Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware preventing change of internet proxy settings, cannot access internet


  • This topic is locked This topic is locked
14 replies to this topic

#1 SpreadableFruit

SpreadableFruit

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 17 August 2014 - 04:55 PM

Background.

I recently installed some free software which came with some adware, and changed my browser settings (home page, default search engines.) After some work I was able to remove them, but now have encountered a new problem which I expect is also malware related.
 
Problem
When I direct my browsers to any website I get a message saying that there is no response from the proxy server. I have never used a proxy server for internet access and when I go into my Internet Properties>LAN Settings and un-check "Use a proxy Server for your LAN" and check "Automatically detect settings" the settings are not remembered and revert as soon as I close and re-open "LAN Settings" rendering my browsers useless.
 
Things I've Tried
Scans with

Malwarebytes antimalware

Microsoft security essentials

Spybot Search and Destroy

CCleaner (cleaner and registry)

Using regedit to manually delete suspicious registry keys
The FRST fixlist here
The OTL fix here

 

Any help you can offer is appreciated. I am accessing the internet via a netbook and have been installing scanners to the infected PC via flash drive.

 

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428
Run by David at 14:42:47 on 2014-08-17
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8160.6775 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\pastaleads\PastaLeadsService.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\System32\StikyNot.exe
C:\Users\David\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\David\AppData\Local\Akamai\netsession_win.exe
E:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
E:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wermgr.exe
C:\Windows\system32\wermgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [F.lux] "C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [Google Update] "C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Akamai NetSession Interface] "C:\Users\David\AppData\Local\Akamai\netsession_win.exe"
uRun: [DisplayFusion] "E:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [AdobeBridge] <no file>
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "E:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
LSP: C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{D79E8759-39D9-419B-9836-7274A5DBA2FF} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{D79E8759-39D9-419B-9836-7274A5DBA2FF} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tea8k4sz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.searchiseasy.info/?pid=34&r=2013/09/01&hid=12621765294714844671&lg=EN&cc=US&unqvl=33&l=1&q=
FF - plugin: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\David\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\David\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\David\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-4-20 283200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 bckd;bckd;C:\Windows\System32\drivers\bckd.sys [2013-3-1 127216]
R2 bckwfs;Blue Coat K9 Web Protection;C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2013-3-1 2649840]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 133928]
R2 pastaleadsServiceCore;PastaQuotes;C:\Program Files (x86)\pastaleads\PastaLeadsService.exe [2014-6-18 384408]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2014-2-17 65657]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2013-3-1 27136]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-3-1 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-3-1 168384]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-3-1 65152]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2013-3-1 88832]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-3-1 646248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-11-15 137528]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-3-1 1103392]
S2 SkypeUpdate;Skype Updater;E:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-6-15 1471352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-13 111616]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-1 20992]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2013-3-1 58472]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan620.sys [2013-3-1 32360]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2013-3-1 58472]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-1 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-1 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2014-08-17 17:48:20 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1B0D7759-05CF-4BFD-B974-901510BF0FF7}\mpengine.dll
2014-08-16 20:32:50 -------- d-----w- C:\FRST
2014-08-16 02:09:35 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-14 01:55:55 -------- d-----w- C:\Windows\Migration
2014-08-14 01:22:39 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-14 01:22:39 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-14 01:22:39 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-14 01:22:39 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-14 01:22:38 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-14 01:22:38 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-14 01:22:28 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-14 01:22:28 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-14 01:20:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-14 01:19:57 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-08-14 01:18:57 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-14 01:18:57 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-14 00:38:50 -------- d-----w- C:\_OTL
2014-08-14 00:36:03 -------- d-----w- C:\RegBackup
2014-08-14 00:35:20 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2014-08-13 04:15:57 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F74CD874-58ED-42FA-AABF-628CC6665BE7}\gapaengine.dll
2014-08-11 01:51:20 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2014-08-11 01:10:24 -------- d-----w- C:\ProgramData\pastaleads
2014-08-11 01:10:24 -------- d-----w- C:\Program Files (x86)\pastaleads
2014-08-11 01:10:17 -------- d-----w- C:\Program Files (x86)\focusbase
2014-08-11 01:09:50 -------- d-----w- C:\Program Files (x86)\YouTube Accelerator
2014-08-11 01:09:48 -------- d-----w- C:\ProgramData\SearchModule
2014-08-11 01:09:46 -------- d-----w- C:\Program Files\Common Files\Goobzo
2014-08-11 01:09:40 172032 ----a-w- C:\Windows\SysWow64\AniGIF.ocx
2014-08-11 01:09:33 -------- d-----w- C:\Users\David\AppData\Local\CrashRpt
2014-08-11 00:46:18 -------- d-----w- C:\Program Files (x86)\Audacity
2014-08-10 17:03:27 -------- d-----w- C:\Program Files (x86)\Plex
2014-07-30 00:36:51 -------- d-----w- C:\Users\David\AppData\Roaming\uTorrent
2014-07-27 18:45:32 81384128 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2014-07-27 18:45:32 5532368 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2014-07-27 18:45:32 5233848 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2014-07-27 18:45:32 26273464 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2014-07-27 18:41:36 3633848 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\1033\MSOINTL.DLL
2014-07-27 18:41:22 81384128 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2014-07-27 18:41:20 7501528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2014-07-27 18:41:20 7259328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2014-07-27 18:41:20 654512 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2014-07-27 18:41:20 36681400 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2014-07-27 18:41:18 197328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\LICLUA.EXE
2014-07-20 23:51:42 -------- d-----w- C:\Program Files\iPod
2014-07-20 23:51:41 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-20 23:51:41 -------- d-----w- C:\Program Files\iTunes
2014-07-20 23:49:51 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-07-20 23:49:51 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-07-20 23:49:51 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-07-20 23:49:51 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-07-20 23:49:51 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-07-19 22:52:11 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-19 22:51:57 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-19 22:51:57 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-07-19 22:51:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
.
==================== Find3M  ====================
.
2014-07-16 03:25:04 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:24 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-07-16 02:12:11 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-06-03 10:02:37 112064 ----a-w- C:\Windows\System32\consent.exe
2014-06-03 10:02:21 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-06-03 10:02:21 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-06-03 10:02:12 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-06-03 09:29:50 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 14:42:58.99 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:16 AM

Posted 22 August 2014 - 05:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/544752 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 SpreadableFruit

SpreadableFruit
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 24 August 2014 - 07:08 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428
Run by David at 17:04:01 on 2014-08-24
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8160.6559 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\pastaleads\PastaLeadsService.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\System32\StikyNot.exe
C:\Users\David\AppData\Local\Akamai\netsession_win.exe
C:\Users\David\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\SearchIndexer.exe
E:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
E:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\wuauclt.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wermgr.exe
C:\Windows\system32\wermgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [F.lux] "C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [Google Update] "C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Akamai NetSession Interface] "C:\Users\David\AppData\Local\Akamai\netsession_win.exe"
uRun: [DisplayFusion] "E:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [AdobeBridge] <no file>
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "E:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
LSP: C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{D79E8759-39D9-419B-9836-7274A5DBA2FF} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{D79E8759-39D9-419B-9836-7274A5DBA2FF} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tea8k4sz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.searchiseasy.info/?pid=34&r=2013/09/01&hid=12621765294714844671&lg=EN&cc=US&unqvl=33&l=1&q=
FF - plugin: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\David\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\David\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\David\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-4-20 283200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 bckd;bckd;C:\Windows\System32\drivers\bckd.sys [2013-3-1 127216]
R2 bckwfs;Blue Coat K9 Web Protection;C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2013-3-1 2649840]
R2 pastaleadsServiceCore;PastaQuotes;C:\Program Files (x86)\pastaleads\PastaLeadsService.exe [2014-6-18 384408]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2014-2-17 65657]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2013-3-1 27136]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-3-1 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-3-1 168384]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-3-1 65152]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2013-3-1 88832]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-3-1 646248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-11-15 137528]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-3-1 1103392]
S2 SkypeUpdate;Skype Updater;E:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-6-15 1471352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-13 111616]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 133928]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-1 20992]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2013-3-1 58472]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan620.sys [2013-3-1 32360]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2013-3-1 58472]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-1 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-1 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2014-08-23 21:21:33 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2970EEA1-B08B-41F6-B59E-412DCFCDF7F4}\mpengine.dll
2014-08-22 04:23:19 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-20 03:25:16 1169712 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{34916703-4F2F-4A73-894F-7AF570C60CFE}\gapaengine.dll
2014-08-18 01:14:26 642052 ----a-r- C:\Program Files (x86)\steam_api.dll
2014-08-18 01:11:36 -------- d-----w- C:\ProgramData\Steam
2014-08-18 01:07:12 -------- d-----w- C:\Program Files (x86)\Age of Empires II HD The Forgotten
2014-08-16 20:32:50 -------- d-----w- C:\FRST
2014-08-14 01:55:55 -------- d-----w- C:\Windows\Migration
2014-08-14 01:22:39 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-14 01:22:39 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-14 01:22:39 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-14 01:22:39 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-14 01:22:38 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-14 01:22:38 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-14 01:22:28 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-14 01:22:28 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-14 01:20:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-14 01:19:57 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-08-14 01:18:57 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-14 01:18:57 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-14 00:38:50 -------- d-----w- C:\_OTL
2014-08-14 00:36:03 -------- d-----w- C:\RegBackup
2014-08-14 00:35:20 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2014-08-11 01:51:20 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2014-08-11 01:10:24 -------- d-----w- C:\ProgramData\pastaleads
2014-08-11 01:10:24 -------- d-----w- C:\Program Files (x86)\pastaleads
2014-08-11 01:10:17 -------- d-----w- C:\Program Files (x86)\focusbase
2014-08-11 01:09:50 -------- d-----w- C:\Program Files (x86)\YouTube Accelerator
2014-08-11 01:09:48 -------- d-----w- C:\ProgramData\SearchModule
2014-08-11 01:09:46 -------- d-----w- C:\Program Files\Common Files\Goobzo
2014-08-11 01:09:40 172032 ----a-w- C:\Windows\SysWow64\AniGIF.ocx
2014-08-11 01:09:33 -------- d-----w- C:\Users\David\AppData\Local\CrashRpt
2014-08-11 00:46:18 -------- d-----w- C:\Program Files (x86)\Audacity
2014-08-10 17:03:27 -------- d-----w- C:\Program Files (x86)\Plex
2014-07-30 00:36:51 -------- d-----w- C:\Users\David\AppData\Roaming\uTorrent
2014-07-27 18:45:32 81384128 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2014-07-27 18:45:32 5532368 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2014-07-27 18:45:32 5233848 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2014-07-27 18:45:32 26273464 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2014-07-27 18:41:36 3633848 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\1033\MSOINTL.DLL
2014-07-27 18:41:22 81384128 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2014-07-27 18:41:20 7501528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2014-07-27 18:41:20 7259328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2014-07-27 18:41:20 654512 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2014-07-27 18:41:20 36681400 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2014-07-27 18:41:18 197328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\LICLUA.EXE
.
==================== Find3M  ====================
.
2014-08-13 04:10:45 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-16 03:25:04 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:24 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-07-16 02:12:11 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-06-03 10:02:37 112064 ----a-w- C:\Windows\System32\consent.exe
2014-06-03 10:02:21 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-06-03 10:02:21 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-06-03 10:02:12 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-06-03 09:29:50 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 17:04:12.08 ===============
 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:16 PM

Posted 25 August 2014 - 08:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.
 
at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)
 
ipconfig /release 
 
repeat with
ipconfig /renew
 
Then hit Enter, type Exit, hit  the Enter key.
 
You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
<<<>>>
 
If still unable to connect to the internet with this computer.
Using a good computer download these tools to a Flash drive and copy them to the Desktop of the problem computer.
Run them as suggested.
 
===
 
 
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the  Scan  button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  •  
    IMPORTANT
     
    • If you click the Clean button all items listed in the report will be removed.
     
    If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
     
    • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the  Scan  button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
  • ===
     
    Download the  version of this tool for your operating system.
    and save it to a folder on your computer's Desktop.
    Double-click to run it. When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
    ===
     
    Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
    To attach a file select the "More Reply Option" and follow the instructions.
     
    How is the computer running?
    Wait for further instructions.
     
     
     
     
     
     
     
     

     

     


    #5 SpreadableFruit

    SpreadableFruit
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Local time:09:16 PM

    Posted 26 August 2014 - 08:31 PM

    AdwCleaner

    # AdwCleaner v3.308 - Report created 26/08/2014 at 18:19:02
    # Updated 20/08/2014 by Xplode
    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Username : David - LEVIATHAN
    # Running from : C:\Users\David\Desktop\adwcleaner_3.308.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
    Service Deleted : pastaleadsServiceCore
    [#] Service Deleted : SMUpdd
     
    ***** [ Files / Folders ] *****
     
    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\pastaleads
    Folder Deleted : C:\ProgramData\SearchModule
    Folder Deleted : C:\ProgramData\ssavEnshaare
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Player Pro
    Folder Deleted : C:\Program Files (x86)\Flash Player Pro
    Folder Deleted : C:\Program Files (x86)\focusbase
    Folder Deleted : C:\Program Files (x86)\pastaleads
    Folder Deleted : C:\Program Files (x86)\YouTube Accelerator
    Folder Deleted : C:\Users\David\AppData\LocalLow\Goobzo
    Folder Deleted : C:\Users\David\AppData\Roaming\SendSpace
    Folder Deleted : C:\Users\David\Documents\Flash Player Pro
    Folder Deleted : C:\Users\Public\Documents\Goobzo
    Folder Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tea8k4sz.default\Extensions\0cgvxkak@sdbg-yeei.com
    File Deleted : C:\Users\Blaire\Desktop\YouTube Accelerator.lnk
    File Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tea8k4sz.default\user.js
     
    ***** [ Scheduled Tasks ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Goobzo
    Key Deleted : HKLM\SOFTWARE\NpApp
    Key Deleted : HKLM\SOFTWARE\PIP
    Key Deleted : HKLM\SOFTWARE\SProtector
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pastaleads
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62D82EC1-0D3A-DF54-8E3E-07E1337A5311}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v11.0.9600.16428
     
     
    -\\ Mozilla Firefox v20.0.1 (en-US)
     
    [ File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tea8k4sz.default\prefs.js ]
     
    Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
    Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
    Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.searchiseasy.info/?pid=34&r=2013/09/01&hid=12621765294714844671&lg=EN&cc=US&unqvl=33&l=1&q=");
    Line Deleted : user_pref("browser.search.order.1", "WebSearch");
    Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
    Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
    Line Deleted : user_pref("extensions.SfRAv6Y.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo[...]
     
    -\\ Google Chrome v36.0.1985.125
     
    [ File : C:\Users\Blaire\AppData\Local\Google\Chrome\User Data\Default\preferences ]
     
     
    [ File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences ]
     
     
    *************************
     
    AdwCleaner[R0].txt - [5805 octets] - [26/08/2014 18:17:07]
    AdwCleaner[S0].txt - [5662 octets] - [26/08/2014 18:19:02]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5722 octets] ##########
     
     
    FRST output
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
    Ran by David (administrator) on LEVIATHAN on 26-08-2014 18:24:36
    Running from C:\Users\David\Desktop
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
     
    The only official download link for FRST:
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    (Flux Software LLC) C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe
    (Google Inc.) C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
    () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    () C:\Program Files\Core Temp\Core Temp.exe
    (Binary Fortress Software) E:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
    (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Apple Inc.) E:\Program Files (x86)\iTunes\iTunesHelper.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    (Binary Fortress Software) E:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
    (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Akamai Technologies, Inc.) C:\Users\David\AppData\Local\Akamai\netsession_win.exe
    (Akamai Technologies, Inc.) C:\Users\David\AppData\Local\Akamai\netsession_win.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Farbar) C:\Users\David\Desktop\FRST64 (1).exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [QuickTime Task] => E:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => E:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
    HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [F.lux] => C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
    HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [Google Update] => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-03-01] (Google Inc.)
    HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [DAEMON Tools Lite] => E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
    HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4288048 2013-04-21] ()
    HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [Akamai NetSession Interface] => C:\Users\David\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-26] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [DisplayFusion] => E:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [645296 2009-12-09] (Binary Fortress Software)
    HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [4525192 2014-08-01] (Plex, Inc.)
    HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Policies\Explorer: [] 
    HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\MountPoints2: F - F:\aocsetup.exe /autorun
    HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\MountPoints2: {05fabc8c-a9d7-11e2-bc50-94de800d9e4b} - F:\setup.exe
    HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\MountPoints2: {313a92d8-89b3-11e3-bdde-94de800d9e4b} - G:\MotorolaDeviceManagerSetup.exe -a
    HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\MountPoints2: {313a9420-89b3-11e3-bdde-94de800d9e4b} - G:\MotorolaDeviceManagerSetup.exe -a
    BootExecute: autocheck autochk * sdnclean64.exe
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x920B98DCE016CE01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
    Tcpip\..\Interfaces\{D79E8759-39D9-419B-9836-7274A5DBA2FF}: [NameServer] 208.67.222.222,208.67.220.220
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tea8k4sz.default
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\David\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\David\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\David\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\David\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF StartMenuInternet: FIREFOX.EXE - E:\Program Files (x86)\Mozilla Firefox\firefox.exe
     
    Chrome: 
    =======
    CHR HomePage: Default -> 
    CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
    CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1
    CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-13]
    CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-13]
    CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-13]
    CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-13]
    CHR Extension: (AdBlock) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-03]
    CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-10]
    CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-13]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
    R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2649840 2013-03-01] (Blue Coat Systems, Inc.)
    R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
    R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
    S2 SkypeUpdate; E:\Program Files (x86)\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 bckd; C:\Windows\System32\drivers\bckd.sys [127216 2013-03-01] (Blue Coat Systems, Inc.)
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-20] (DT Soft Ltd)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
    S3 Secdrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [14368 1968-04-08] () [File not signed]
    R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
    R3 ALSysIO; \??\C:\Users\David\AppData\Local\Temp\ALSysIO64.sys [X]
    S3 gdrv; \??\C:\Windows\gdrv.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-08-26 18:24 - 2014-08-26 18:20 - 02103296 _____ (Farbar) C:\Users\David\Desktop\FRST64 (1).exe
    2014-08-26 18:21 - 2014-08-26 18:21 - 00005858 _____ () C:\Users\David\Desktop\AdwCleaner[S0].txt
    2014-08-26 18:18 - 2014-08-26 18:18 - 00005805 _____ () C:\Users\David\Desktop\AdwCleaner[R0].txt
    2014-08-26 18:16 - 2014-08-26 18:19 - 00000000 ____D () C:\AdwCleaner
    2014-08-26 18:14 - 2014-08-26 18:12 - 01364531 _____ () C:\Users\David\Desktop\adwcleaner_3.308.exe
    2014-08-17 18:18 - 2014-08-17 18:18 - 00000970 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Empires II HD The Forgotten.lnk
    2014-08-17 18:18 - 2014-08-17 18:18 - 00000958 _____ () C:\Users\Public\Desktop\Age of Empires II HD The Forgotten.lnk
    2014-08-17 18:14 - 2013-11-07 11:32 - 00002100 ____R () C:\Program Files (x86)\steam_api.ini
    2014-08-17 18:14 - 2013-11-07 11:31 - 00642052 ____R () C:\Program Files (x86)\steam_api.dll
    2014-08-17 18:11 - 2014-08-17 18:11 - 00000000 ____D () C:\ProgramData\Steam
    2014-08-17 18:07 - 2014-08-24 16:13 - 00000000 ____D () C:\Program Files (x86)\Age of Empires II HD The Forgotten
    2014-08-17 18:06 - 2014-08-17 18:06 - 00000000 ____D () C:\Users\David\Desktop\Age.of.Empires.II.HD.The.Forgotten-RELOADED
    2014-08-17 14:43 - 2014-08-24 17:05 - 00053302 _____ () C:\Users\David\Desktop\attach.txt
    2014-08-17 14:43 - 2014-08-24 17:05 - 00022331 _____ () C:\Users\David\Desktop\dds.txt
    2014-08-17 14:42 - 2014-08-17 14:41 - 00688992 ____R (Swearware) C:\Users\David\Desktop\dds.com
    2014-08-16 17:15 - 2014-08-16 17:15 - 00000000 ____D () C:\Users\David\Desktop\Aladdin.1992.1080p.BluRay.x264.anoXmous
    2014-08-16 13:33 - 2014-08-26 18:24 - 00017469 _____ () C:\Users\David\Desktop\FRST.txt
    2014-08-16 13:33 - 2014-08-16 13:34 - 00059409 _____ () C:\Users\David\Desktop\Addition.txt
    2014-08-16 13:32 - 2014-08-26 18:24 - 00000000 ____D () C:\FRST
    2014-08-16 13:32 - 2014-08-16 13:31 - 02101760 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
    2014-08-16 12:45 - 2014-08-16 12:40 - 00244120 _____ () C:\Users\David\Desktop\Firefox Setup Stub 31.0.exe
    2014-08-13 19:29 - 2014-08-26 18:20 - 00203306 _____ () C:\Windows\PFRO.log
    2014-08-13 18:54 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
    2014-08-13 18:51 - 2014-08-13 18:51 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-08-13 18:51 - 2014-08-13 18:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-08-13 18:51 - 2014-08-13 18:51 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-08-13 18:51 - 2014-08-13 18:51 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-08-13 18:51 - 2014-08-13 18:51 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2014-08-13 18:51 - 2014-08-13 18:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
    2014-08-13 18:51 - 2014-08-13 18:51 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2014-08-13 18:51 - 2014-08-13 18:51 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2014-08-13 18:51 - 2014-08-13 18:51 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2014-08-13 18:51 - 2014-08-13 18:51 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2014-08-13 18:51 - 2014-08-13 18:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-08-13 18:50 - 2014-08-13 18:54 - 00007948 _____ () C:\Windows\IE11_main.log
    2014-08-13 18:22 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
    2014-08-13 18:22 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
    2014-08-13 18:22 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
    2014-08-13 18:22 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
    2014-08-13 18:22 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
    2014-08-13 18:22 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
    2014-08-13 18:22 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
    2014-08-13 18:22 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
    2014-08-13 18:21 - 2014-08-13 18:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-08-13 18:21 - 2014-03-04 02:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-08-13 18:21 - 2014-03-04 02:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
    2014-08-13 18:21 - 2014-03-04 02:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2014-08-13 18:21 - 2014-03-04 02:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
    2014-08-13 18:21 - 2014-03-04 02:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-08-13 18:21 - 2014-03-04 02:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
    2014-08-13 18:21 - 2014-03-04 02:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
    2014-08-13 18:21 - 2014-03-04 02:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
    2014-08-13 18:21 - 2014-03-04 02:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
    2014-08-13 18:21 - 2014-03-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
    2014-08-13 18:21 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2014-08-13 18:21 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2014-08-13 18:21 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
    2014-08-13 18:21 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
    2014-08-13 18:21 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
    2014-08-13 18:21 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
    2014-08-13 18:21 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
    2014-08-13 18:21 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
    2014-08-13 18:21 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
    2014-08-13 18:21 - 2014-03-04 02:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2014-08-13 18:20 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-08-13 18:20 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-08-13 18:20 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
    2014-08-13 18:20 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
    2014-08-13 18:20 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
    2014-08-13 18:20 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
    2014-08-13 18:20 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
    2014-08-13 18:20 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
    2014-08-13 18:20 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
    2014-08-13 18:20 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
    2014-08-13 18:20 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
    2014-08-13 18:20 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
    2014-08-13 18:20 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
    2014-08-13 18:20 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
    2014-08-13 18:20 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
    2014-08-13 18:20 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
    2014-08-13 18:20 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-08-13 18:20 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2014-08-13 18:20 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2014-08-13 18:20 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2014-08-13 18:20 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2014-08-13 18:20 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2014-08-13 18:20 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2014-08-13 18:20 - 2014-04-04 19:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2014-08-13 18:20 - 2014-04-04 19:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2014-08-13 18:19 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2014-08-13 18:19 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-08-13 18:19 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2014-08-13 18:19 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2014-08-13 18:19 - 2014-05-08 02:32 - 01112064 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2014-08-13 18:19 - 2014-04-24 19:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2014-08-13 18:19 - 2014-04-24 19:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2014-08-13 18:19 - 2014-03-26 07:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2014-08-13 18:19 - 2014-03-26 07:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-08-13 18:19 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2014-08-13 18:19 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-08-13 18:19 - 2014-03-26 07:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2014-08-13 18:19 - 2014-03-26 07:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2014-08-13 18:19 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
    2014-08-13 18:19 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2014-08-13 18:18 - 2014-08-06 19:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-08-13 18:18 - 2014-08-06 19:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-08-13 18:17 - 2014-07-15 20:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-08-13 18:17 - 2014-07-15 19:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2014-08-13 18:17 - 2014-07-15 19:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-08-13 18:17 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2014-08-13 18:17 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2014-08-13 18:17 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-08-13 18:17 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2014-08-13 18:17 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-08-13 18:17 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-08-13 18:17 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-08-13 18:17 - 2014-05-30 01:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-08-13 18:17 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-08-13 18:17 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-08-13 18:17 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-08-13 18:17 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-08-13 18:17 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-08-13 18:17 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-08-13 18:17 - 2014-05-30 00:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-08-13 18:17 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-08-13 18:17 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-08-13 18:17 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2014-08-13 18:17 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-08-13 18:17 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-08-13 18:17 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-08-13 18:17 - 2014-04-11 19:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-08-13 18:17 - 2014-04-11 19:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2014-08-13 18:17 - 2014-04-11 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2014-08-13 18:17 - 2014-04-11 19:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2014-08-13 18:17 - 2014-04-11 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2014-08-13 18:17 - 2014-04-11 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2014-08-13 18:17 - 2014-03-04 02:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2014-08-13 18:17 - 2014-03-04 02:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2014-08-13 18:17 - 2014-03-04 02:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2014-08-13 18:17 - 2014-03-04 02:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2014-08-13 18:17 - 2014-03-04 02:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2014-08-13 18:17 - 2014-03-04 02:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2014-08-13 18:17 - 2014-03-04 02:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2014-08-13 18:17 - 2014-03-04 02:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2014-08-13 18:17 - 2014-03-04 02:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2014-08-13 18:17 - 2014-03-04 01:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2014-08-13 18:17 - 2014-03-04 01:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2014-08-13 18:17 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
    2014-08-13 18:17 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
    2014-08-13 18:17 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
    2014-08-13 18:17 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
    2014-08-13 18:17 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
    2014-08-13 18:17 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2014-08-13 17:47 - 2014-08-13 17:47 - 00098576 _____ () C:\Users\David\Desktop\Extras.Txt
    2014-08-13 17:46 - 2014-08-13 17:46 - 00237036 _____ () C:\Users\David\Desktop\OTL.Txt
    2014-08-13 17:38 - 2014-08-13 17:38 - 00000000 ____D () C:\_OTL
    2014-08-13 17:38 - 2014-08-13 17:37 - 00002245 _____ () C:\Users\David\Desktop\New Text Document.txt
    2014-08-13 17:36 - 2014-08-13 17:36 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LEVIATHAN-Microsoft-Windows-7-Ultimate-(64-bit).dat
    2014-08-13 17:36 - 2014-08-13 17:36 - 00000000 ____D () C:\RegBackup
    2014-08-13 17:35 - 2014-08-13 17:35 - 00002231 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2014-08-13 17:35 - 2014-08-13 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-08-13 17:35 - 2014-08-13 17:35 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-08-13 17:34 - 2014-08-13 17:33 - 04057608 _____ () C:\Users\David\Desktop\tweaking.com_registry_backup_setup.exe
    2014-08-13 17:33 - 2014-08-13 17:29 - 00602112 _____ (OldTimer Tools) C:\Users\David\Desktop\OTL.exe
    2014-08-13 17:13 - 2014-08-26 18:20 - 00001288 _____ () C:\Windows\setupact.log
    2014-08-12 21:35 - 2014-08-12 21:35 - 00000000 _____ () C:\Windows\setuperr.log
    2014-08-10 18:51 - 2014-08-10 18:51 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\David\Downloads\revosetup.exe
    2014-08-10 18:51 - 2014-08-10 18:51 - 00001260 _____ () C:\Users\David\Desktop\Revo Uninstaller.lnk
    2014-08-10 18:51 - 2014-08-10 18:51 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
    2014-08-10 18:11 - 2014-08-10 18:11 - 00003402 _____ () C:\Windows\System32\Tasks\PastaQuotes
    2014-08-10 18:10 - 2014-08-10 19:13 - 00000000 ____D () C:\ProgramData\TEMP
    2014-08-10 18:10 - 2014-08-10 18:10 - 00003448 _____ () C:\Windows\System32\Tasks\YTAUpdate
    2014-08-10 18:10 - 2014-08-10 18:10 - 00003262 _____ () C:\Windows\System32\Tasks\YTAUpdate_logon
    2014-08-10 18:09 - 2014-08-10 18:35 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
    2014-08-10 18:09 - 2014-08-10 18:09 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) C:\Windows\SysWOW64\AniGIF.ocx
    2014-08-10 18:09 - 2014-08-10 18:09 - 00000000 ____D () C:\Users\David\AppData\Local\CrashRpt
    2014-08-10 18:08 - 2014-08-10 18:08 - 00699016 _____ (CNET Download.com) C:\Users\David\Downloads\cbsidlm-cbsi213-Free_WMA_to_WAV_Converter-SEO-76116064.exe
    2014-08-10 17:46 - 2014-08-10 18:24 - 00000000 ____D () C:\Users\David\AppData\Roaming\Audacity
    2014-08-10 17:46 - 2014-08-10 17:46 - 00001015 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
    2014-08-10 17:46 - 2014-08-10 17:46 - 00000000 ____D () C:\Program Files (x86)\Audacity
    2014-08-10 17:45 - 2014-08-10 17:45 - 22180353 _____ (Audacity Team ) C:\Users\David\Downloads\audacity-win-2.0.5.exe
    2014-08-10 13:17 - 2014-08-10 18:26 - 00000000 ____D () C:\Users\David\Desktop\Water Weed Repeat
    2014-08-10 13:00 - 2014-08-10 13:01 - 06004615 _____ (Tim Kosse) C:\Users\David\Downloads\FileZilla_3.9.0.2_win32-setup.exe
    2014-08-10 10:03 - 2014-08-10 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
    2014-08-10 10:03 - 2014-08-10 10:03 - 00000000 ____D () C:\Program Files (x86)\Plex
    2014-08-10 09:32 - 2014-08-10 09:33 - 62222680 _____ (Plex, Inc.) C:\Users\David\Downloads\Plex-Media-Server-0.9.914.531-7eef8c6-en-US.exe
    2014-08-07 18:13 - 2014-08-07 18:51 - 00000000 ____D () C:\Users\David\Desktop\BBC LIFE
    2014-08-07 17:57 - 2014-08-07 18:12 - 00000000 ____D () C:\Users\David\Desktop\Portlandia Season 4 (720p)
    2014-08-07 17:56 - 2014-08-07 17:56 - 00000074 _____ () C:\Users\David\Desktop\Fennel.xml
    2014-08-03 14:05 - 2014-08-03 14:07 - 00000000 ____D () C:\Users\David\Desktop\GREWords
    2014-08-03 10:51 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2014-08-03 10:51 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2014-08-03 10:51 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2014-08-03 10:51 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2014-08-03 10:51 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2014-08-03 10:51 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2014-08-03 10:51 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2014-08-03 10:51 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2014-08-03 10:51 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2014-08-03 10:51 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2014-08-03 10:51 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2014-08-03 10:51 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2014-08-03 10:51 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2014-08-03 10:51 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2014-07-29 17:36 - 2014-08-10 19:13 - 00000000 ____D () C:\Users\David\AppData\Roaming\uTorrent
    2014-07-28 05:56 - 2014-07-28 05:56 - 05981830 _____ (Tim Kosse) C:\Users\David\Downloads\FileZilla_3.9.0.1_win32-setup.exe
    2014-07-27 16:11 - 2014-07-27 19:57 - 00146524 _____ () C:\Users\David\Desktop\Graduate School Timeline.pptx
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-08-26 18:24 - 2014-08-16 13:33 - 00017469 _____ () C:\Users\David\Desktop\FRST.txt
    2014-08-26 18:24 - 2014-08-16 13:32 - 00000000 ____D () C:\FRST
    2014-08-26 18:24 - 2013-04-21 20:59 - 00000000 ____D () C:\Users\David\AppData\Local\PMB Files
    2014-08-26 18:21 - 2014-08-26 18:21 - 00005858 _____ () C:\Users\David\Desktop\AdwCleaner[S0].txt
    2014-08-26 18:21 - 2013-06-14 13:53 - 00000000 ____D () C:\Users\David\AppData\Local\Akamai
    2014-08-26 18:20 - 2014-08-26 18:24 - 02103296 _____ (Farbar) C:\Users\David\Desktop\FRST64 (1).exe
    2014-08-26 18:20 - 2014-08-13 19:29 - 00203306 _____ () C:\Windows\PFRO.log
    2014-08-26 18:20 - 2014-08-13 17:13 - 00001288 _____ () C:\Windows\setupact.log
    2014-08-26 18:20 - 2014-02-17 11:32 - 00000000 ____D () C:\Temp
    2014-08-26 18:20 - 2013-07-19 18:21 - 00000000 ____D () C:\ProgramData\boost_interprocess
    2014-08-26 18:20 - 2013-05-11 16:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-08-26 18:20 - 2013-03-03 15:14 - 00000000 ____D () C:\Users\David\AppData\Local\Adobe
    2014-08-26 18:20 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-08-26 18:19 - 2014-08-26 18:16 - 00000000 ____D () C:\AdwCleaner
    2014-08-26 18:19 - 2013-04-23 22:20 - 01404759 _____ () C:\Windows\WindowsUpdate.log
    2014-08-26 18:18 - 2014-08-26 18:18 - 00005805 _____ () C:\Users\David\Desktop\AdwCleaner[R0].txt
    2014-08-26 18:17 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-08-26 18:14 - 2014-05-31 15:15 - 00000000 ____D () C:\Users\David\AppData\Roaming\DisplayFusion
    2014-08-26 18:13 - 2013-03-01 15:53 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-08-26 18:12 - 2014-08-26 18:14 - 01364531 _____ () C:\Users\David\Desktop\adwcleaner_3.308.exe
    2014-08-26 18:12 - 2013-04-12 22:01 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1448738595-64493416-255540935-1000UA.job
    2014-08-25 18:31 - 2009-07-13 21:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-08-25 18:31 - 2009-07-13 21:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-08-25 18:26 - 2009-07-13 21:45 - 05059920 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-08-24 18:02 - 2013-03-03 15:24 - 00000000 ____D () C:\Users\David\AppData\Roaming\vlc
    2014-08-24 17:05 - 2014-08-17 14:43 - 00053302 _____ () C:\Users\David\Desktop\attach.txt
    2014-08-24 17:05 - 2014-08-17 14:43 - 00022331 _____ () C:\Users\David\Desktop\dds.txt
    2014-08-24 16:13 - 2014-08-17 18:07 - 00000000 ____D () C:\Program Files (x86)\Age of Empires II HD The Forgotten
    2014-08-24 09:48 - 2013-04-12 22:01 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1448738595-64493416-255540935-1000Core.job
    2014-08-17 18:18 - 2014-08-17 18:18 - 00000970 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Empires II HD The Forgotten.lnk
    2014-08-17 18:18 - 2014-08-17 18:18 - 00000958 _____ () C:\Users\Public\Desktop\Age of Empires II HD The Forgotten.lnk
    2014-08-17 18:11 - 2014-08-17 18:11 - 00000000 ____D () C:\ProgramData\Steam
    2014-08-17 18:06 - 2014-08-17 18:06 - 00000000 ____D () C:\Users\David\Desktop\Age.of.Empires.II.HD.The.Forgotten-RELOADED
    2014-08-17 18:06 - 2013-03-01 18:46 - 00000000 ____D () C:\Users\David\AppData\Roaming\DAEMON Tools Lite
    2014-08-17 17:49 - 2013-03-17 16:30 - 00000000 ____D () C:\Users\David\AppData\Roaming\FileZilla
    2014-08-17 14:41 - 2014-08-17 14:42 - 00688992 ____R (Swearware) C:\Users\David\Desktop\dds.com
    2014-08-16 17:15 - 2014-08-16 17:15 - 00000000 ____D () C:\Users\David\Desktop\Aladdin.1992.1080p.BluRay.x264.anoXmous
    2014-08-16 13:35 - 2013-07-12 15:12 - 00000008 __RSH () C:\ProgramData\ntuser.pol
    2014-08-16 13:34 - 2014-08-16 13:33 - 00059409 _____ () C:\Users\David\Desktop\Addition.txt
    2014-08-16 13:34 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
    2014-08-16 13:31 - 2014-08-16 13:32 - 02101760 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
    2014-08-16 12:40 - 2014-08-16 12:45 - 00244120 _____ () C:\Users\David\Desktop\Firefox Setup Stub 31.0.exe
    2014-08-14 18:49 - 2013-03-01 15:52 - 00112288 _____ () C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-08-14 18:49 - 2013-03-01 15:40 - 00001409 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-08-13 20:06 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
    2014-08-13 19:30 - 2013-03-02 07:18 - 00000000 ____D () C:\Windows\Panther
    2014-08-13 19:29 - 2013-10-01 01:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-08-13 19:29 - 2013-10-01 01:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-08-13 19:28 - 2009-07-14 00:46 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-08-13 19:28 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2014-08-13 19:28 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
    2014-08-13 19:28 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-08-13 18:58 - 2013-03-01 18:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-08-13 18:56 - 2013-06-14 14:01 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2014-08-13 18:54 - 2014-08-13 18:50 - 00007948 _____ () C:\Windows\IE11_main.log
    2014-08-13 18:51 - 2014-08-13 18:51 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-08-13 18:51 - 2014-08-13 18:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-08-13 18:51 - 2014-08-13 18:51 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-08-13 18:51 - 2014-08-13 18:51 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-08-13 18:51 - 2014-08-13 18:51 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2014-08-13 18:51 - 2014-08-13 18:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
    2014-08-13 18:51 - 2014-08-13 18:51 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2014-08-13 18:51 - 2014-08-13 18:51 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2014-08-13 18:51 - 2014-08-13 18:51 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2014-08-13 18:51 - 2014-08-13 18:51 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2014-08-13 18:51 - 2014-08-13 18:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2014-08-13 18:51 - 2014-08-13 18:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2014-08-13 18:51 - 2014-08-13 18:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-08-13 18:50 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\System
    2014-08-13 18:50 - 2009-07-13 19:34 - 00000478 _____ () C:\Windows\win.ini
    2014-08-13 18:48 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2014-08-13 18:40 - 2013-03-18 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2014-08-13 18:39 - 2013-03-03 15:06 - 00000000 ____D () C:\ProgramData\Skype
    2014-08-13 18:36 - 2013-07-13 13:50 - 00000000 ____D () C:\Windows\system32\MRT
    2014-08-13 18:32 - 2013-03-01 17:46 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2014-08-13 18:32 - 2013-03-01 17:46 - 00001945 _____ () C:\Windows\epplauncher.mif
    2014-08-13 18:32 - 2013-03-01 17:46 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2014-08-13 18:32 - 2013-03-01 17:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
    2014-08-13 18:27 - 2013-10-01 01:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-08-13 18:21 - 2014-08-13 18:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-08-13 17:47 - 2014-08-13 17:47 - 00098576 _____ () C:\Users\David\Desktop\Extras.Txt
    2014-08-13 17:46 - 2014-08-13 17:46 - 00237036 _____ () C:\Users\David\Desktop\OTL.Txt
    2014-08-13 17:38 - 2014-08-13 17:38 - 00000000 ____D () C:\_OTL
    2014-08-13 17:37 - 2014-08-13 17:38 - 00002245 _____ () C:\Users\David\Desktop\New Text Document.txt
    2014-08-13 17:36 - 2014-08-13 17:36 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LEVIATHAN-Microsoft-Windows-7-Ultimate-(64-bit).dat
    2014-08-13 17:36 - 2014-08-13 17:36 - 00000000 ____D () C:\RegBackup
    2014-08-13 17:35 - 2014-08-13 17:35 - 00002231 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2014-08-13 17:35 - 2014-08-13 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-08-13 17:35 - 2014-08-13 17:35 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-08-13 17:33 - 2014-08-13 17:34 - 04057608 _____ () C:\Users\David\Desktop\tweaking.com_registry_backup_setup.exe
    2014-08-13 17:29 - 2014-08-13 17:33 - 00602112 _____ (OldTimer Tools) C:\Users\David\Desktop\OTL.exe
    2014-08-12 21:35 - 2014-08-12 21:35 - 00000000 _____ () C:\Windows\setuperr.log
    2014-08-12 21:30 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-08-12 21:10 - 2014-07-19 15:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-08-10 19:13 - 2014-08-10 18:10 - 00000000 ____D () C:\ProgramData\TEMP
    2014-08-10 19:13 - 2014-07-29 17:36 - 00000000 ____D () C:\Users\David\AppData\Roaming\uTorrent
    2014-08-10 19:13 - 2013-04-10 18:40 - 00000000 ____D () C:\Windows\Minidump
    2014-08-10 18:51 - 2014-08-10 18:51 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\David\Downloads\revosetup.exe
    2014-08-10 18:51 - 2014-08-10 18:51 - 00001260 _____ () C:\Users\David\Desktop\Revo Uninstaller.lnk
    2014-08-10 18:51 - 2014-08-10 18:51 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
    2014-08-10 18:46 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Globalization
    2014-08-10 18:35 - 2014-08-10 18:09 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
    2014-08-10 18:35 - 2013-05-09 19:52 - 00000815 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2014-08-10 18:26 - 2014-08-10 13:17 - 00000000 ____D () C:\Users\David\Desktop\Water Weed Repeat
    2014-08-10 18:24 - 2014-08-10 17:46 - 00000000 ____D () C:\Users\David\AppData\Roaming\Audacity
    2014-08-10 18:11 - 2014-08-10 18:11 - 00003402 _____ () C:\Windows\System32\Tasks\PastaQuotes
    2014-08-10 18:10 - 2014-08-10 18:10 - 00003448 _____ () C:\Windows\System32\Tasks\YTAUpdate
    2014-08-10 18:10 - 2014-08-10 18:10 - 00003262 _____ () C:\Windows\System32\Tasks\YTAUpdate_logon
    2014-08-10 18:09 - 2014-08-10 18:09 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) C:\Windows\SysWOW64\AniGIF.ocx
    2014-08-10 18:09 - 2014-08-10 18:09 - 00000000 ____D () C:\Users\David\AppData\Local\CrashRpt
    2014-08-10 18:08 - 2014-08-10 18:08 - 00699016 _____ (CNET Download.com) C:\Users\David\Downloads\cbsidlm-cbsi213-Free_WMA_to_WAV_Converter-SEO-76116064.exe
    2014-08-10 17:46 - 2014-08-10 17:46 - 00001015 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
    2014-08-10 17:46 - 2014-08-10 17:46 - 00000000 ____D () C:\Program Files (x86)\Audacity
    2014-08-10 17:45 - 2014-08-10 17:45 - 22180353 _____ (Audacity Team ) C:\Users\David\Downloads\audacity-win-2.0.5.exe
    2014-08-10 13:01 - 2014-08-10 13:00 - 06004615 _____ (Tim Kosse) C:\Users\David\Downloads\FileZilla_3.9.0.2_win32-setup.exe
    2014-08-10 13:00 - 2013-04-21 20:59 - 00000000 ____D () C:\ProgramData\PMB Files
    2014-08-10 10:06 - 2013-03-03 20:11 - 00000072 _____ () C:\Users\Public\LMDebug.log
    2014-08-10 10:03 - 2014-08-10 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
    2014-08-10 10:03 - 2014-08-10 10:03 - 00000000 ____D () C:\Program Files (x86)\Plex
    2014-08-10 10:03 - 2013-12-24 10:35 - 00000000 ____D () C:\ProgramData\Package Cache
    2014-08-10 09:33 - 2014-08-10 09:32 - 62222680 _____ (Plex, Inc.) C:\Users\David\Downloads\Plex-Media-Server-0.9.914.531-7eef8c6-en-US.exe
    2014-08-07 18:51 - 2014-08-07 18:13 - 00000000 ____D () C:\Users\David\Desktop\BBC LIFE
    2014-08-07 18:15 - 2013-04-17 09:11 - 00000600 _____ () C:\Users\David\AppData\Local\PUTTY.RND
    2014-08-07 18:12 - 2014-08-07 17:57 - 00000000 ____D () C:\Users\David\Desktop\Portlandia Season 4 (720p)
    2014-08-07 17:56 - 2014-08-07 17:56 - 00000074 _____ () C:\Users\David\Desktop\Fennel.xml
    2014-08-06 19:06 - 2014-08-13 18:18 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-08-06 19:01 - 2014-08-13 18:18 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-08-03 14:23 - 2013-03-12 18:52 - 00000000 ____D () C:\Users\David\AppData\Roaming\CodeBlocks
    2014-08-03 14:07 - 2014-08-03 14:05 - 00000000 ____D () C:\Users\David\Desktop\GREWords
    2014-07-31 23:41 - 2013-03-01 16:45 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-07-28 05:56 - 2014-07-28 05:56 - 05981830 _____ (Tim Kosse) C:\Users\David\Downloads\FileZilla_3.9.0.1_win32-setup.exe
    2014-07-27 19:57 - 2014-07-27 16:11 - 00146524 _____ () C:\Users\David\Desktop\Graduate School Timeline.pptx
    2014-07-27 17:29 - 2014-07-20 13:44 - 00000000 ____D () C:\Users\David\Desktop\Tattoo
     
    Files to move or delete:
    ====================
    C:\Users\David\jagex_cl_runescape_LIVE.dat
    C:\Users\David\random.dat
     
     
    Some content of TEMP:
    ====================
    C:\Users\David\AppData\Local\Temp\Quarantine.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2014-08-17 11:18
     
    ==================== End Of Log ============================
     

    Attached Files



    #6 nasdaq

    nasdaq

    • Malware Response Team
    • 38,242 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:11:16 PM

    Posted 27 August 2014 - 08:56 AM


    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

    start
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [AdobeBridge] => [X]
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    R3 ALSysIO; \??\C:\Users\David\AppData\Local\Temp\ALSysIO64.sys [X]
    S3 gdrv; \??\C:\Windows\gdrv.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
    
    End
    
    Save the files as fixlist.txt into the same folder as FRST

    Run FRST and click Fix only once and wait.

    Restart the computer normally to reset the registry.

    The tool will create a log (Fixlog.txt) please post it to your reply.
    ===

    Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.

    If the site is busy or not available use this mirror site:
    http://www.bleepingcomputer.com/download/securitycheck/
    ===

    How is the computer running now?

    #7 SpreadableFruit

    SpreadableFruit
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Local time:09:16 PM

    Posted 27 August 2014 - 08:39 PM

    Still the same problems.

     

    Fixlog.txt:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-08-2014
    Ran by David at 2014-08-27 18:31:42 Run:2
    Running from C:\Users\David\Desktop
    Boot Mode: Normal
    ==============================================
     
    Content of fixlist:
    *****************
    start
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [AdobeBridge] => [X]
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    R3 ALSysIO; \??\C:\Users\David\AppData\Local\Temp\ALSysIO64.sys [X]
    S3 gdrv; \??\C:\Windows\gdrv.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
     
    End
    *****************
     
    "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
    HKU\S-1-5-21-1448738595-64493416-255540935-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
    "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
    ALSysIO => Service stopped successfully.
    ALSysIO => Service deleted successfully.
    gdrv => Service deleted successfully.
    Synth3dVsc => Service deleted successfully.
    tsusbhub => Service deleted successfully.
    C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
     
    ==== End of Fixlog ====
     
    checkup.txt:

     Results of screen317's Security Check version 0.99.87  
     Windows 7 Service Pack 1 x64 (UAC is enabled)  
     Internet Explorer 11  
    ``````````````Antivirus/Firewall Check:`````````````` 
     Windows Firewall Enabled!  
    Microsoft Security Essentials   
     Antivirus up to date!  
    `````````Anti-malware/Other Utilities Check:````````` 
     Spybot - Search & Destroy 
     Adobe Reader XI  
     Mozilla Firefox 20.0.1 Firefox out of Date!  
     Google Chrome 35.0.1916.153  
     Google Chrome 36.0.1985.125  
    ````````Process Check: objlist.exe by Laurent````````  
     Microsoft Security Essentials MSMpEng.exe 
     Microsoft Security Essentials msseces.exe 
     Spybot Teatimer.exe is disabled! 
    `````````````````System Health check````````````````` 
     Total Fragmentation on Drive C: 36% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log`````````````````````` 
     
     
    Thanks!


    #8 nasdaq

    nasdaq

    • Malware Response Team
    • 38,242 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:11:16 PM

    Posted 28 August 2014 - 07:22 AM

    Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    IMPORTANT....

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Do not install any other programs until this if fixed.


    How to : Disable Anti-virus and Firewall...
    http://www.bleepingcomputer.com/forums/topic114351.html

    Double click on ComboFix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt
    Note:
    Do not mouse click ComboFix's window while it's running. That may cause it to stall


    Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ==============

    #9 SpreadableFruit

    SpreadableFruit
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Local time:09:16 PM

    Posted 28 August 2014 - 07:47 PM

    COmboFix Log:

     

    ComboFix 14-08-28.01 - David 08/28/2014  17:40:40.1.8 - x64
    Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8160.6471 [GMT -7:00]
    Running from: c:\users\David\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     * Created a new restore point
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\David\AppData\Roaming\PinkVisual_EN_signed.exe
    c:\windows\wininit.ini
    .
    .
    (((((((((((((((((((((((((   Files Created from 2014-07-28 to 2014-08-29  )))))))))))))))))))))))))))))))
    .
    .
    2014-08-29 00:43 . 2014-08-29 00:43 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-08-29 00:43 . 2014-08-29 00:43 -------- d-----w- c:\users\Blaire\AppData\Local\temp
    2014-08-28 14:35 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D04B80D2-769C-4E11-936B-887A12A6B397}\mpengine.dll
    2014-08-27 01:45 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-08-27 01:16 . 2014-08-27 01:19 -------- d-----w- C:\AdwCleaner
    2014-08-20 03:25 . 2014-08-20 03:24 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34916703-4F2F-4A73-894F-7AF570C60CFE}\gapaengine.dll
    2014-08-18 01:14 . 2013-11-07 18:31 642052 ----a-r- c:\program files (x86)\steam_api.dll
    2014-08-18 01:11 . 2014-08-18 01:11 -------- d-----w- c:\programdata\Steam
    2014-08-18 01:07 . 2014-08-28 02:57 -------- d-----w- c:\program files (x86)\Age of Empires II HD The Forgotten
    2014-08-16 20:32 . 2014-08-28 01:31 -------- d-----w- C:\FRST
    2014-08-14 01:55 . 2014-08-14 01:55 -------- d-----w- c:\windows\Migration
    2014-08-14 01:54 . 2013-10-15 01:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
    2014-08-14 01:48 . 2014-08-14 01:48 -------- d-----w- c:\program files\Microsoft.NET
    2014-08-14 01:22 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
    2014-08-14 01:22 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
    2014-08-14 01:22 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
    2014-08-14 01:22 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
    2014-08-14 01:22 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
    2014-08-14 01:22 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
    2014-08-14 01:22 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
    2014-08-14 01:22 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
    2014-08-14 01:20 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-08-14 01:19 . 2014-03-26 14:44 2002432 ----a-w- c:\windows\system32\msxml6.dll
    2014-08-14 01:18 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
    2014-08-14 01:18 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
    2014-08-14 00:38 . 2014-08-14 00:38 -------- d-----w- C:\_OTL
    2014-08-14 00:36 . 2014-08-14 00:36 -------- d-----w- C:\RegBackup
    2014-08-14 00:35 . 2014-08-14 00:35 -------- d-----w- c:\program files (x86)\Tweaking.com
    2014-08-11 01:51 . 2014-08-11 01:51 -------- d-----w- c:\program files (x86)\VS Revo Group
    2014-08-11 01:09 . 2014-08-11 01:35 -------- d-----w- c:\program files\Common Files\Goobzo
    2014-08-11 01:09 . 2014-08-11 01:09 172032 ----a-w- c:\windows\SysWow64\AniGIF.ocx
    2014-08-11 01:09 . 2014-08-11 01:09 -------- d-----w- c:\users\David\AppData\Local\CrashRpt
    2014-08-11 00:46 . 2014-08-11 01:24 -------- d-----w- c:\users\David\AppData\Roaming\Audacity
    2014-08-11 00:46 . 2014-08-11 00:46 -------- d-----w- c:\program files (x86)\Audacity
    2014-08-10 17:03 . 2014-08-10 17:03 -------- d-----w- c:\program files (x86)\Plex
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-08-13 04:10 . 2014-07-19 22:52 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-08-01 06:41 . 2013-03-01 23:45 99218768 ----a-w- c:\windows\system32\MRT.exe
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown 
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2014-07-27 18:45 1730256 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2014-07-27 18:45 1730256 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2014-07-27 18:45 1730256 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "F.lux"="c:\users\David\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
    "DAEMON Tools Lite"="e:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-04-22 4288048]
    "Akamai NetSession Interface"="c:\users\David\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
    "DisplayFusion"="e:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2009-12-09 645296]
    "Plex Media Server"="c:\program files (x86)\Plex\Plex Media Server\Plex Media Server.exe" [2014-08-02 4525192]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-03 43816]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "QuickTime Task"="e:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
    "iTunesHelper"="e:\program files (x86)\iTunes\iTunesHelper.exe" [2014-07-08 152392]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;e:\program files (x86)\Skype\Updater\Updater.exe;e:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
    R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan620.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan620.sys [x]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
    S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
    S2 bckd;bckd;c:\windows\system32\drivers\bckd.sys;c:\windows\SYSNATIVE\drivers\bckd.sys [x]
    S2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [x]
    S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
    S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
    S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
    S3 ALSysIO;ALSysIO;c:\users\David\AppData\Local\Temp\ALSysIO64.sys;c:\users\David\AppData\Local\Temp\ALSysIO64.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
    S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ALSYSIO
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-07-19 16:17 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-01 22:53]
    .
    2014-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-01 22:53]
    .
    2014-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1448738595-64493416-255540935-1000Core.job
    - c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-13 22:53]
    .
    2014-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1448738595-64493416-255540935-1000UA.job
    - c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-13 22:53]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2014-07-27 18:41 2335960 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2014-07-27 18:41 2335960 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2014-07-27 18:41 2335960 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
    "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;<local>;192.168.*.*
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office15\ONBttnIE.dll/105
    Trusted Zone: samsungsetup.com\www
    TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    TCP: Interfaces\{D79E8759-39D9-419B-9836-7274A5DBA2FF}: NameServer = 208.67.222.222,208.67.220.220
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
    FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tea8k4sz.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    AddRemove-Flash Player Pro_is1 - c:\program files (x86)\Flash Player Pro\unins000.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-08-28  17:45:12
    ComboFix-quarantined-files.txt  2014-08-29 00:45
    .
    Pre-Run: 16,266,063,872 bytes free
    Post-Run: 15,649,107,968 bytes free
    .
    - - End Of File - - AA251E00BEA891F8431CC5C363313E36
    A36C5E4F47E84449FF07ED3517B43A31


    #10 nasdaq

    nasdaq

    • Malware Response Team
    • 38,242 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:11:16 PM

    Posted 29 August 2014 - 07:25 AM

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2


    If your operating system is 64 bit download this tool:
    SystemLook_x64.exe
    • Double-click SystemLook.exe
    • to run it.
    • Copy and paste the content
    • of the following bold text into the main textfield:
      :reg
      HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings /sub
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    • Note: The log can also be found on your Desktop entitled SystemLook.txt.


    #11 SpreadableFruit

    SpreadableFruit
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Local time:09:16 PM

    Posted 29 August 2014 - 07:05 PM

    SystemLook.txt:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 17:04 on 29/08/2014 by David
    Administrator - Elevation successful
     
    ========== reg ==========
     
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxySettingsPerUser"= 0x0000000000 (0)
     
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]
    (No values found)
     
     
    -= EOF =-


    #12 nasdaq

    nasdaq

    • Malware Response Team
    • 38,242 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:11:16 PM

    Posted 30 August 2014 - 06:56 AM


    ; Purpose: Remove traces in the registry.
    ;
    ; Instructions: Copy and paste this text IN BOLD into a text editor such as Notepad.
    ;
    ; Save this text as Fix.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxySettingsPerUser"=-



    ; Double-click on Fix.reg. When it asks you to merge the information to the registry click Yes.

    On a Vista or Windows 7 operating system, right click the Fix.reg and run as Administrator.

    Restart the computer normally.

    Delete the Fix.reg file when done.

    How is it now?

    #13 SpreadableFruit

    SpreadableFruit
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Local time:09:16 PM

    Posted 01 September 2014 - 03:46 PM

    It works!

     

    Thank you for all your help, local repair shop wanted $100!



    #14 nasdaq

    nasdaq

    • Malware Response Team
    • 38,242 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:11:16 PM

    Posted 02 September 2014 - 07:03 AM

    If all is well.

    To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
    http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
    ===

    #15 nasdaq

    nasdaq

    • Malware Response Team
    • 38,242 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:11:16 PM

    Posted 08 September 2014 - 07:21 AM

    It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users