Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer is sending out spam emails


  • Please log in to reply
19 replies to this topic

#1 Squeakmail

Squeakmail

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 31 August 2014 - 07:11 AM

For several weeks, my email address has been receiving bounce messages indicating that I am sending out spam.  My IP address has also been blacklisted.

 

I have run Microsoft Security Essentials, Spybot and AntiMalwareBytes, and AMB has identified (and quarantined) several Trojan programs.  However, the spam bounce messages keep coming from time to time and I think I have a virus which is well hidden from my usual tools.

 

Please can someone kindly help identify and remove any malware from my machine which may be responsible?

 

Many thanks.

 

Squeakmail.

=^..^=

 

============================================

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17239
Run by Paul at 7:52:18 on 2014-08-31
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.16383.11673 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\VPDAgent_x64.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\WTouch\WTouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Windows Home Server\esClient.exe
C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Process Lasso\processgovernor.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Program Files\Process Lasso\processlasso.exe
C:\Program Files (x86)\ASUS\EPU\EPU.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Program Files\Eraser\Eraser.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Paul\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Brother\BPRSP\resources\BrSupSsp.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe
c:\program files (x86)\teamviewer\version9\TeamViewer_Desktop.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://portcanaveralwebcam.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uURLSearchHooks: {38542454-dfb6-44f5-b052-d4e071a3d073} - <orphaned>
uURLSearchHooks: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - <orphaned>
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - <orphaned>
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: {9A065C65-4EE7-4DDD-9918-F129089A894A} - <orphaned>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [googletalk] C:\Users\Paul\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [Google Update] "C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [Facebook Update] "C:\Users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [GoogleChromeAutoLaunch_29EBA8C2ED1206321A8B41FC997F63B8] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
uRunOnce: [Application Restart #6] C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe" "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe" "C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe" 
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SE61T-UserTools] C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe /s
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [BrHelp] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN
StartupFolder: C:\Users\Paul\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Paul\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BROTHE~1.LNK - C:\Windows\Installer\{8040527F-DD74-4B45-8A06-C4BF145B6C76}\BrSupSsp.exe_44686FC076524EF5975EF92EE48E2958.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINDOW~1.LNK - C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://download.tsa.dhs.gov/fssa/training/ScriptX.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.2
TCP: Interfaces\{C287C9AF-55EA-44B3-B7E5-6DCA969FB887} : DHCPNameServer = 192.168.1.2
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Expat Shield Class: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - 
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: BrowserHelper Class: {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
x64-TB: Home Server Banner: {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 192.168.1.193 SERVER #Windows Home Server#
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\yrko6ynf.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Winamp Detect\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Paul\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Paul\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\yrko6ynf.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\yrko6ynf.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\yrko6ynf.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
FF - ExtSQL: !HIDDEN! 2012-03-11 21:09; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R2 Agent;VPDAgent;C:\Windows\VPDAgent_x64.exe [2012-9-23 148480]
R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 231280]
R2 esClient;Windows Media Center Client Service;C:\Program Files\Windows Home Server\esClient.exe [2011-1-10 109936]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2013-2-11 98304]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-6-7 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2013-4-30 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-6-27 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbamscheduler.exe [2014-8-29 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbamservice.exe [2014-8-29 860472]
R2 Neat Startup Service;Neat Startup Service;C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [2012-12-7 6144]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2011-8-2 145256]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-1-7 1153368]
R2 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2010-1-8 5556520]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-3-16 5052224]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-8-27 93072]
R2 WHSConnector;Windows Home Server Connector Service;C:\Program Files\Windows Home Server\WHSConnector.exe [2011-1-10 489840]
R2 WTouchService;WTouch Service;C:\Program Files\WTouch\WTouchService.exe [2010-1-8 127784]
R3 BackupReader;BackupReader;C:\Windows\System32\drivers\BackupReader.sys [2009-10-7 53096]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2014-1-14 282112]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2013-2-11 3735552]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-8-29 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-8-29 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-8-29 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2006-9-26 29984]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-1-6 1207808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-14 111616]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-6-17 74256]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-6-17 13328]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-17 19456]
S3 SaiH0461;SaiH0461;C:\Windows\System32\drivers\SaiH0461.sys [2008-3-26 178432]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-17 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-10-16 50176]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-1-24 18216]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-1 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-08-31 06:30:02 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3621F477-BE6B-456E-A3E6-EABFAA70FCB4}\offreg.dll
2014-08-31 06:28:29 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3621F477-BE6B-456E-A3E6-EABFAA70FCB4}\mpengine.dll
2014-08-31 01:33:59 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-30 14:25:39 -------- d-----w- C:\Users\Paul\AppData\Local\Adobe
2014-08-30 01:37:50 1169712 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BA4E2CC-EABD-4DEE-994A-0C53A059EFCF}\gapaengine.dll
2014-08-29 23:43:46 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-29 23:43:24 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-29 23:43:24 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-29 23:43:24 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-08-28 13:56:11 -------- d-----w- C:\Users\Paul\AppData\Roaming\NCH Software
2014-08-28 13:55:53 -------- d-----w- C:\Program Files (x86)\NCH Software
2014-08-28 11:48:33 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-28 11:48:33 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-28 11:48:33 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-20 18:26:50 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2014-08-15 07:04:49 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-15 07:04:49 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-15 07:04:49 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-15 07:04:49 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-15 07:04:47 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-15 07:04:47 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-15 07:04:23 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-15 07:04:23 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-14 10:33:06 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-08-14 10:33:06 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-08-14 10:33:06 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-08-14 10:33:06 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-08-14 10:32:39 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-14 10:32:39 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-08-14 10:31:33 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-08-14 10:31:32 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-08-14 10:31:32 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-08-14 10:31:31 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-08-14 10:31:31 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-08-14 10:31:31 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-08-14 10:31:31 112064 ----a-w- C:\Windows\System32\consent.exe
2014-08-14 10:31:23 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-08-14 10:29:58 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-08-14 10:29:57 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-08-14 10:29:55 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-14 10:29:53 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-03 09:53:47 188304 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-08-03 09:53:47 188304 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-08-02 09:18:11 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-02 09:17:35 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-02 09:17:35 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-02 09:16:51 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-02 09:16:51 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-02 09:16:51 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-02 09:16:51 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
.
==================== Find3M  ====================
.
2014-08-29 09:56:24 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-29 09:56:24 699568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-19 10:16:00 92488 ----a-w- C:\Windows\System32\LMIinit.dll
2014-07-19 10:16:00 35656 ----a-w- C:\Windows\System32\LMIport.dll
2014-07-19 10:16:00 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-07 10:15:53 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2008-04-14 04:30:00 554008 ----a-w- C:\Program Files (x86)\Common Files\dao360.dll
.
============= FINISH:  7:53:41.68 ===============
 
 
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:18 AM

Posted 03 September 2014 - 09:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Nothing suspicious was found on your DDS log.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 Squeakmail

Squeakmail
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 03 September 2014 - 12:47 PM

Further to my original post I have obtained further information about the possible infection from http://cbl.abuseat.org/

 

The information is that my IP address is blacklisted due to an infection as follows:

 

IP Address xx.xx.xxx.xx is listed in the CBL. It appears to be infected with a spam sending trojan, proxy or some other form of botnet.

It was last detected at 2014-08-29 14:00 GMT (+/- 30 minutes), approximately 5 days, 1 hours, 59 minutes ago.

This IP is infected (or NATting for a computer that is infected) with the gamut spambot. In other words, it's participating in a botnet. 

 

My next posts will contain the logfiles you have requested.

 

Thanks



#4 Squeakmail

Squeakmail
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 03 September 2014 - 12:48 PM

This log was produced after using the "Clean" option in AdwCleaner
 
=======================================================
 
# AdwCleaner v3.309 - Report created 03/09/2014 at 13:29:44
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Paul - DEEPTHOUGHT7
# Running from : C:\Users\Paul\Downloads\adwcleaner_3.309.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[x] Not Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Uniblue
Folder Deleted : C:\ProgramData\wxDfast
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
Folder Deleted : C:\Program Files (x86)\jZip
[x] Not Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Paul\AppData\Local\jZip
Folder Deleted : C:\Users\Paul\AppData\Local\PackageAware
Folder Deleted : C:\Users\Paul\AppData\Local\Temp\jZip
Folder Deleted : C:\Users\Paul\AppData\LocalLow\jZip
Folder Deleted : C:\Users\Paul\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Paul\AppData\LocalLow\wxDfast
Folder Deleted : C:\Users\Paul\AppData\Roaming\GrabPro
[x] Not Deleted : C:\Users\Paul\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Paul\Documents\Updater
Folder Deleted : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
File Deleted : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage
File Deleted : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\jZip.file
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2857572
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_morphvox-voice-changer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_morphvox-voice-changer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F5A29F21-B121-48A0-A317-737AF8BB106A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\jZip
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Mozilla Firefox v31.0 (x86 en-US)
 
[ File : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\yrko6ynf.default\prefs.js ]
 
Line Deleted : user_pref("extensions.504528b2bcbdd.scode", "(function(){try{if('aol.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,search.gboxapp.com,search.sweetim.com'.indexO[...]
 
-\\ Google Chrome v37.0.2062.102
 
[ File : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
 
*************************
 
AdwCleaner[R0].txt - [9786 octets] - [03/09/2014 11:18:33]
AdwCleaner[S0].txt - [9433 octets] - [03/09/2014 13:29:44]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9493 octets] ##########


#5 Squeakmail

Squeakmail
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 03 September 2014 - 12:53 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Paul (administrator) on DEEPTHOUGHT7 on 03-09-2014 10:59:42
Running from C:\Users\Paul\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Two Pilots) C:\Windows\VPDAgent_x64.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\esClient.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchUser.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessLasso.exe
() C:\Program Files (x86)\ASUS\EPU\EPU.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Malwarebytes Corporation) C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbamservice.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbam.exe
(Google) C:\Users\Paul\AppData\Roaming\Google\Google Talk\googletalk.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
() C:\Brother\BPRSP\resources\BrSupSsp.exe
(Google) C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSTrayApp.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
(TODO: <公司名>) C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(RealVNC Ltd.) C:\Program Files\RealVNC\VNC4\winvnc4.exe
(RealVNC Ltd.) C:\Program Files\RealVNC\VNC4\winvnc4.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Wacom Technology, Corp.) C:\Windows\System32\WTablet\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSConnector.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980368 2010-11-04] (The Eraser Project)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2328944 2011-01-07] (Microsoft Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-04-30] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2171904 2009-06-05] (VIA)
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [316864 2010-04-09] (Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [734544 2011-03-21] (ecareme)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [SE61T-UserTools] => C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe [754176 2013-10-08] (TODO: <公司名>)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2097203814-2351554573-2363596944-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2097203814-2351554573-2363596944-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-07] (Google Inc.)
HKU\S-1-5-21-2097203814-2351554573-2363596944-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-09-16] (Hewlett-Packard Company)
HKU\S-1-5-21-2097203814-2351554573-2363596944-1000\...\Run: [] => [X]
HKU\S-1-5-21-2097203814-2351554573-2363596944-1000\...\Run: [googletalk] => C:\Users\Paul\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\S-1-5-21-2097203814-2351554573-2363596944-1000\...\Run: [Google Update] => C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-06-01] (Google Inc.)
HKU\S-1-5-21-2097203814-2351554573-2363596944-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-2097203814-2351554573-2363596944-1000\...\Run: [Facebook Update] => "C:\Users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-2097203814-2351554573-2363596944-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-2097203814-2351554573-2363596944-1000\...\Run: [GoogleChromeAutoLaunch_29EBA8C2ED1206321A8B41FC997F63B8] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-08-28] (Google Inc.)
HKU\S-1-5-21-2097203814-2351554573-2363596944-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [4525192 2014-08-01] (Plex, Inc.)
HKU\S-1-5-21-2097203814-2351554573-2363596944-1000\...\RunOnce: [Application Restart #6] => C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe [383488 2009-07-13] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Brother BPRSP.lnk
ShortcutTarget: Brother BPRSP.lnk -> C:\Windows\Installer\{8040527F-DD74-4B45-8A06-C4BF145B6C76}\BrSupSsp.exe_44686FC076524EF5975EF92EE48E2958.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Home Server.lnk
ShortcutTarget: Windows Home Server.lnk -> C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe (Microsoft Corporation)
Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x10273D4629C9CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portcanaveralwebcam.com/
URLSearchHook: HKCU - (No Name) - {38542454-dfb6-44f5-b052-d4e071a3d073} - No File
URLSearchHook: HKCU - (No Name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No File
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Expat Shield Class -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -> C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll No File
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: BrowserHelper Class -> {9A065C65-4EE7-4DDD-9918-F129089A894A} -> C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: No Name -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} ->  No File
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: No Name -> {9A065C65-4EE7-4DDD-9918-F129089A894A} ->  No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {38542454-DFB6-44F5-B052-D4E071A3D073} -  No File
Toolbar: HKCU - No Name - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} -  No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {1663ed61-23eb-11d2-b92f-008048fdd814} http://download.tsa.dhs.gov/fssa/training/ScriptX.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\SysWOW64\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 02 C:\Windows\SysWOW64\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 03 C:\Windows\SysWOW64\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 04 C:\Windows\SysWOW64\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 05 C:\Windows\SysWOW64\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 06 C:\Windows\SysWOW64\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 17 C:\Windows\SysWOW64\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 18 C:\Windows\SysWOW64\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 05 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 06 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 17 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 18 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.2
 
FireFox:
========
FF ProfilePath: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\yrko6ynf.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @pack.google.com/Google Updater;version=14 -> C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.652 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.652 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Paul\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Paul\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Paul\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Paul\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Paul\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: DoNotTrackMe - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\yrko6ynf.default\Extensions\donottrackplus@abine.com [2013-08-14]
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\yrko6ynf.default\Extensions\LogMeInClient@logmein.com [2014-06-06]
FF Extension: HP Detect - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\yrko6ynf.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012-03-11]
FF Extension: Image Zoom - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\yrko6ynf.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2012-02-26]
FF Extension: Adblock Plus - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\yrko6ynf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-27]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-07-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-07-30]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [remotemode@splashtop.com] - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\FFExtensions
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-04-05]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSearchKeyword: Default -> 588AA6E11E5D6ADBEBF150F45D01776533698C9638EDA874EC1003DDD8127249
CHR DefaultSearchURL: Default -> C0FB108BC5490A2B379CFA272E43D9D1D92D5889E1D1765031748014217DFF74
CHR Profile: C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (myPlex Queue Extension) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\agmheakklldmclgmkfnncddgkiibboil [2013-12-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2014-06-09]
CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2013-12-20]
CHR Extension: (AdBlock) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-20]
CHR Extension: (Hola Better Internet) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-12-20]
CHR Extension: (Plurk Photo Zoom) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lffpdnmhiadlpbogklmmonldaamfdhel [2013-12-20]
CHR Extension: (Skype Click to Call) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-05]
CHR Extension: (Google Wallet) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-01-29]
CHR HKLM-x32\...\Chrome\Extension: [hfipdpoldodbmfmfkfjfofnefkggdfnb] - C:\ProgramData\wxDfast\hfipdpoldodbmfmfkfjfofnefkggdfnb.crx []
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-09-17] (Adobe Systems) [File not signed]
R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2012-09-06] (Two Pilots) [File not signed]
R2 arXfrSvc; C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [231280 2011-01-10] (Microsoft Corporation)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 esClient; C:\Program Files\Windows Home Server\esClient.exe [109936 2011-01-10] (Microsoft Corporation)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-09-16] (Hewlett-Packard Company) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-07-19] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-07-19] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [6144 2012-12-07] (The Neat Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [918976 2010-04-16] (Cyber Power Systems, Inc.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 WHSConnector; C:\Program Files\Windows Home Server\WHSConnector.exe [489840 2011-01-10] (Microsoft Corporation)
R2 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2031984 2009-07-25] (RealVNC Ltd.)
R2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [127784 2009-11-23] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-17] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-13] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 SaiH0461; C:\Windows\System32\DRIVERS\SaiH0461.sys [178432 2008-03-26] (Saitek)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-10-14] () [File not signed]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-03 10:59 - 2014-09-03 11:00 - 00041124 _____ () C:\Users\Paul\Downloads\FRST.txt
2014-09-03 10:59 - 2014-09-03 10:59 - 00000000 ____D () C:\FRST
2014-09-03 10:58 - 2014-09-03 10:59 - 02104832 _____ (Farbar) C:\Users\Paul\Downloads\FRST64 (1).exe
2014-09-03 10:58 - 2014-09-03 10:58 - 02104832 _____ (Farbar) C:\Users\Paul\Downloads\FRST64.exe
2014-09-03 10:57 - 2014-09-03 10:57 - 01370467 _____ () C:\Users\Paul\Downloads\adwcleaner_3.309.exe
2014-09-03 07:57 - 2014-09-03 07:57 - 00002670 _____ () C:\Users\Paul\Desktop\Rod reply.txt
2014-09-02 13:48 - 2014-09-02 13:48 - 00007909 _____ () C:\Users\Paul\Desktop\SunTrust Online chat.txt
2014-09-02 12:49 - 2014-09-02 12:49 - 00004001 _____ () C:\Users\Paul\Downloads\How To Market And Sell Family Vacations.ics
2014-09-02 09:53 - 2014-09-02 09:53 - 00000523 _____ () C:\Users\Paul\Downloads\EventCalendarServlet (2).ics
2014-09-02 08:19 - 2014-09-02 08:19 - 00000545 _____ () C:\Users\Paul\Downloads\1041663 (1).ics
2014-09-02 08:16 - 2014-09-02 08:16 - 00000499 _____ () C:\Users\Paul\Downloads\1041634 (1).ics
2014-08-31 09:13 - 2014-08-31 09:13 - 01096192 _____ (Farbar) C:\Users\Paul\Downloads\FRST.exe
2014-08-31 07:53 - 2014-08-31 07:54 - 00038250 _____ () C:\Users\Paul\Desktop\dds.txt
2014-08-31 07:53 - 2014-08-31 07:54 - 00015629 _____ () C:\Users\Paul\Desktop\attach.txt
2014-08-31 07:50 - 2014-08-31 07:50 - 00688992 ____R (Swearware) C:\Users\Paul\Downloads\dds.com
2014-08-30 10:25 - 2014-08-30 10:25 - 00000000 ____D () C:\Users\Paul\AppData\Local\Adobe
2014-08-30 08:31 - 2014-09-01 21:36 - 00000000 ____D () C:\Users\Paul\Desktop\Alaska
2014-08-29 19:43 - 2014-09-03 09:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-29 19:43 - 2014-08-29 19:43 - 00001146 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-29 19:43 - 2014-08-29 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-29 19:43 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-29 19:43 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-29 19:43 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-29 19:39 - 2014-08-29 19:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Paul\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-29 19:29 - 2014-08-29 19:29 - 00003773 _____ () C:\Users\Paul\Desktop\2 of 17.txt
2014-08-28 12:30 - 2014-08-28 12:30 - 03200514 _____ () C:\Users\Paul\Desktop\AttendeeViewerImage006.bmp
2014-08-28 11:27 - 2014-08-28 11:28 - 00000000 ____D () C:\Users\Paul\Desktop\Video Project
2014-08-28 10:29 - 2014-08-28 10:29 - 00000000 ____D () C:\Users\Paul\Documents\VideoPad Projects
2014-08-28 10:07 - 2014-08-28 10:07 - 15865542 _____ () C:\Users\Paul\Downloads\Video Project.zip
2014-08-28 09:56 - 2014-08-28 13:57 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-08-28 09:56 - 2014-08-28 13:56 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\NCH Software
2014-08-28 09:56 - 2014-08-28 09:56 - 00001246 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn Disc Burning Software.lnk
2014-08-28 09:56 - 2014-08-28 09:56 - 00001226 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoStage Slideshow Producer.lnk
2014-08-28 09:56 - 2014-08-28 09:56 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
2014-08-28 09:56 - 2014-08-28 09:56 - 00001162 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
2014-08-28 09:56 - 2014-08-28 09:56 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-08-28 09:55 - 2014-08-28 13:56 - 00000000 ____D () C:\ProgramData\NCH Software
2014-08-28 09:55 - 2014-08-28 09:56 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-08-28 09:55 - 2014-08-28 09:55 - 04802104 _____ (NCH Software) C:\Users\Paul\Downloads\vppsetup.exe
2014-08-28 09:55 - 2014-08-28 09:55 - 00001190 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2014-08-28 09:55 - 2014-08-28 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-08-28 09:33 - 2014-08-28 09:33 - 00001519 _____ () C:\Users\Paul\Downloads\webinar (24).ics
2014-08-28 07:48 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 07:48 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 07:48 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 19:06 - 2014-08-26 19:06 - 00000499 _____ () C:\Users\Paul\Downloads\1041634.ics
2014-08-26 12:14 - 2014-08-26 12:14 - 00000513 _____ () C:\Users\Paul\Downloads\EventCalendarServlet (1).ics
2014-08-26 11:02 - 2014-08-26 11:03 - 104791498 _____ () C:\Users\Paul\Downloads\Carnival Inspiration.avi
2014-08-22 20:37 - 2014-08-22 20:38 - 01364036 _____ () C:\Users\Paul\Downloads\Norwegian Jewel Package Promotion Terms & Conditions.xlsx
2014-08-22 20:37 - 2014-08-22 20:38 - 01363132 _____ () C:\Users\Paul\Downloads\Norwegian Getaway Package Promotion Terms & Conditions.xlsx
2014-08-22 20:37 - 2014-08-22 20:37 - 01367889 _____ () C:\Users\Paul\Downloads\Norwegian Breakaway Package Promotion Terms & Conditions.xlsx
2014-08-22 20:37 - 2014-08-22 20:37 - 01364085 _____ () C:\Users\Paul\Downloads\Hawaii Package Promotion Terms & Conditions.xlsx
2014-08-22 20:35 - 2014-08-22 20:35 - 00018276 _____ () C:\Users\Paul\Downloads\Getaway Upgrades Now-9-30 Terms & Conditions.xlsx
2014-08-22 20:34 - 2014-08-22 20:34 - 00091136 _____ () C:\Users\Paul\Downloads\All Inclusive Promotion 8-4-9-30 Terms & Conditions.xls
2014-08-22 20:32 - 2014-08-22 20:32 - 00036352 _____ () C:\Users\Paul\Downloads\Freestyle Dash 8-25-8-29 Terms & Conditions.xls
2014-08-21 19:15 - 2014-08-21 19:16 - 71178502 _____ () C:\Users\Paul\Downloads\gapps-KatKiss-4.4.4_20140720.zip
2014-08-21 19:10 - 2014-08-21 19:12 - 171506478 _____ () C:\Users\Paul\Desktop\KatKiss-4.4.4_032b.zip
2014-08-21 18:28 - 2014-08-21 18:41 - 00000000 ____D () C:\Users\Paul\Desktop\ASUS
2014-08-21 15:34 - 2014-08-21 15:34 - 04770954 _____ () C:\Users\Paul\Desktop\AttendeeViewerImage002.bmp
2014-08-21 15:29 - 2014-08-21 15:29 - 04770954 _____ () C:\Users\Paul\Desktop\AttendeeViewerImage001.bmp
2014-08-21 10:57 - 2014-08-21 10:57 - 00000545 _____ () C:\Users\Paul\Downloads\1041663.ics
2014-08-21 10:14 - 2014-08-25 21:50 - 00016776 _____ () C:\Users\Paul\Desktop\Cruise Deals.xlsx
2014-08-21 09:27 - 2014-08-21 09:27 - 03486972 _____ () C:\Users\Paul\Desktop\AttendeeViewerImage000.bmp
2014-08-21 09:03 - 2014-08-21 09:03 - 03299727 _____ () C:\Users\Paul\Desktop\Quantum.bmp
2014-08-21 06:26 - 2011-09-05 12:48 - 00000868 _____ () C:\Windows\system32\Drivers\etc\hosts.20140821-062627.backup
2014-08-20 15:58 - 2014-08-20 15:58 - 00000513 _____ () C:\Users\Paul\Downloads\EventCalendarServlet.ics
2014-08-20 15:25 - 2014-08-20 15:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Paul\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-20 15:14 - 2014-08-20 15:14 - 00918440 _____ (Oracle Corporation) C:\Users\Paul\Downloads\chromeinstall-7u67.exe
2014-08-20 14:29 - 2014-08-20 14:29 - 951602955 _____ () C:\Windows\MEMORY.DMP
2014-08-20 14:29 - 2014-08-20 14:29 - 00292232 _____ () C:\Windows\Minidump\082014-49218-01.dmp
2014-08-20 14:26 - 2014-08-20 14:26 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\SystemRequirementsLab
2014-08-20 14:26 - 2014-08-20 14:26 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-08-19 11:41 - 2014-08-21 07:26 - 00009396 _____ () C:\Users\Paul\Desktop\Apopka to Memphis.xlsx
2014-08-18 17:52 - 2014-08-18 17:52 - 00001447 _____ () C:\Users\Paul\Downloads\webinar (23).ics
2014-08-18 17:51 - 2014-08-18 17:51 - 00001441 _____ () C:\Users\Paul\Downloads\webinar (22).ics
2014-08-18 17:50 - 2014-08-18 17:50 - 00001441 _____ () C:\Users\Paul\Downloads\webinar (21).ics
2014-08-18 17:38 - 2014-08-18 17:38 - 00014091 _____ () C:\Users\Paul\Downloads\FE2015.xlsx
2014-08-18 17:35 - 2014-08-18 17:35 - 00013124 _____ () C:\Users\Paul\Downloads\FE Group List  _2 Official List.xlsx
2014-08-17 09:17 - 2014-08-17 09:17 - 00001486 _____ () C:\Users\Paul\Downloads\webinar (20).ics
2014-08-15 03:04 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 03:04 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 03:04 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 03:04 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 03:04 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 03:04 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 03:04 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 03:04 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 06:33 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 06:33 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 06:33 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 06:33 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 06:33 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 06:33 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 06:33 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 06:33 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 06:33 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 06:33 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 06:33 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 06:33 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 06:32 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 06:32 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 06:31 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 06:31 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 06:31 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 06:31 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 06:31 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 06:31 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 06:31 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 06:31 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 06:31 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 06:31 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 06:30 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 06:30 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 06:30 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 06:30 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 06:30 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 06:30 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 06:30 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 06:30 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 06:30 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 06:30 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 06:30 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 06:30 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 06:30 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 06:30 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 06:30 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 06:30 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 06:30 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 06:30 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 06:30 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 06:30 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 06:30 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 06:30 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 06:30 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 06:30 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 06:30 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 06:30 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 06:30 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 06:30 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 06:30 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 06:30 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 06:30 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 06:30 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 06:30 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 06:30 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 06:30 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 06:30 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 06:30 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 06:30 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 06:30 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 06:30 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 06:30 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 06:30 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 06:30 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 06:30 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 06:30 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 06:30 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 06:30 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 06:30 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 06:30 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 06:30 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 06:30 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 06:30 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 06:30 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 06:30 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 06:30 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 06:30 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 06:29 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 06:29 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 06:29 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 06:29 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-11 22:52 - 2014-08-11 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2014-08-11 22:44 - 2014-08-11 22:45 - 62222680 _____ (Plex, Inc.) C:\Users\Paul\Downloads\Plex-Media-Server-0.9.914.531-7eef8c6-en-US.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-03 11:00 - 2014-09-03 10:59 - 00041124 _____ () C:\Users\Paul\Downloads\FRST.txt
2014-09-03 11:00 - 2011-12-29 12:05 - 00000000 ____D () C:\Users\Paul\Documents\Outlook Files
2014-09-03 10:59 - 2014-09-03 10:59 - 00000000 ____D () C:\FRST
2014-09-03 10:59 - 2014-09-03 10:58 - 02104832 _____ (Farbar) C:\Users\Paul\Downloads\FRST64 (1).exe
2014-09-03 10:58 - 2014-09-03 10:58 - 02104832 _____ (Farbar) C:\Users\Paul\Downloads\FRST64.exe
2014-09-03 10:57 - 2014-09-03 10:57 - 01370467 _____ () C:\Users\Paul\Downloads\adwcleaner_3.309.exe
2014-09-03 10:55 - 2012-04-05 08:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-03 10:52 - 2010-02-01 09:59 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-03 10:47 - 2010-01-06 22:52 - 01506647 _____ () C:\Windows\WindowsUpdate.log
2014-09-03 10:32 - 2014-02-10 19:59 - 00000556 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2097203814-2351554573-2363596944-1000.job
2014-09-03 10:31 - 2014-01-24 08:53 - 00000000 ____D () C:\Users\Paul\Desktop\FlyingFox
2014-09-03 10:04 - 2011-06-30 21:46 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097203814-2351554573-2363596944-1000UA.job
2014-09-03 09:55 - 2014-08-29 19:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 09:46 - 2013-06-27 10:33 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-09-03 09:11 - 2013-12-10 01:06 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2097203814-2351554573-2363596944-1000UA.job
2014-09-03 07:57 - 2014-09-03 07:57 - 00002670 _____ () C:\Users\Paul\Desktop\Rod reply.txt
2014-09-03 06:41 - 2010-11-10 14:04 - 00000000 ____D () C:\Windows\system32\(System Reserved)
2014-09-03 04:52 - 2010-02-01 09:59 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-03 04:04 - 2011-06-30 21:46 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097203814-2351554573-2363596944-1000Core.job
2014-09-03 00:11 - 2013-12-10 01:06 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2097203814-2351554573-2363596944-1000Core.job
2014-09-03 00:00 - 2010-11-11 00:51 - 00000000 ____D () C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2014-09-02 14:43 - 2011-01-03 18:28 - 00000880 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-09-02 13:48 - 2014-09-02 13:48 - 00007909 _____ () C:\Users\Paul\Desktop\SunTrust Online chat.txt
2014-09-02 12:49 - 2014-09-02 12:49 - 00004001 _____ () C:\Users\Paul\Downloads\How To Market And Sell Family Vacations.ics
2014-09-02 10:56 - 2014-01-14 12:21 - 00013245 _____ () C:\Windows\BRRBCOM.INI
2014-09-02 09:53 - 2014-09-02 09:53 - 00000523 _____ () C:\Users\Paul\Downloads\EventCalendarServlet (2).ics
2014-09-02 08:19 - 2014-09-02 08:19 - 00000545 _____ () C:\Users\Paul\Downloads\1041663 (1).ics
2014-09-02 08:16 - 2014-09-02 08:16 - 00000499 _____ () C:\Users\Paul\Downloads\1041634 (1).ics
2014-09-01 21:36 - 2014-08-30 08:31 - 00000000 ____D () C:\Users\Paul\Desktop\Alaska
2014-08-31 20:43 - 2009-07-14 00:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-31 20:43 - 2009-07-14 00:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-31 20:33 - 2014-01-23 08:56 - 00001004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-08-31 20:33 - 2014-01-23 08:56 - 00000988 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-08-31 20:33 - 2013-08-10 19:03 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-08-31 20:33 - 2010-01-08 13:13 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\WTablet
2014-08-31 20:33 - 2009-07-14 00:51 - 39315607 _____ () C:\Windows\setupact.log
2014-08-31 20:31 - 2012-09-03 18:15 - 00000342 ____H () C:\Windows\Tasks\WxDFastUpdaterTask{83DFC58E-B363-4825-B8E3-438F4F8EB012}.job
2014-08-31 20:31 - 2010-01-07 00:00 - 00450318 _____ () C:\Windows\PFRO.log
2014-08-31 20:31 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-31 13:20 - 2010-01-10 17:47 - 00673280 ___SH () C:\Users\Paul\Documents\Thumbs.db
2014-08-31 09:13 - 2014-08-31 09:13 - 01096192 _____ (Farbar) C:\Users\Paul\Downloads\FRST.exe
2014-08-31 07:54 - 2014-08-31 07:53 - 00038250 _____ () C:\Users\Paul\Desktop\dds.txt
2014-08-31 07:54 - 2014-08-31 07:53 - 00015629 _____ () C:\Users\Paul\Desktop\attach.txt
2014-08-31 07:50 - 2014-08-31 07:50 - 00688992 ____R (Swearware) C:\Users\Paul\Downloads\dds.com
2014-08-30 22:50 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Vss
2014-08-30 16:51 - 2014-06-22 20:57 - 00000000 ____D () C:\Users\Paul\Desktop\Client Bookings
2014-08-30 10:25 - 2014-08-30 10:25 - 00000000 ____D () C:\Users\Paul\AppData\Local\Adobe
2014-08-29 21:21 - 2012-09-18 09:15 - 00000000 ____D () C:\ProgramData\wxDfast
2014-08-29 21:21 - 2011-04-13 08:10 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-08-29 21:06 - 2010-01-07 20:22 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Skype
2014-08-29 19:43 - 2014-08-29 19:43 - 00001146 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-29 19:43 - 2014-08-29 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-29 19:43 - 2011-12-29 09:21 - 00000000 ____D () C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2014-08-29 19:40 - 2014-08-29 19:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Paul\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-29 19:29 - 2014-08-29 19:29 - 00003773 _____ () C:\Users\Paul\Desktop\2 of 17.txt
2014-08-29 15:35 - 2010-01-07 20:17 - 00000000 ____D () C:\ProgramData\Skype
2014-08-29 05:56 - 2012-04-05 08:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-29 05:56 - 2012-04-05 08:09 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-29 05:56 - 2011-05-29 21:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-29 03:20 - 2009-07-14 00:45 - 00678320 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 03:18 - 2010-01-07 09:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-08-29 03:16 - 2011-03-27 08:11 - 00000000 ___RD () C:\Users\Paul\Dropbox
2014-08-28 13:57 - 2014-08-28 09:56 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-08-28 13:56 - 2014-08-28 09:56 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\NCH Software
2014-08-28 13:56 - 2014-08-28 09:55 - 00000000 ____D () C:\ProgramData\NCH Software
2014-08-28 12:30 - 2014-08-28 12:30 - 03200514 _____ () C:\Users\Paul\Desktop\AttendeeViewerImage006.bmp
2014-08-28 11:28 - 2014-08-28 11:27 - 00000000 ____D () C:\Users\Paul\Desktop\Video Project
2014-08-28 11:13 - 2011-03-27 08:09 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Dropbox
2014-08-28 11:12 - 2011-03-27 08:09 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-28 10:29 - 2014-08-28 10:29 - 00000000 ____D () C:\Users\Paul\Documents\VideoPad Projects
2014-08-28 10:07 - 2014-08-28 10:07 - 15865542 _____ () C:\Users\Paul\Downloads\Video Project.zip
2014-08-28 09:56 - 2014-08-28 09:56 - 00001246 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn Disc Burning Software.lnk
2014-08-28 09:56 - 2014-08-28 09:56 - 00001226 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoStage Slideshow Producer.lnk
2014-08-28 09:56 - 2014-08-28 09:56 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
2014-08-28 09:56 - 2014-08-28 09:56 - 00001162 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
2014-08-28 09:56 - 2014-08-28 09:56 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-08-28 09:56 - 2014-08-28 09:55 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-08-28 09:55 - 2014-08-28 09:55 - 04802104 _____ (NCH Software) C:\Users\Paul\Downloads\vppsetup.exe
2014-08-28 09:55 - 2014-08-28 09:55 - 00001190 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2014-08-28 09:55 - 2014-08-28 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-08-28 09:33 - 2014-08-28 09:33 - 00001519 _____ () C:\Users\Paul\Downloads\webinar (24).ics
2014-08-26 19:06 - 2014-08-26 19:06 - 00000499 _____ () C:\Users\Paul\Downloads\1041634.ics
2014-08-26 14:14 - 2009-07-14 01:13 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-26 12:14 - 2014-08-26 12:14 - 00000513 _____ () C:\Users\Paul\Downloads\EventCalendarServlet (1).ics
2014-08-26 11:03 - 2014-08-26 11:02 - 104791498 _____ () C:\Users\Paul\Downloads\Carnival Inspiration.avi
2014-08-25 21:50 - 2014-08-21 10:14 - 00016776 _____ () C:\Users\Paul\Desktop\Cruise Deals.xlsx
2014-08-24 21:58 - 2011-01-13 14:48 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\ProcessLasso
2014-08-24 21:58 - 2011-01-13 14:48 - 00000000 ____D () C:\Program Files\Process Lasso
2014-08-24 11:24 - 2013-11-17 17:15 - 00000000 ____D () C:\Users\Paul\Desktop\Examiner Reports
2014-08-22 22:07 - 2014-08-28 07:48 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-28 07:48 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-28 07:48 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 20:38 - 2014-08-22 20:37 - 01364036 _____ () C:\Users\Paul\Downloads\Norwegian Jewel Package Promotion Terms & Conditions.xlsx
2014-08-22 20:38 - 2014-08-22 20:37 - 01363132 _____ () C:\Users\Paul\Downloads\Norwegian Getaway Package Promotion Terms & Conditions.xlsx
2014-08-22 20:37 - 2014-08-22 20:37 - 01367889 _____ () C:\Users\Paul\Downloads\Norwegian Breakaway Package Promotion Terms & Conditions.xlsx
2014-08-22 20:37 - 2014-08-22 20:37 - 01364085 _____ () C:\Users\Paul\Downloads\Hawaii Package Promotion Terms & Conditions.xlsx
2014-08-22 20:35 - 2014-08-22 20:35 - 00018276 _____ () C:\Users\Paul\Downloads\Getaway Upgrades Now-9-30 Terms & Conditions.xlsx
2014-08-22 20:34 - 2014-08-22 20:34 - 00091136 _____ () C:\Users\Paul\Downloads\All Inclusive Promotion 8-4-9-30 Terms & Conditions.xls
2014-08-22 20:32 - 2014-08-22 20:32 - 00036352 _____ () C:\Users\Paul\Downloads\Freestyle Dash 8-25-8-29 Terms & Conditions.xls
2014-08-21 19:52 - 2014-08-03 16:31 - 00000000 ____D () C:\Users\Paul\Desktop\Letterhead new_Images
2014-08-21 19:16 - 2014-08-21 19:15 - 71178502 _____ () C:\Users\Paul\Downloads\gapps-KatKiss-4.4.4_20140720.zip
2014-08-21 19:12 - 2014-08-21 19:10 - 171506478 _____ () C:\Users\Paul\Desktop\KatKiss-4.4.4_032b.zip
2014-08-21 18:41 - 2014-08-21 18:28 - 00000000 ____D () C:\Users\Paul\Desktop\ASUS
2014-08-21 15:34 - 2014-08-21 15:34 - 04770954 _____ () C:\Users\Paul\Desktop\AttendeeViewerImage002.bmp
2014-08-21 15:29 - 2014-08-21 15:29 - 04770954 _____ () C:\Users\Paul\Desktop\AttendeeViewerImage001.bmp
2014-08-21 10:57 - 2014-08-21 10:57 - 00000545 _____ () C:\Users\Paul\Downloads\1041663.ics
2014-08-21 09:27 - 2014-08-21 09:27 - 03486972 _____ () C:\Users\Paul\Desktop\AttendeeViewerImage000.bmp
2014-08-21 09:03 - 2014-08-21 09:03 - 03299727 _____ () C:\Users\Paul\Desktop\Quantum.bmp
2014-08-21 07:26 - 2014-08-19 11:41 - 00009396 _____ () C:\Users\Paul\Desktop\Apopka to Memphis.xlsx
2014-08-21 06:21 - 2010-01-07 09:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-20 15:58 - 2014-08-20 15:58 - 00000513 _____ () C:\Users\Paul\Downloads\EventCalendarServlet.ics
2014-08-20 15:27 - 2010-01-07 01:18 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Malwarebytes
2014-08-20 15:27 - 2010-01-07 01:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-20 15:27 - 2010-01-07 01:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-20 15:25 - 2014-08-20 15:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Paul\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-20 15:15 - 2013-10-19 12:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-20 15:14 - 2014-08-20 15:14 - 00918440 _____ (Oracle Corporation) C:\Users\Paul\Downloads\chromeinstall-7u67.exe
2014-08-20 14:29 - 2014-08-20 14:29 - 951602955 _____ () C:\Windows\MEMORY.DMP
2014-08-20 14:29 - 2014-08-20 14:29 - 00292232 _____ () C:\Windows\Minidump\082014-49218-01.dmp
2014-08-20 14:29 - 2010-11-27 19:57 - 00000000 ____D () C:\Windows\Minidump
2014-08-20 14:26 - 2014-08-20 14:26 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\SystemRequirementsLab
2014-08-20 14:26 - 2014-08-20 14:26 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-08-20 03:27 - 2009-07-14 01:08 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-20 03:10 - 2010-01-09 00:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-20 03:09 - 2013-08-07 09:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-18 17:52 - 2014-08-18 17:52 - 00001447 _____ () C:\Users\Paul\Downloads\webinar (23).ics
2014-08-18 17:51 - 2014-08-18 17:51 - 00001441 _____ () C:\Users\Paul\Downloads\webinar (22).ics
2014-08-18 17:50 - 2014-08-18 17:50 - 00001441 _____ () C:\Users\Paul\Downloads\webinar (21).ics
2014-08-18 17:38 - 2014-08-18 17:38 - 00014091 _____ () C:\Users\Paul\Downloads\FE2015.xlsx
2014-08-18 17:35 - 2014-08-18 17:35 - 00013124 _____ () C:\Users\Paul\Downloads\FE Group List  _2 Official List.xlsx
2014-08-17 09:17 - 2014-08-17 09:17 - 00001486 _____ () C:\Users\Paul\Downloads\webinar (20).ics
2014-08-16 20:42 - 2013-01-16 18:18 - 00000000 ___RD () C:\Users\Paul\Virtual Machines
2014-08-15 04:40 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-15 03:49 - 2012-04-24 21:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-15 03:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 03:23 - 2013-08-07 11:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 03:17 - 2010-01-07 00:05 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 03:03 - 2014-05-06 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 08:39 - 2014-06-12 11:49 - 00003588 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2097203814-2351554573-2363596944-1000
2014-08-11 22:53 - 2013-11-02 08:28 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-11 22:52 - 2014-08-11 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2014-08-11 22:45 - 2014-08-11 22:44 - 62222680 _____ (Plex, Inc.) C:\Users\Paul\Downloads\Plex-Media-Server-0.9.914.531-7eef8c6-en-US.exe
2014-08-11 21:57 - 2014-03-16 11:20 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\TeamViewer
2014-08-10 22:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-10 01:15 - 2014-03-16 11:20 - 00001142 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-10 01:15 - 2014-03-16 11:20 - 00001130 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-06 22:06 - 2014-08-14 06:29 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-14 06:29 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-04 00:37 - 2014-06-11 07:43 - 00000000 ____D () C:\Users\Paul\Desktop\From USB
 
Files to move or delete:
====================
C:\Users\Paul\gotomypc_540.exe
C:\Users\Paul\gotomypc_626.exe
C:\Users\Paul\SyncToy_d57fae36-962a-41cb-9b46-9e244c22ed90.dat
C:\Users\Paul\XobniSetup.exe
 
 
Some content of TEMP:
====================
C:\Users\Paul\AppData\Local\Temp\7gkrjzpf.dll
C:\Users\Paul\AppData\Local\Temp\81d2180a-1634-ed0c-5575-71c6f465c11b.tmp.exe
C:\Users\Paul\AppData\Local\Temp\asktoolbar.exe
C:\Users\Paul\AppData\Local\Temp\Bccthis_Setup.exe
C:\Users\Paul\AppData\Local\Temp\bdfilters.dll
C:\Users\Paul\AppData\Local\Temp\bing_toolbar.exe
C:\Users\Paul\AppData\Local\Temp\bojohyo7.dll
C:\Users\Paul\AppData\Local\Temp\cbd39779-a363-9155-c4cb-c5f4d4f97050.tmp.exe
C:\Users\Paul\AppData\Local\Temp\ConduitEngine.dll
C:\Users\Paul\AppData\Local\Temp\conduitinstaller.exe
C:\Users\Paul\AppData\Local\Temp\DivXSetup.exe
C:\Users\Paul\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvuognd.dll
C:\Users\Paul\AppData\Local\Temp\DWPUpgradeInstaller.exe
C:\Users\Paul\AppData\Local\Temp\ESDPK-WLX5-WebPlusStarterEdition_Setup.exe
C:\Users\Paul\AppData\Local\Temp\Expat_Shield.exe
C:\Users\Paul\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Paul\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Paul\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\Paul\AppData\Local\Temp\GLF3BE7.tmp.EXE
C:\Users\Paul\AppData\Local\Temp\GLF4460.tmp.EXE
C:\Users\Paul\AppData\Local\Temp\GLF5103.tmp.EXE
C:\Users\Paul\AppData\Local\Temp\GLFC419.tmp.EXE
C:\Users\Paul\AppData\Local\Temp\GLFC79E.tmp.ConduitEngineSetup.exe
C:\Users\Paul\AppData\Local\Temp\GLFC8F9.tmp.exe
C:\Users\Paul\AppData\Local\Temp\GLFF2A0.tmp.EXE
C:\Users\Paul\AppData\Local\Temp\GoogleChromeInstaller.exe
C:\Users\Paul\AppData\Local\Temp\gtalkwmp1.dll
C:\Users\Paul\AppData\Local\Temp\HssInstaller64.exe
C:\Users\Paul\AppData\Local\Temp\hv0nbsmp.exe
C:\Users\Paul\AppData\Local\Temp\i4jdel0.exe
C:\Users\Paul\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe
C:\Users\Paul\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe
C:\Users\Paul\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Paul\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Paul\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Paul\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Paul\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Paul\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Paul\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Paul\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Paul\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Paul\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Paul\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Paul\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Paul\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Paul\AppData\Local\Temp\LIVETOOLBAR_Setup.exe
C:\Users\Paul\AppData\Local\Temp\MSN2E23.exe
C:\Users\Paul\AppData\Local\Temp\MSN5EAF.exe
C:\Users\Paul\AppData\Local\Temp\Myashampoo.exe
C:\Users\Paul\AppData\Local\Temp\NeatExecAsUser64.exe
C:\Users\Paul\AppData\Local\Temp\NEW5913.tmp.exe
C:\Users\Paul\AppData\Local\Temp\NEWB635.tmp.exe
C:\Users\Paul\AppData\Local\Temp\nse682B.tmp.exe
C:\Users\Paul\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Paul\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Paul\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Paul\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Paul\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Paul\AppData\Local\Temp\nvStInst.exe
C:\Users\Paul\AppData\Local\Temp\ose00001.exe
C:\Users\Paul\AppData\Local\Temp\outlookset.exe
C:\Users\Paul\AppData\Local\Temp\PDNISInstall.exe
C:\Users\Paul\AppData\Local\Temp\PicasaUpdater_2444.exe
C:\Users\Paul\AppData\Local\Temp\prestall.exe
C:\Users\Paul\AppData\Local\Temp\prismsetup.exe
C:\Users\Paul\AppData\Local\Temp\processcheck.exe
C:\Users\Paul\AppData\Local\Temp\processlassosetup64.exe
C:\Users\Paul\AppData\Local\Temp\prxGLFC79E.tmp.tbElf_.dll
C:\Users\Paul\AppData\Local\Temp\pstagesetup.exe
C:\Users\Paul\AppData\Local\Temp\ringtonejunkiez.exe
C:\Users\Paul\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Paul\AppData\Local\Temp\Second Life Setup.exe
C:\Users\Paul\AppData\Local\Temp\Second_Life_Updater.exe
C:\Users\Paul\AppData\Local\Temp\SetACL.exe
C:\Users\Paul\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Paul\AppData\Local\Temp\tbElf_.dll
C:\Users\Paul\AppData\Local\Temp\tbMyAs.dll
C:\Users\Paul\AppData\Local\Temp\tu_axjsr.dll
C:\Users\Paul\AppData\Local\Temp\un5083.exe
C:\Users\Paul\AppData\Local\Temp\VistaTools64.dll
C:\Users\Paul\AppData\Local\Temp\wpsetup.exe
C:\Users\Paul\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Paul\AppData\Local\Temp\xobni.exe
C:\Users\Paul\AppData\Local\Temp\_ir_sf7_temp_0RAVSetup.exe
C:\Users\Paul\AppData\Local\Temp\_ir_sf7_temp_0RCATSetup.exe
C:\Users\Paul\AppData\Local\Temp\_ir_sf7_temp_0RMSetup.exe
C:\Users\Paul\AppData\Local\Temp\_ir_sf7_temp_0RMSSetup.exe
C:\Users\Paul\AppData\Local\Temp\_ir_sf7_temp_0RVCSetup.exe
C:\Users\Paul\AppData\Local\Temp\_ir_sf7_temp_0VPLSetup.exe
C:\Users\Paul\AppData\Local\Temp\_is3158.exe
C:\Users\Paul\AppData\Local\Temp\_is3617.exe
C:\Users\Paul\AppData\Local\Temp\_is9954.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-29 03:50
 
==================== End Of Log ============================

Attached Files


Edited by Squeakmail, 03 September 2014 - 12:54 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:18 AM

Posted 04 September 2014 - 08:08 AM



Clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
  • ---

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

    start
    HKU\S-1-5-21-2097203814-2351554573-2363596944-1000\...\Run: [] => [X]
    URLSearchHook: HKCU - (No Name) - {38542454-dfb6-44f5-b052-d4e071a3d073} - No File
    URLSearchHook: HKCU - (No Name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No File
    URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
    SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
    SearchScopes: HKCU - {CE3A3FD1-0A27-07DC-3FED-9D0FBEBC1CD0} URL = http://www.bing.com/search?q={searchTerms}&pc=Z131&form=ZGAIDF&install_date=20111117&iesrc={referrer:source}
    BHO: Expat Shield Class -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -> C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll No File
    BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
    BHO-x32: No Name -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} ->  No File
    BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
    BHO-x32: No Name -> {9A065C65-4EE7-4DDD-9918-F129089A894A} ->  No File
    Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    Toolbar: HKCU - No Name - {38542454-DFB6-44F5-B052-D4E071A3D073} -  No File
    Toolbar: HKCU - No Name - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} -  No File
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
    Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
    FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Paul\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
    FF HKLM-x32\...\Firefox\Extensions: [remotemode@splashtop.com] - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\FFExtensions
    CHR DefaultSearchKeyword: Default -> 588AA6E11E5D6ADBEBF150F45D01776533698C9638EDA874EC1003DDD8127249
    CHR DefaultSearchURL: Default -> C0FB108BC5490A2B379CFA272E43D9D1D92D5889E1D1765031748014217DFF74
    CHR Extension: (Hola Better Internet) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-12-20]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    AlternateDataStreams: C:\ProgramData\Temp:79DD4F33
    AlternateDataStreams: C:\ProgramData\Temp:B1CD2545
    
    End
    
    Save the files as fixlist.txt into the same folder as FRST

    Run FRST and click Fix only once and wait.

    Restart the computer normally to reset the registry.

    The tool will create a log (Fixlog.txt) please post it to your reply.
    ===

    --RogueKiller--
    • Download & SAVE to your Desktop For 32bit system or For 64bit system
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
    =======



#7 Squeakmail

Squeakmail
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 05 September 2014 - 06:32 AM

You didn't specifically ask for it, but I am assuming you will want to see the TFC Log as follows:

 

=========================================

 

Getting user folders.
 
Stopping running processes.
 
Emptying Temp folders.
 
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57311 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Paul
->Temp folder emptied: 33853700211 bytes
->Temporary Internet Files folder emptied: 6271890700 bytes
->Java cache emptied: 4826427 bytes
->FireFox cache emptied: 473064505 bytes
->Google Chrome cache emptied: 398518938 bytes
->Apple Safari cache emptied: 164540416 bytes
->Flash cache emptied: 8567220 bytes
 
User: Public
 
User: Public(2)
 
User: Squeak
->Java cache emptied: 1567538175 bytes
->Flash cache emptied: 60402 bytes
 
User: UpdatusUser
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1705408179 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 16586843 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50461 bytes
 
Emptying RecycleBin. Do not interrupt.
 
RecycleBin emptied: 952562752 bytes
Process complete!
 
Total Files Cleaned = 43,313.00 mb


#8 Squeakmail

Squeakmail
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 05 September 2014 - 06:36 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014 02
Ran by Paul at 2014-09-05 07:33:37 Run:1
Running from C:\Users\Paul\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKU\S-1-5-21-2097203814-2351554573-2363596944-1000\...\Run: [] => [X]
URLSearchHook: HKCU - (No Name) - {38542454-dfb6-44f5-b052-d4e071a3d073} - No File
URLSearchHook: HKCU - (No Name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No File
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
BHO: Expat Shield Class -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -> C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll No File
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO-x32: No Name -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} ->  No File
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: No Name -> {9A065C65-4EE7-4DDD-9918-F129089A894A} ->  No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKCU - No Name - {38542454-DFB6-44F5-B052-D4E071A3D073} -  No File
Toolbar: HKCU - No Name - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} -  No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Paul\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF HKLM-x32\...\Firefox\Extensions: [remotemode@splashtop.com] - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\FFExtensions
CHR DefaultSearchKeyword: Default -> 588AA6E11E5D6ADBEBF150F45D01776533698C9638EDA874EC1003DDD8127249
CHR DefaultSearchURL: Default -> C0FB108BC5490A2B379CFA272E43D9D1D92D5889E1D1765031748014217DFF74
CHR Extension: (Hola Better Internet) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-12-20]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
AlternateDataStreams: C:\ProgramData\Temp:79DD4F33
AlternateDataStreams: C:\ProgramData\Temp:B1CD2545
 
End
*****************
 
HKU\S-1-5-21-2097203814-2351554573-2363596944-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{38542454-dfb6-44f5-b052-d4e071a3d073} => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} => Value not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
"HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
"HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CE3A3FD1-0A27-07DC-3FED-9D0FBEBC1CD0}" => Key deleted successfully.
"HKCR\CLSID\{CE3A3FD1-0A27-07DC-3FED-9D0FBEBC1CD0}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}" => Key not found.
"HKCR\CLSID\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key not found.
"HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}" => Key not found.
"HKCR\Wow6432Node\CLSID\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key not found.
"HKCR\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A065C65-4EE7-4DDD-9918-F129089A894A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9A065C65-4EE7-4DDD-9918-F129089A894A}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value not found.
"HKCR\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{38542454-DFB6-44F5-B052-D4E071A3D073} => value deleted successfully.
"HKCR\CLSID\{38542454-DFB6-44F5-B052-D4E071A3D073}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} => Value not found.
"HKCR\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}" => Key not found.
"HKCR\PROTOCOLS\Handler\belarc" => Key deleted successfully.
"HKCR\CLSID\{6318E0AB-2E93-11D1-B8ED-00608CC9A71F}" => Key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key deleted successfully.
"HKCR\Wow6432Node\PROTOCOLS\Handler\linkscanner" => Key not found.
"HKCR\Wow6432Node\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0" => Key deleted successfully.
"HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin" => Key deleted successfully.
C:\Users\Paul\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\remotemode@splashtop.com => value deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio => Moved successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
C:\ProgramData\Temp => ":79DD4F33" ADS removed successfully.
C:\ProgramData\Temp => ":B1CD2545" ADS removed successfully.
 
==== End of Fixlog ====


#9 Squeakmail

Squeakmail
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 05 September 2014 - 06:56 AM

RogueKiller V9.2.9.0 (x64) [Jul 11 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Paul [Admin rights]
Mode : Remove -- Date : 09/05/2014  07:54:16
 
¤¤¤ Bad processes : 1 ¤¤¤
[Suspicious.Path] (SVC) Agent -- C:\Windows\VPDAgent_x64.exe[-] -> STOPPED
 
¤¤¤ Registry Entries : 9 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Agent -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Agent -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Agent -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2097203814-2351554573-2363596944-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://portcanaveralwebcam.com/  -> NOT SELECTED
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2097203814-2351554573-2363596944-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://portcanaveralwebcam.com/  -> NOT SELECTED
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 7 (Driver: LOADED) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_CREATE[0] : Unknown @ 0xd3b52c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_CLOSE[2] : Unknown @ 0xd3b52c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0xd3b52c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0xd3b52c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_POWER[22] : Unknown @ 0xd3b52c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0xd3b52c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_PNP[27] : Unknown @ 0xd3b52c0
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] yrko6ynf.default : user_pref("browser.startup.homepage", "about:home"); -> NOT SELECTED
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS722020ALA330 ATA Device +++++
--- User ---
[MBR] f2d2800258cf83ca5dcae77e5ebd0e43
[BSP] eb3dac82864ca701dd287179b989e112 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] 34862fcf07686416307e37fb000d2da8
[BSP] 0c5cb25d364e7feb7255010e17b90281 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: Generic- MS/MS-PRO USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive5: Generic- xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive6: Generic- MicroSD/M2 USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_SCN_09052014_075202.log


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:18 AM

Posted 05 September 2014 - 08:46 AM

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer performing now?

#11 Squeakmail

Squeakmail
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 05 September 2014 - 09:15 AM

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Duplicate Cleaner Free 3.0.1  
 Adobe Flash Player 14.0.0.179  
 Adobe Reader 10.1.11 Adobe Reader out of Date!  
 Mozilla Firefox (31.0) 
 Google Chrome 37.0.2062.102  
 Google Chrome 37.0.2062.103  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:18 AM

Posted 06 September 2014 - 06:48 AM

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

How is the computer running now?

#13 Squeakmail

Squeakmail
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 06 September 2014 - 07:06 AM

The machine never seems to "store" the new Adobe Reader - it offers it to me as a download almost every time I boot up the computer.

 

As it wasn't relevant to the spam problem I didn't do it immediately - but it has already been updated.

 

How's it running? Difficult to say, to be honest. The only indication we had that there was a problem was the "bounce back" emails suggesting that the IP address of the network was sending out spam, and a couple of telephone calls from the ISP warning that there was a problem.

 

I ran scans with Malwarebytes, Spybot and Microsoft Security Essentials early in the process and the messages stopped - but then the computer had a restart (it usually runs 24/7) following a Windows 7 update and I had another day of bounce messages - so we registered with you folks.

 

I haven't seen any recent notifications of spam transmission.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:18 AM

Posted 06 September 2014 - 08:23 AM


Download and run the Adobe reader uninstaller tool.
http://labs.adobe.com/downloads/acrobatcleaner.html

Restart the computer normally and re-install the application.

#15 Squeakmail

Squeakmail
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 06 September 2014 - 10:49 AM

Re-installed Adobe as instructed.  New Security Check report follows:

 

=============================================

 

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Duplicate Cleaner Free 3.0.1  
 Adobe Flash Player 14.0.0.179  
 Adobe Reader XI  
 Mozilla Firefox (31.0) 
 Google Chrome 37.0.2062.102  
 Google Chrome 37.0.2062.103  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users