 2013-08-22] (Magic Control Technology Corp.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-16 14:29 - 2014-08-16 14:30 - 00022783 _____ () C:\Users\Jeff\Downloads\FRST.txt
2014-08-16 14:29 - 2014-08-16 14:29 - 00000000 ____D () C:\FRST
2014-08-16 14:28 - 2014-08-16 14:28 - 02101760 _____ (Farbar) C:\Users\Jeff\Downloads\FRST64.exe
2014-08-16 14:22 - 2014-08-16 14:22 - 00006820 _____ () C:\Users\Jeff\Downloads\FO339CA924D8notrin.zip
2014-08-13 21:58 - 2014-08-13 21:58 - 00550584 _____ () C:\Users\Jeff\Downloads\trex_tar.stl
2014-08-13 17:03 - 2014-07-11 22:17 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-08-12 11:25 - 2014-08-12 11:27 - 253195620 _____ () C:\Users\Jeff\Downloads\Drop Kingz 1.11.zip
2014-08-12 11:23 - 2014-08-12 11:23 - 00464509 _____ () C:\Users\Jeff\Downloads\report.xml
2014-08-11 16:31 - 2014-08-11 16:34 - 00000000 ___SD () C:\32788R22FWJFW
2014-08-11 16:31 - 2014-08-11 16:31 - 00000000 ____D () C:\Windows\erdnt
2014-08-11 16:29 - 2014-08-11 16:29 - 05568206 ____R (Swearware) C:\Users\Jeff\Downloads\ComboFix(1).exe
2014-08-11 16:26 - 2014-08-11 16:28 - 00000000 ____D () C:\Users\Jeff\Downloads\defining gel
2014-08-11 16:25 - 2014-08-11 16:25 - 00000000 ____D () C:\Users\Jeff\Downloads\New folder
2014-08-11 15:40 - 2014-08-11 15:40 - 00000955 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk
2014-08-11 15:40 - 2014-08-11 15:40 - 00000943 _____ () C:\Users\Public\Desktop\Market Samurai.lnk
2014-08-11 15:40 - 2014-08-11 15:40 - 00000000 ____D () C:\Program Files (x86)\Market Samurai
2014-08-08 10:33 - 2014-08-08 10:33 - 00000913 _____ () C:\Users\Jeff\Desktop\JRT.txt
2014-08-08 10:28 - 2014-08-08 10:28 - 00000000 ____D () C:\Windows\ERUNT
2014-08-08 10:21 - 2014-08-08 10:23 - 00000000 ____D () C:\AdwCleaner
2014-08-08 10:16 - 2014-08-08 10:16 - 01016261 _____ (Thisisu) C:\Users\Jeff\Downloads\JRT.exe
2014-08-08 10:14 - 2014-08-08 10:15 - 01475072 _____ () C:\Users\Jeff\Downloads\AdwCleaner.exe
2014-08-07 14:53 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-07 14:52 - 2014-08-07 14:52 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-07 14:52 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-07 14:52 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-07 14:52 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-04 11:35 - 2014-08-04 12:25 - 00001515 _____ () C:\Windows\setupact.log
2014-08-04 11:35 - 2014-08-04 11:35 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-04 10:15 - 2014-08-04 10:15 - 00002967 _____ () C:\Users\Jeff\Downloads\tier_1_links.txt
2014-08-04 10:15 - 2014-08-04 10:15 - 00002407 _____ () C:\Users\Jeff\Downloads\tier_2_links_web_20.txt
2014-07-30 14:28 - 2014-07-30 14:28 - 00158384 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-07-30 12:20 - 2014-07-24 14:00 - 00022655 _____ () C:\Users\Jeff\Documents\Montana%20Rental%20Insurance.docx_0.odt
2014-07-30 12:18 - 2014-07-30 12:18 - 01523625 _____ () C:\Users\Jeff\Desktop\hotfashionlinks.txt
2014-07-30 12:10 - 2014-07-30 12:18 - 00000000 ____D () C:\Program Files (x86)\Xenu
2014-07-30 12:10 - 2014-07-30 12:10 - 00000963 _____ () C:\Users\QBDataServiceUser24\Desktop\Xenu.lnk
2014-07-30 12:10 - 2014-07-30 12:10 - 00000963 _____ () C:\Users\Jeff\Desktop\Xenu.lnk
2014-07-30 12:10 - 2014-07-30 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xenu's Link Sleuth
2014-07-29 18:00 - 2014-07-29 18:00 - 00017381 _____ () C:\Users\Jeff\Desktop\alttagsforblast.txt
2014-07-29 17:58 - 2014-08-04 10:21 - 00949602 _____ () C:\Users\Jeff\Desktop\urlsForBlast.txt
2014-07-29 17:03 - 2014-08-05 09:55 - 00024900 _____ () C:\Users\Jeff\Desktop\dds.txt
2014-07-29 17:03 - 2014-08-05 09:55 - 00007244 _____ () C:\Users\Jeff\Desktop\attach.txt
2014-07-29 16:48 - 2014-07-29 16:48 - 00688992 ____R (Swearware) C:\Users\Jeff\Downloads\dds.scr
2014-07-29 16:46 - 2014-08-11 16:34 - 05568206 ____R (Swearware) C:\Users\Jeff\Downloads\ComboFix.exe
2014-07-29 16:36 - 2014-07-29 16:36 - 00688992 _____ (Swearware) C:\Users\Jeff\Downloads\dds.com
2014-07-29 15:18 - 2014-07-29 15:18 - 40687396 _____ () C:\Users\Jeff\Downloads\scrapebox (2).zip
2014-07-29 14:28 - 2014-07-29 14:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-24 10:34 - 2014-07-02 10:48 - 00024091 _____ () C:\Users\Jeff\Documents\Finding%20a%20Montana%20Rental.docx_0.odt
2014-07-24 10:24 - 2014-07-24 10:24 - 00514949 _____ () C:\Users\Jeff\Downloads\ACFrOgCloAHuGAfOyMFJmFqUBDsklRG8ihwkScQJKE7O1rSl8GG3g_W1YEaSkP47M9H3PWS7Ct4d2bXknUuETMLn_iQG8HlxDUS4hhnBZ56aC9B3N5vE5uyz5Hl37Xs=(1)
2014-07-24 10:23 - 2014-07-24 10:23 - 00514949 _____ () C:\Users\Jeff\Downloads\ACFrOgCloAHuGAfOyMFJmFqUBDsklRG8ihwkScQJKE7O1rSl8GG3g_W1YEaSkP47M9H3PWS7Ct4d2bXknUuETMLn_iQG8HlxDUS4hhnBZ56aC9B3N5vE5uyz5Hl37Xs=
2014-07-22 16:32 - 2014-07-22 16:32 - 00011776 _____ (Nattyware) C:\Users\Jeff\Downloads\pixie(1).exe
2014-07-22 16:19 - 2014-07-22 16:26 - 00089051 _____ () C:\Users\Jeff\Downloads\styles.css
2014-07-17 08:01 - 2014-06-26 14:55 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-17 08:01 - 2014-06-26 14:55 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-17 07:59 - 2014-08-08 10:24 - 00181208 _____ () C:\Windows\PFRO.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-16 14:30 - 2014-08-16 14:29 - 00022783 _____ () C:\Users\Jeff\Downloads\FRST.txt
2014-08-16 14:29 - 2014-08-16 14:29 - 00000000 ____D () C:\FRST
2014-08-16 14:29 - 2014-03-12 22:26 - 00000000 ____D () C:\Users\Jeff\AppData\Roaming\Skype
2014-08-16 14:28 - 2014-08-16 14:28 - 02101760 _____ (Farbar) C:\Users\Jeff\Downloads\FRST64.exe
2014-08-16 14:22 - 2014-08-16 14:22 - 00006820 _____ () C:\Users\Jeff\Downloads\FO339CA924D8notrin.zip
2014-08-16 14:17 - 2014-03-12 21:11 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5EE48298-B80A-4FD0-8D70-C259A0F81922}
2014-08-16 14:02 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sru
2014-08-16 13:55 - 2014-03-12 23:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-16 13:18 - 2014-07-07 13:02 - 01083976 _____ () C:\Windows\WindowsUpdate.log
2014-08-16 13:01 - 2014-04-12 12:03 - 00000000 ____D () C:\Users\Jeff\AppData\Roaming\Duplicati
2014-08-16 12:05 - 2014-03-12 23:09 - 00000000 ____D () C:\Users\Jeff\AppData\Roaming\ClassicShell
2014-08-16 01:32 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-08-15 14:44 - 2014-03-12 21:11 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1445442653-2713545844-972804960-1001
2014-08-15 08:23 - 2014-06-03 13:46 - 00002254 ____H () C:\Users\Jeff\Documents\Default.rdp
2014-08-14 21:50 - 2014-03-12 22:49 - 00000000 ____D () C:\Users\Jeff\AppData\Roaming\mIRC
2014-08-14 16:26 - 2014-03-12 22:49 - 00000000 ____D () C:\Program Files (x86)\mIRC
2014-08-14 02:40 - 2013-08-22 09:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-14 02:39 - 2014-03-18 02:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 02:36 - 2014-03-18 02:11 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 21:58 - 2014-08-13 21:58 - 00550584 _____ () C:\Users\Jeff\Downloads\trex_tar.stl
2014-08-12 15:25 - 2014-04-15 13:46 - 00039936 _____ () C:\Users\Jeff\Documents\tattoo lotion.msam
2014-08-12 11:27 - 2014-08-12 11:25 - 253195620 _____ () C:\Users\Jeff\Downloads\Drop Kingz 1.11.zip
2014-08-12 11:23 - 2014-08-12 11:23 - 00464509 _____ () C:\Users\Jeff\Downloads\report.xml
2014-08-12 10:19 - 2014-03-13 11:31 - 00000000 ____D () C:\Users\Jeff\My Things
2014-08-11 16:34 - 2014-08-11 16:31 - 00000000 ___SD () C:\32788R22FWJFW
2014-08-11 16:34 - 2014-07-29 16:46 - 05568206 ____R (Swearware) C:\Users\Jeff\Downloads\ComboFix.exe
2014-08-11 16:31 - 2014-08-11 16:31 - 00000000 ____D () C:\Windows\erdnt
2014-08-11 16:29 - 2014-08-11 16:29 - 05568206 ____R (Swearware) C:\Users\Jeff\Downloads\ComboFix(1).exe
2014-08-11 16:28 - 2014-08-11 16:26 - 00000000 ____D () C:\Users\Jeff\Downloads\defining gel
2014-08-11 16:25 - 2014-08-11 16:25 - 00000000 ____D () C:\Users\Jeff\Downloads\New folder
2014-08-11 16:21 - 2014-04-08 14:17 - 27459584 _____ () C:\Users\Jeff\Documents\Action Outside LLC2.QBW.TLG
2014-08-11 16:21 - 2014-04-08 14:17 - 24559616 _____ () C:\Users\Jeff\Documents\Action Outside LLC2.QBW
2014-08-11 16:01 - 2014-04-08 14:20 - 00000000 ____D () C:\Users\Jeff\Documents\Action Outside LLC2.QBW.SearchIndex
2014-08-11 15:40 - 2014-08-11 15:40 - 00000955 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk
2014-08-11 15:40 - 2014-08-11 15:40 - 00000943 _____ () C:\Users\Public\Desktop\Market Samurai.lnk
2014-08-11 15:40 - 2014-08-11 15:40 - 00000000 ____D () C:\Program Files (x86)\Market Samurai
2014-08-11 14:01 - 2014-04-08 14:20 - 00000000 ____D () C:\Users\Jeff\Documents\QuickBooksAutoDataRecovery
2014-08-09 16:38 - 2014-03-17 06:26 - 00001118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-09 16:38 - 2014-03-17 06:26 - 00001106 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-08 13:17 - 2014-04-08 14:17 - 00000422 _____ () C:\Users\Jeff\Documents\Action Outside LLC2.QBW.ND
2014-08-08 13:17 - 2014-04-08 14:17 - 00000386 _____ () C:\Users\Jeff\Documents\Action Outside LLC2.QBW.DSN
2014-08-08 10:33 - 2014-08-08 10:33 - 00000913 _____ () C:\Users\Jeff\Desktop\JRT.txt
2014-08-08 10:31 - 2014-03-12 21:10 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-08 10:28 - 2014-08-08 10:28 - 00000000 ____D () C:\Windows\ERUNT
2014-08-08 10:27 - 2014-03-12 21:07 - 00000000 __RDO () C:\Users\Jeff\SkyDrive
2014-08-08 10:26 - 2014-05-19 13:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-08 10:25 - 2014-03-12 23:31 - 00000375 _____ () C:\Windows\system32\conveyor-svc.log
2014-08-08 10:25 - 2014-03-12 21:15 - 00002807 _____ () C:\Windows\system32\GManager.ini
2014-08-08 10:25 - 2013-08-22 08:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-08 10:24 - 2014-07-17 07:59 - 00181208 _____ () C:\Windows\PFRO.log
2014-08-08 10:24 - 2013-08-22 07:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-08-08 10:23 - 2014-08-08 10:21 - 00000000 ____D () C:\AdwCleaner
2014-08-08 10:16 - 2014-08-08 10:16 - 01016261 _____ (Thisisu) C:\Users\Jeff\Downloads\JRT.exe
2014-08-08 10:15 - 2014-08-08 10:14 - 01475072 _____ () C:\Users\Jeff\Downloads\AdwCleaner.exe
2014-08-07 15:26 - 2014-03-17 03:56 - 00001456 _____ () C:\Users\Jeff\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-08-07 14:53 - 2014-03-18 10:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-07 14:52 - 2014-08-07 14:52 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-07 14:52 - 2014-05-16 14:49 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-07 12:35 - 2014-04-25 12:31 - 00000000 ___RD () C:\Users\Jeff\Dropbox
2014-08-07 12:35 - 2014-03-17 06:27 - 00000000 ____D () C:\Users\Jeff\AppData\Roaming\Dropbox
2014-08-07 12:34 - 2014-03-17 06:29 - 00001026 _____ () C:\Users\Jeff\Desktop\Dropbox.lnk
2014-08-07 12:34 - 2014-03-17 06:28 - 00000000 ____D () C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-05 09:55 - 2014-07-29 17:03 - 00024900 _____ () C:\Users\Jeff\Desktop\dds.txt
2014-08-05 09:55 - 2014-07-29 17:03 - 00007244 _____ () C:\Users\Jeff\Desktop\attach.txt
2014-08-04 12:36 - 2014-06-10 12:43 - 00000000 ____D () C:\Users\Jeff\Desktop\best tattoo information
2014-08-04 12:25 - 2014-08-04 11:35 - 00001515 _____ () C:\Windows\setupact.log
2014-08-04 12:25 - 2014-04-19 13:05 - 00089904 _____ () C:\Windows\system32\lvcoinst.log
2014-08-04 12:12 - 2014-04-08 14:24 - 00016927 _____ () C:\Users\Jeff\Documents\~qbofx32
2014-08-04 12:12 - 2014-04-08 14:24 - 00000103 _____ () C:\Users\Jeff\Documents\mkx04797.ini
2014-08-04 11:35 - 2014-08-04 11:35 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-04 10:21 - 2014-07-29 17:58 - 00949602 _____ () C:\Users\Jeff\Desktop\urlsForBlast.txt
2014-08-04 10:15 - 2014-08-04 10:15 - 00002967 _____ () C:\Users\Jeff\Downloads\tier_1_links.txt
2014-08-04 10:15 - 2014-08-04 10:15 - 00002407 _____ () C:\Users\Jeff\Downloads\tier_2_links_web_20.txt
2014-07-30 14:48 - 2014-03-17 05:51 - 00000090 _____ () C:\Windows\QBChanUtil_Trigger.ini
2014-07-30 14:28 - 2014-07-30 14:28 - 00158384 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-07-30 13:09 - 2014-04-07 23:51 - 00000000 ____D () C:\Users\Jeff\Desktop\hotfashionz
2014-07-30 12:18 - 2014-07-30 12:18 - 01523625 _____ () C:\Users\Jeff\Desktop\hotfashionlinks.txt
2014-07-30 12:18 - 2014-07-30 12:10 - 00000000 ____D () C:\Program Files (x86)\Xenu
2014-07-30 12:10 - 2014-07-30 12:10 - 00000963 _____ () C:\Users\QBDataServiceUser24\Desktop\Xenu.lnk
2014-07-30 12:10 - 2014-07-30 12:10 - 00000963 _____ () C:\Users\Jeff\Desktop\Xenu.lnk
2014-07-30 12:10 - 2014-07-30 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xenu's Link Sleuth
2014-07-29 18:00 - 2014-07-29 18:00 - 00017381 _____ () C:\Users\Jeff\Desktop\alttagsforblast.txt
2014-07-29 16:58 - 2014-03-14 05:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-29 16:58 - 2014-03-14 05:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-29 16:58 - 2014-03-12 21:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-29 16:51 - 2014-07-02 10:25 - 00000000 ____D () C:\Users\Jeff\Desktop\Jeff 3X600
2014-07-29 16:48 - 2014-07-29 16:48 - 00688992 ____R (Swearware) C:\Users\Jeff\Downloads\dds.scr
2014-07-29 16:36 - 2014-07-29 16:36 - 00688992 _____ (Swearware) C:\Users\Jeff\Downloads\dds.com
2014-07-29 15:18 - 2014-07-29 15:18 - 40687396 _____ () C:\Users\Jeff\Downloads\scrapebox (2).zip
2014-07-29 15:17 - 2014-04-30 14:52 - 00000000 ____D () C:\Users\Jeff\Downloads\scrapebox
2014-07-29 14:29 - 2014-07-29 14:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-25 12:55 - 2014-08-07 14:52 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-25 12:49 - 2014-08-07 14:53 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-25 12:49 - 2014-08-07 14:52 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-25 12:49 - 2014-08-07 14:52 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-24 14:00 - 2014-07-30 12:20 - 00022655 _____ () C:\Users\Jeff\Documents\Montana%20Rental%20Insurance.docx_0.odt
2014-07-24 10:24 - 2014-07-24 10:24 - 00514949 _____ () C:\Users\Jeff\Downloads\ACFrOgCloAHuGAfOyMFJmFqUBDsklRG8ihwkScQJKE7O1rSl8GG3g_W1YEaSkP47M9H3PWS7Ct4d2bXknUuETMLn_iQG8HlxDUS4hhnBZ56aC9B3N5vE5uyz5Hl37Xs=(1)
2014-07-24 10:23 - 2014-07-24 10:23 - 00514949 _____ () C:\Users\Jeff\Downloads\ACFrOgCloAHuGAfOyMFJmFqUBDsklRG8ihwkScQJKE7O1rSl8GG3g_W1YEaSkP47M9H3PWS7Ct4d2bXknUuETMLn_iQG8HlxDUS4hhnBZ56aC9B3N5vE5uyz5Hl37Xs=
2014-07-24 04:56 - 2014-03-14 05:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-22 16:32 - 2014-07-22 16:32 - 00011776 _____ (Nattyware) C:\Users\Jeff\Downloads\pixie(1).exe
2014-07-22 16:26 - 2014-07-22 16:19 - 00089051 _____ () C:\Users\Jeff\Downloads\styles.css
2014-07-20 17:24 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\rescache
2014-07-17 08:00 - 2013-08-22 08:44 - 05864800 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-17 07:58 - 2013-08-22 08:45 - 00000000 ____D () C:\Windows\Setup
2014-07-17 07:56 - 2013-08-22 15:00 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-17 07:56 - 2013-08-22 09:36 - 00000000 ___RD () C:\Windows\ToastData
2014-07-17 07:56 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-17 07:56 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-17 07:56 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\WinStore
2014-07-17 07:56 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\en-GB
2014-07-17 07:50 - 2014-04-02 10:37 - 00000000 ____D () C:\Users\Jeff\AppData\Roaming\.purple

Some content of TEMP:
====================
C:\Users\Jeff\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn3uzaq.dll
C:\Users\Jeff\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprdwrlm.dll
C:\Users\Jeff\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Jeff\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 14:40

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2014 04
Ran by Jeff at 2014-08-16 14:30:56
Running from C:\Users\Jeff\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Active@ ISO Burner 3.0 (HKLM-x32\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 3.0 - LSoft Technologies Inc)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Content Viewer (x32 Version: 1.4.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5.5 Design Standard (HKLM-x32\...\{53CF3920-648B-4F99-8D05-6A6C5298F57B}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{258B44E7-7E43-5DBF-387E-E5AFBC56B2C9}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Profiles (HKLM-x32\...\{A96AE0D4-D0EB-7A10-4E1C-B62F0DCA3384}) (Version: 2.0.4835.37735 - Advanced Micro Devices, Inc.)
Arduino (HKLM-x32\...\Arduino) (Version: 1.0.5-r2 - Arduino LLC)
Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
Duplicati (x64) (HKLM\...\{77BA8977-0BA6-4A83-A741-1DFAD23A6B23}) (Version: 1.3.4 - HexaD)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.4.8.0 - Telerik)
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
G'zOne Commando 4G LTE USB Driver (HKLM-x32\...\{99E1CC2D-EB4F-498B-B6ED-492654677E7E}) (Version: 5.30.17.1 - NEC CASIO Mobile Communications, Ltd.)
HitLeap Viewer 2.8 (HKLM-x32\...\{31B12C11-AE4E-479F-8D6D-242DC265368D}) (Version: 2.8 - HitLeap Ltd.)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
j5 USB DISPLAY ADAPTER 14.01.0226.3179 (HKLM-x32\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 14.01.0226.3179 - j5create)
Jaksta Converter (5.0.1.36) (HKLM-x32\...\Jaksta Converter) (Version: 5.0.1.36 - Jaksta Technologies)
Jaksta Media Recorder (5.0.1.36) (HKLM-x32\...\Jaksta Media Recorder) (Version: 5.0.1.36 - Jaksta Technologies)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KeePass Password Safe 2.25 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.25 - Dominik Reichl)
Kinect for Windows Drivers v1.8 (HKLM\...\{AA62B868-5D5C-46CF-BA88-386BE71D4F87}) (Version: 1.8.0.595 - Microsoft Corporation)
Kinect for Windows Runtime v1.8 (HKLM\...\{2700FAD3-F82C-4ED1-862C-5F425B2A88E6}) (Version: 1.8.0.595 - Microsoft Corporation)
Kinect for Windows SDK v1.8 (HKLM\...\{6702DAC4-51E7-440C-8012-9C0AE9D524DB}) (Version: 1.8.0.595 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-US) (HKLM-x32\...\{8AAA44BB-487E-4D01-AF76-484ACB90DBFE}) (Version: 11.0.7400.336 - Microsoft Corporation)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 11.5.1.0 - Lightworks)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
MakerWare_Bundle_of_Awesome_2.4.1.62_x64_BETA (HKLM-x32\...\MakerBot) (Version: 2.4.1.62 - MakerBot)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.93.33 - Alliance Software Pty Ltd)
Market Samurai (x32 Version: 0.93.33 - Alliance Software Pty Ltd) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Expression Blend 3 SDK (HKLM-x32\...\{256E7DAC-9BE8-494E-8DE7-7857BF96B774}) (Version: 1.0.1343.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for .NET 4 (HKLM-x32\...\{9B3A1C97-A361-463E-8817-444F9F88CDFE}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Silverlight 4 (HKLM-x32\...\{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.1639.0) (Version: 4.0.1639.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (x32 Version: 4.0.1639.0 - Microsoft Corporation) Hidden
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{BF127B80-CFD5-4379-9752-E8AF1A5D0141}) (Version: 4.0.1639.0 - Microsoft Corporation)
Microsoft Expression Studio 4 (HKLM-x32\...\ExpressionStudio_4.0.20525.0) (Version: 4.0.20525.0 - Microsoft Corporation)
Microsoft Expression Studio 4 (x32 Version: 4.0.20525.0 - Microsoft Corporation) Hidden
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1303.0) (Version: 4.0.1303.0 - Microsoft Corporation)
Microsoft Expression Web 4 (x32 Version: 4.0.1303.0 - Microsoft Corporation) Hidden
Microsoft Expression Web 4 Service Pack 2 (HKLM-x32\...\{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}) (Version:  - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1165.0612 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x86) (HKLM-x32\...\{22CB8ED7-DF57-4864-BD04-F63B9CE4B494}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
mIRC (HKLM-x32\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
OpenSCAD (remove only) (HKLM\...\OpenSCAD) (Version:  - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PerformanceTest v7.0 (64-bit) (HKLM\...\PerformanceTest 7_is1) (Version: 7.0 - Passmark Software)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1031.0 - Passmark Software)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.8.02.10270 - Sony Corporation)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
Python 2.6 (HKLM-x32\...\{110EB5C4-E995-4CFB-AB80-A5F315BEA9E8}) (Version: 2.6.150 - Python Software Foundation)
QuickBooks (x32 Version: 24.0.4007.2403 - Intuit Inc.) Hidden
QuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4005.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
ReconstructMe 2.0.199 (HKLM-x32\...\{706A860B-4334-44A4-84B2-64A04DC7154E}) (Version: 2.0.199 - Profactor GmbH)
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Site-Auditor 2.48 (AIR) (HKLM-x32\...\com.adobe.example.site-auditor.ru.86A7ED49C239D23ED42BE5CE0F694DDE3F53F976.1) (Version: 2.48 - UNKNOWN)
Site-Auditor 2.48 (AIR) (x32 Version: 2.48 - UNKNOWN) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
Update for Microsoft en-us Dictionary (Version: 16.1.961.1 - Microsoft Corporation) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{64A98EF1-2680-11E3-A909-F04DA23A5C58}) (Version: 12.0.726 - Sony)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VSDC Free Video Editor version 2.1.6.133 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 2.1.6.133 - Flash-Integro LLC)
VZ_UpgradeMonitorTool (HKLM-x32\...\{C601F8DA-88F1-4380-A431-43072E095C95}) (Version: 1.3.2 - NEC CASIO Mobile Communications, Ltd.)
VZ_UpgradeTool (HKLM-x32\...\{F7086669-0FA1-4834-9C9C-978AC16848CD}) (Version: 1.3.1 - NEC CASIO Mobile Communications, Ltd.)
VZ-TL-PC (HKLM-x32\...\{9A25A804-4303-4787-B2DE-99AD745B1CBB}) (Version: 1.1.6 - NEC CASIO Mobile Communications, Ltd.)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Driver Package - FTDI CDM Driver Package (03/30/2010 2.06.02) (HKLM\...\883C04C33C70062A4AD0ED48685D05F25A854C1D) (Version: 03/30/2010 2.06.02 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (03/30/2010 2.06.02) (HKLM\...\ABE36B9BBD00CD433A4454EBCAD52F303406A488) (Version: 03/30/2010 2.06.02 - FTDI)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (10/24/2013 16.31.44.402) (HKLM\...\3C8B9891A89A64A0D43646719EC82184B33C4048) (Version: 10/24/2013 16.31.44.402 - MakerBot Industries, LLC)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (10/24/2013 16.31.44.418) (HKLM\...\D6083E36A9821DF3D9DCA6F80AECCD3CD8411A75) (Version: 10/24/2013 16.31.44.418 - MakerBot Industries, LLC)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (10/24/2013 16.31.44.418) (HKLM\...\E332B90FD0740040DF2D2CC1865C773283836BB6) (Version: 10/24/2013 16.31.44.418 - MakerBot Industries, LLC)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (10/24/2013 16.31.44.434) (HKLM\...\72D0E03AD363F20E1A8A3FCBA6CDCEEB52988168) (Version: 10/24/2013 16.31.44.434 - MakerBot Industries, LLC)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM-x32\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-4 - Bitnami)
Xenu's Link Sleuth (HKLM-x32\...\Xenu's Link Sleuth) (Version: 1.3.8 - Tilman Hausherr)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1445442653-2713545844-972804960-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1445442653-2713545844-972804960-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-1445442653-2713545844-972804960-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1445442653-2713545844-972804960-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1445442653-2713545844-972804960-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1445442653-2713545844-972804960-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1445442653-2713545844-972804960-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1445442653-2713545844-972804960-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1445442653-2713545844-972804960-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1445442653-2713545844-972804960-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1445442653-2713545844-972804960-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

04-08-2014 02:27:00 Scheduled Checkpoint
07-08-2014 20:51:56 Installed Java 7 Update 67
14-08-2014 08:23:33 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {33160791-E32D-4551-89A3-C631EC8D39D5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3C57123A-6079-4A7B-AF9E-E532E011B885} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {3CE2C2CF-34E9-40AE-8270-701D3DC7D30F} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {45D8D982-5A41-457A-AFE0-20C6B174FFE2} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-05-15] ()
Task: {47EC6FC3-CA5F-4EBD-AC88-FC9A8E0DD809} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {5464C317-A2B7-490D-A144-A3B64F560DBA} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {62DD0874-9BA1-4573-BDA7-D0D44CEC689C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8CFB4CA1-3A6B-4D18-8F52-C457E7408247} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {8E7CDC0C-3E56-4EEC-A6B0-69A2C1809F3F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-14] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B4F96112-3E00-444F-8C2F-CB07E6608459} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1445442653-2713545844-972804960-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {BAC3104D-5DD9-455C-ADCB-3B8207C9A5C7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {CBA4D843-291C-456B-9509-208134C654D4} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D9586D81-6ADB-4FB0-B0FE-8B7B8211E314} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EC834BA3-5AE1-48A3-B198-CA56C6C02E5D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {F708F79C-4C1F-4DF7-B824-3B8B8D88284B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {FF855283-33AD-48DD-913F-F7A127979935} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-jswenson@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-03-12 21:15 - 2012-08-28 15:20 - 00313432 _____ () C:\Windows\system32\GManager.exe
2013-11-11 18:49 - 2013-11-11 18:49 - 00111616 _____ () C:\Program Files\MakerBot\MakerWare\_ctypes.pyd
2013-11-11 18:49 - 2013-11-11 18:49 - 00047616 _____ () C:\Program Files\MakerBot\MakerWare\_socket.pyd
2013-11-11 18:49 - 2013-11-11 18:49 - 01210368 _____ () C:\Program Files\MakerBot\MakerWare\_ssl.pyd
2013-11-11 18:49 - 2013-11-11 18:49 - 00010752 _____ () C:\Program Files\MakerBot\MakerWare\select.pyd
2013-11-11 18:49 - 2013-11-11 18:49 - 00474624 _____ () C:\Program Files\MakerBot\MakerWare\_hashlib.pyd
2013-11-11 18:27 - 2013-11-11 18:27 - 02335232 _____ () C:\Program Files\MakerBot\MakerWare\vtkCommon.dll
2013-11-11 18:27 - 2013-11-11 18:27 - 03068928 _____ () C:\Program Files\MakerBot\MakerWare\vtkFiltering.dll
2013-11-11 18:27 - 2013-11-11 18:27 - 05128192 _____ () C:\Program Files\MakerBot\MakerWare\vtkGraphics.dll
2013-11-11 18:27 - 2013-11-11 18:27 - 04228608 _____ () C:\Program Files\MakerBot\MakerWare\vtkIO.dll
2013-11-11 18:26 - 2013-11-11 18:26 - 02546688 _____ () C:\Program Files\MakerBot\MakerWare\opencv_core245.dll
2013-11-11 18:26 - 2013-11-11 18:26 - 00967168 _____ () C:\Program Files\MakerBot\MakerWare\opencv_calib3d245.dll
2013-11-11 18:26 - 2013-11-11 18:26 - 02207744 _____ () C:\Program Files\MakerBot\MakerWare\opencv_imgproc245.dll
2013-11-11 18:26 - 2013-11-11 18:26 - 02437632 _____ () C:\Program Files\MakerBot\MakerWare\opencv_highgui245.dll
2013-11-11 18:25 - 2013-11-11 18:25 - 00115712 _____ () C:\Program Files\MakerBot\MakerWare\boost_filesystem-vc110-mt-1_53.dll
2013-11-11 18:25 - 2013-11-11 18:25 - 00018944 _____ () C:\Program Files\MakerBot\MakerWare\boost_system-vc110-mt-1_53.dll
2013-11-11 18:25 - 2013-11-11 18:25 - 00097792 _____ () C:\Program Files\MakerBot\MakerWare\boost_thread-vc110-mt-1_53.dll
2013-11-11 18:27 - 2013-11-11 18:27 - 00244736 _____ () C:\Program Files\MakerBot\MakerWare\vtksys.dll
2013-11-11 18:27 - 2013-11-11 18:27 - 00160768 _____ () C:\Program Files\MakerBot\MakerWare\vtkverdict.dll
2013-11-11 18:27 - 2013-11-11 18:27 - 00116224 _____ () C:\Program Files\MakerBot\MakerWare\vtkDICOMParser.dll
2013-11-11 18:27 - 2013-11-11 18:27 - 00784384 _____ () C:\Program Files\MakerBot\MakerWare\vtkNetCDF.dll
2013-11-11 18:27 - 2013-11-11 18:27 - 00110080 _____ () C:\Program Files\MakerBot\MakerWare\vtkNetCDF_cxx.dll
2013-11-11 18:27 - 2013-11-11 18:27 - 00078848 _____ () C:\Program Files\MakerBot\MakerWare\LSDyna.dll
2013-11-11 18:27 - 2013-11-11 18:27 - 00567296 _____ () C:\Program Files\MakerBot\MakerWare\vtkmetaio.dll
2013-11-11 18:27 - 2013-11-11 18:27 - 00126976 _____ () C:\Program Files\MakerBot\MakerWare\vtkpng.dll
2013-11-11 18:27 - 2013-11-11 18:27 - 00065536 _____ () C:\Program Files\MakerBot\MakerWare\vtkzlib.dll
2013-11-11 18:27 - 2013-11-11 18:27 - 00140800 _____ () C:\Program Files\MakerBot\MakerWare\vtkjpeg.dll
2013-11-11 18:27 - 2013-11-11 18:27 - 00315904 _____ () C:\Program Files\MakerBot\MakerWare\vtktiff.dll
2013-11-11 18:27 - 2013-11-11 18:27 - 00127488 _____ () C:\Program Files\MakerBot\MakerWare\vtkexpat.dll
2013-11-11 18:26 - 2013-11-11 18:26 - 00642560 _____ () C:\Program Files\MakerBot\MakerWare\opencv_flann245.dll
2013-11-11 18:26 - 2013-11-11 18:26 - 00901120 _____ () C:\Program Files\MakerBot\MakerWare\opencv_features2d245.dll
2013-11-11 18:27 - 2013-11-11 18:27 - 02135040 _____ () C:\Program Files\MakerBot\MakerWare\vtkhdf5.dll
2013-11-11 18:27 - 2013-11-11 18:27 - 00097280 _____ () C:\Program Files\MakerBot\MakerWare\vtkhdf5_hl.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00689664 _____ () C:\Program Files\MakerBot\MakerWare\unicodedata.pyd
2014-03-12 21:15 - 2011-05-03 19:13 - 00199296 _____ () C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
2014-05-01 13:29 - 2014-05-01 13:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-05-21 20:41 - 2012-05-21 20:41 - 00131072 _____ () C:\Program Files\Duplicati\LightDatamodel.dll
2012-05-21 20:41 - 2012-05-21 20:41 - 00931840 _____ () C:\Program Files\Duplicati\SQLite\win64\System.Data.SQLite.dll
2012-05-21 20:41 - 2012-05-21 20:41 - 00260608 _____ () C:\Program Files\Duplicati\AlphaFS.dll
2013-03-28 23:30 - 2013-03-28 23:30 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-05-15 14:39 - 2014-05-15 14:39 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2011-03-28 11:03 - 2011-03-28 12:03 - 00050176 _____ () G:\programs\adobe\Adobe Photoshop CS5.1 (64 Bit)\QuickTimeGlue.dll
2014-08-11 15:40 - 2014-08-11 15:40 - 00225280 _____ () C:\Program Files (x86)\Market Samurai\Market Samurai.exe
2014-03-18 05:38 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-18 05:38 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-18 05:38 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-18 05:38 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-18 05:38 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-05-15 14:39 - 2014-05-15 14:39 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2014-05-15 14:39 - 2014-05-15 14:39 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2014-05-15 14:39 - 2014-05-15 14:39 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2014-05-15 14:39 - 2014-05-15 14:39 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2014-05-15 14:39 - 2014-05-15 14:39 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2014-05-15 14:38 - 2014-05-15 14:38 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2014-05-15 14:39 - 2014-05-15 14:39 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2014-05-15 14:39 - 2014-05-15 14:39 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2014-05-15 14:38 - 2014-05-15 14:38 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2014-05-15 14:38 - 2014-05-15 14:39 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2014-05-15 14:38 - 2014-05-15 14:38 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2014-05-15 14:39 - 2014-05-15 14:39 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2014-05-15 14:38 - 2014-05-15 14:38 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
2014-06-26 11:54 - 2014-06-26 11:54 - 00623432 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_regex-vc100-mt-1_47.dll
2014-06-26 11:53 - 2014-06-26 11:53 - 00582472 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\BackupLib.dll
2014-06-26 11:56 - 2014-06-26 11:56 - 00021320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBCompressor.dll
2014-06-26 11:56 - 2014-06-26 11:56 - 00142664 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBProActiveCore.dll
2014-06-26 11:54 - 2014-06-26 11:54 - 00623944 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\FtuEngine.dll
2014-06-26 11:56 - 2014-06-26 11:56 - 00149320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBMAPILibrary.dll
2013-12-02 14:27 - 2013-12-02 14:27 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\zlib1.dll
2014-06-26 11:54 - 2014-06-26 11:54 - 00247112 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_serialization-vc100-mt-1_47.dll
2014-06-26 11:54 - 2014-06-26 11:54 - 00791880 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\FeaturesBridge.dll
2014-06-26 11:55 - 2014-06-26 11:55 - 00043848 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\mbpopup.dll
2014-06-26 11:55 - 2014-06-26 11:55 - 00087368 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\IPDWidgetBridge.dll
2014-06-26 11:55 - 2014-06-26 11:55 - 00104264 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\IPDWidgetInterop.dll
2014-06-26 11:57 - 2014-06-26 11:57 - 00501576 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\SyncManagerUtils.dll
2014-06-26 11:56 - 2014-06-26 11:56 - 00113480 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QB2WPFBridge.dll
2014-06-26 11:56 - 2014-06-26 11:56 - 00129352 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\ReportBridge.dll
2014-06-26 11:57 - 2014-06-26 11:57 - 00115016 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\Webification.dll
2014-06-26 11:54 - 2014-06-26 11:54 - 00060232 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\htmlhelper.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2011-01-12 08:08 - 2011-01-12 08:08 - 00060416 _____ () C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\zlib1.dll
2014-07-29 14:28 - 2014-07-29 14:28 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-10 12:53 - 2014-06-10 12:53 - 04792480 _____ () c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Jeff\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk"
HKLM\...\StartupApproved\Run: => "Classic Start Menu"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "FDispPos"
HKLM\...\StartupApproved\Run: => "MCTDUtil"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS5.5ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run32: => "LifeCam"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKCU\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKCU\...\StartupApproved\Run: => "Raptr"
HKCU\...\StartupApproved\Run: => "Skype"
HKCU\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKCU\...\StartupApproved\Run: => "uTorrent"
HKCU\...\StartupApproved\Run: => "Messenger (Yahoo!)"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/15/2014 06:44:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkyDrive.exe, version: 17.3.1165.612, time stamp: 0x539a47b7
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3
Exception code: 0x80000003
Fault offset: 0x000b3425
Faulting process ID: 0x1adc
Faulting application start time: 0xSkyDrive.exe0
Faulting application path: SkyDrive.exe1
Faulting module path: SkyDrive.exe2
Report ID: SkyDrive.exe3
Faulting package full name: SkyDrive.exe4
Faulting package-relative application ID: SkyDrive.exe5

Error: (08/15/2014 02:25:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/15/2014 02:21:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/14/2014 04:50:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkyDrive.exe, version: 17.3.1165.612, time stamp: 0x539a47b7
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3
Exception code: 0x80000003
Fault offset: 0x000b3425
Faulting process ID: 0x1990
Faulting application start time: 0xSkyDrive.exe0
Faulting application path: SkyDrive.exe1
Faulting module path: SkyDrive.exe2
Report ID: SkyDrive.exe3
Faulting package full name: SkyDrive.exe4
Faulting package-relative application ID: SkyDrive.exe5

Error: (08/14/2014 02:32:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/14/2014 02:24:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (08/13/2014 08:20:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkyDrive.exe, version: 17.3.1165.612, time stamp: 0x539a47b7
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3
Exception code: 0x80000003
Fault offset: 0x000b3425
Faulting process ID: 0xc14
Faulting application start time: 0xSkyDrive.exe0
Faulting application path: SkyDrive.exe1
Faulting module path: SkyDrive.exe2
Report ID: SkyDrive.exe3
Faulting package full name: SkyDrive.exe4
Faulting package-relative application ID: SkyDrive.exe5

Error: (08/13/2014 03:07:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkyDrive.exe, version: 17.3.1165.612, time stamp: 0x539a47b7
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3
Exception code: 0x80000003
Fault offset: 0x000b3425
Faulting process ID: 0x18c8
Faulting application start time: 0xSkyDrive.exe0
Faulting application path: SkyDrive.exe1
Faulting module path: SkyDrive.exe2
Report ID: SkyDrive.exe3
Faulting package full name: SkyDrive.exe4
Faulting package-relative application ID: SkyDrive.exe5

Error: (08/12/2014 10:18:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program makerware.exe version 2.4.1.62 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12f4

Start Time: 01cfb5b4eb49e0ea

Termination Time: 23

Application Path: C:\Program Files\MakerBot\MakerWare\makerware.exe

Report Id: 503b1e07-223c-11e4-8292-902b349961e6

Faulting package full name:

Faulting package-relative application ID:

Error: (08/12/2014 05:54:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (08/15/2014 09:54:16 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (08/15/2014 09:43:11 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (08/14/2014 11:55:56 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (08/13/2014 03:30:45 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (08/12/2014 09:33:33 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (08/12/2014 04:21:27 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (08/11/2014 04:31:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The QuickBooksDB24 service terminated unexpectedly. It has done this 1 time(s).

Error: (08/11/2014 03:39:19 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (08/10/2014 05:41:18 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (08/10/2014 01:58:11 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.


Microsoft Office Sessions:
=========================
Error: (08/15/2014 06:44:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyDrive.exe17.3.1165.612539a47b7KERNELBASE.dll6.3.9600.17055532943a380000003000b34251adc01cfb8eb32abe36dC:\Users\Jeff\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\Windows\SYSTEM32\KERNELBASE.dll71e8254c-24de-11e4-8292-902b349961e6

Error: (08/15/2014 02:25:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Python26\Lib\distutils\command\wininst-8_d.exe

Error: (08/15/2014 02:21:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Python26\Lib\distutils\command\wininst-8_d.exe

Error: (08/14/2014 04:50:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyDrive.exe17.3.1165.612539a47b7KERNELBASE.dll6.3.9600.17055532943a380000003000b3425199001cfb7ad9c4a372dC:\Users\Jeff\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\Windows\SYSTEM32\KERNELBASE.dlldb9481d7-23a0-11e4-8292-902b349961e6

Error: (08/14/2014 02:32:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Python26\Lib\distutils\command\wininst-8_d.exe

Error: (08/14/2014 02:24:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (08/13/2014 08:20:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyDrive.exe17.3.1165.612539a47b7KERNELBASE.dll6.3.9600.17055532943a380000003000b3425c1401cfb701c076cfc4C:\Users\Jeff\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\Windows\SYSTEM32\KERNELBASE.dllff78c5c6-22f4-11e4-8292-902b349961e6

Error: (08/13/2014 03:07:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyDrive.exe17.3.1165.612539a47b7KERNELBASE.dll6.3.9600.17055532943a380000003000b342518c801cfb6d609c7813aC:\Users\Jeff\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\Windows\SYSTEM32\KERNELBASE.dll48dc8ac9-22c9-11e4-8292-902b349961e6

Error: (08/12/2014 10:18:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: makerware.exe2.4.1.6212f401cfb5b4eb49e0ea23C:\Program Files\MakerBot\MakerWare\makerware.exe503b1e07-223c-11e4-8292-902b349961e6

Error: (08/12/2014 05:54:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Python26\Lib\distutils\command\wininst-8_d.exe


CodeIntegrity Errors:
===================================
  Date: 2014-08-16 04:25:07.773
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-16 04:25:07.643
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-16 04:25:07.488
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-15 02:49:39.262
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-15 02:49:39.146
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-15 02:49:38.996
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-14 03:00:36.444
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-14 03:00:36.335
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-14 03:00:36.200
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-13 04:15:19.726
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD Athlon™ II X4 640 Processor
Percentage of memory in use: 75%
Total physical RAM: 8189.55 MB
Available physical RAM: 1971.55 MB
Total Pagefile: 12797.55 MB
Available Pagefile: 3881.72 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.16 GB) (Free:9.12 GB) NTFS
Drive g: (Simplixity1) (Fixed) (Total:1397.26 GB) (Free:1001.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 0008DD04)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1397.3 GB) (Disk ID: 3D653C31)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:51 AM

Posted 17 August 2014 - 06:03 AM


Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. default settings are fine
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a threat scan

1.On the Dashboard, click the 'Update Now >>' link
2.After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
3.If an update is available, click the Update Now button.
4.A Threat Scan will begin.
5.When the scan is complete, if there have been detections, click "Quarantine all" to allow MBAM to clean what was detected.
6.In most cases, a restart will be required.
7.Wait for the prompt to restart the computer to appear, then click on Yes.

Get the report

1.After the restart once you are back at your desktop, open MBAM once more.
2.Click on the History tab at the top
3. Click on the Application Logs at the left
4.Double click on the scan log which shows the Date and time of the scan just performed.
5.Click 'Export'.
6.Click 'Text file (*.txt)'
7.In the Save File dialog box which appears, click on Desktop.
8.In the File name: box type a name for your scan log.
9.A message box named 'File Saved' should appear stating "Your file has been successfully exported".
10.Click Ok
11. Attach that saved log to your next reply.


Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 intrin

intrin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 19 August 2014 - 07:14 PM

will do this friday.



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:51 AM

Posted 20 August 2014 - 06:17 AM

I will look for you then


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:51 AM

Posted 23 August 2014 - 08:04 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users