Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7/64 infected with backdoors/downloaders, DDS logs attached


  • This topic is locked This topic is locked
10 replies to this topic

#1 stevenp61

stevenp61

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 22 September 2014 - 12:34 PM

I'm running Win7 SP1 64-bit, with Avast Free and Windows Firewall. I started getting flaky browser behavior a few days ago (clicking on a link goes to an unrelated website, etc.--even happened when I clicked to create an account here!) **EDIT** I'm using Chrome as my main browser.

 

I have Malwarebytes and MSE and run them occasionally--now they usually come up with some identified viruses, but the removal doesn't appear complete because further bad stuff shows up the next day.

 

A recent ESET online scan found 2 instances of a variant of Win64/Sathurot.A, both files (different locations) named IconsCacheHelper.dll. Only one indicates it will be cleaned after restart; the other is in red text, with the Action column blank.

 

MSE shows recent quarantines of Win64/Ropest.G, Win32/Zemot.A (x3), Win32.Sinda.At, and Win32/Danglo!gmb. Most recent full scan came up clean.

 

Here is my DDS log, with the Attach file attached. Thx!

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.67.2
Run by steve at 13:26:18 on 2014-09-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5940.3349 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\WUDFHost.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\Everything\Everything.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\LENOVO\HOTKEY\shtctky.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
C:\Windows\System32\vds.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Everything\Everything.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {890405EF-6F66-4282-8B0D-E57EBEF6B915} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: DataVault Bar: {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files (x86)\DataVault\ie.dll
uRun: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [Orics] C:\Windows\SysWOW64\regsvr32.exe C:\Users\steve\AppData\Local\Ebtion\PythonctrlTime.dll
uRun: [Igsoft] regsvr32.exe C:\Users\steve\AppData\Local\Igsoft\SysUserKit4.dll
mRun: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ICONRE~1.LNK - C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe
StartupFolder: C:\Users\steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\xwizard.lnk - C:\Users\steve\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
uPolicies-Explorer: Run = "C:\Users\steve\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: LastPass - C:\Users\steve\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\steve\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Save to DataVault - C:\Program Files (x86)\DataVault/iemenuext.htm
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{2EAD6592-66D5-4060-BF0A-7032A849D6BA} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{2EAD6592-66D5-4060-BF0A-7032A849D6BA} : DHCPNameServer = 192.168.0.254 192.168.0.254
TCP: Interfaces\{7C5A5F03-917C-43B5-B627-61A44C154C4C} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{7C5A5F03-917C-43B5-B627-61A44C154C4C} : DHCPNameServer = 8.8.8.8 8.8.4.4 192.168.123.254 192.168.123.254
TCP: Interfaces\{CFD0AE7B-A652-4FFF-B4BE-E750853AFD51} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{CFD0AE7B-A652-4FFF-B4BE-E750853AFD51} : DHCPNameServer = 192.168.12.2
TCP: Interfaces\{D61CE6B7-261A-43DC-9E6B-63D2B089C460} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{E7B84712-7320-4B6A-8B58-F702691B2D05} : NameServer = 8.8.8.8,8.8.8.8,4.2.2.1,209.184.47.61
TCP: Interfaces\{E7B84712-7320-4B6A-8B58-F702691B2D05} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{E7B84712-7320-4B6A-8B58-F702691B2D05}\F6A7C616E646 : NameServer = 4.2.2.1,209.184.47.61
TCP: Interfaces\{E7B84712-7320-4B6A-8B58-F702691B2D05}\F6A7C616E646 : DHCPNameServer = 10.0.0.1
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-TB: DataVault Bar: {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files (x86)\DataVault\ie64.dll
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
x64-Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 107.181.174.68 www.google-analytics.com.
Hosts: 107.181.174.68 google-analytics.com.
Hosts: 107.181.174.68 connect.facebook.net.
Hosts: 188.40.62.184 www.google-analytics.com.
Hosts: 188.40.62.184 google-analytics.com.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\4bmq4opk.default\
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DataVault\npapi.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
FF - plugin: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-12-20 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-12-20 224896]
R0 BootDefragDriver;BootDefragDriver;C:\Windows\System32\drivers\BootDefragDriver.sys [2013-12-20 17088]
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2013-12-19 29512]
R0 EUBAKUP;EUBAKUP;C:\Windows\System32\drivers\eubakup.sys [2013-12-20 61000]
R0 EUBKMON;EUBKMON;C:\Windows\System32\drivers\EUBKMON.sys [2013-12-20 48200]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-10-28 632168]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-10-28 28008]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-12-20 52760]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2012-9-6 25448]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2013-12-20 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-12-20 427360]
R1 EUDSKACS;EUDSKACS;C:\Windows\System32\drivers\eudskacs.sys [2013-12-20 18504]
R1 EUFDDISK;EUFDDISK;C:\Windows\System32\drivers\EuFdDisk.sys [2013-12-20 189000]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2013-8-6 15472]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-13 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-12-20 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-20 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-14 50344]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2013-6-27 198784]
R2 EaseUS Agent;EaseUS Agent Service;C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2013-12-20 69192]
R2 Everything;Everything;C:\Program Files\Everything\Everything.exe [2013-12-20 1357824]
R2 Guard Agent;Guard Agent Service;C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2013-12-20 23624]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2013-12-19 44024]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2013-8-6 127072]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2013-12-19 62456]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 133928]
R2 PenCommService;Livescribe Pulse Smartpen Service;C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [2011-10-27 470528]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2013-10-25 61952]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-3-5 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-3-5 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-3-5 171416]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2013-8-6 126456]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2013-8-6 125504]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-6-27 2533400]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-9-26 479224]
R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2013-10-25 167040]
R3 e1kexpress;Intel® Network Connections Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2013-11-13 497424]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2013-10-25 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-10-25 317440]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 Power Manager DBC Service;Power Manager Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2013-8-7 1669928]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-12-19 45296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-8-7 438616]
S2 WiseBootAssistant;Wise Boot Assistant;C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [2013-12-20 580232]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2012-9-26 107432]
S3 b06diag;Broadcom NetXtreme II Diag Driver;C:\Windows\System32\drivers\bxdiaga.sys [2012-11-2 88104]
S3 BlackBerry Device Manager;BlackBerry Device Manager;C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2013-9-9 585728]
S3 BXOIS;BXOIS;C:\Windows\System32\drivers\bxois.sys [2012-10-18 533544]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2013-12-19 320576]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2012-10-18 302296]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-21 111616]
S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2012-10-18 40144]
S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2012-10-18 42192]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2013-6-27 174168]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-5-23 77592]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-5-23 13080]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-7-9 92888]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2013-8-7 1664808]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-11-2 726160]
S3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2013-6-27 41272]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-6 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-09-22 16:23:24 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{19B08FCF-F0AE-44C5-B2CB-137DB4D956F5}\offreg.dll
2014-09-22 15:47:13 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{19B08FCF-F0AE-44C5-B2CB-137DB4D956F5}\mpengine.dll
2014-09-22 14:59:02 -------- d-----w- C:\Python34
2014-09-21 17:11:27 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-09-21 17:10:09 -------- d-----w- C:\AdwCleaner
2014-09-21 17:07:40 -------- d-----w- C:\Program Files (x86)\ESET
2014-09-21 15:55:21 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-21 02:00:42 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-21 01:31:19 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-21 01:21:43 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-09-20 19:55:49 -------- d-sh--w- C:\Users\steve\AppData\Local\EmieUserList
2014-09-20 19:55:49 -------- d-sh--w- C:\Users\steve\AppData\Local\EmieSiteList
2014-09-20 19:48:16 -------- d-----w- C:\Users\steve\AppData\Local\Igsoft
2014-09-20 19:47:35 -------- d-----w- C:\Users\steve\AppData\Local\Ebtion
2014-09-16 21:23:01 1188440 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{37121782-CB4A-4ECD-9E6E-2A37962222C5}\gapaengine.dll
2014-09-15 22:28:07 -------- d-----w- C:\Program Files (x86)\AOR
2014-08-26 20:46:52 -------- d-----w- C:\Users\steve\AppData\Local\Garmin
2014-08-26 20:46:47 -------- d-----w- C:\Users\steve\AppData\Roaming\Garmin
2014-08-26 20:46:37 -------- d-----w- C:\ProgramData\Garmin
2014-08-26 20:46:32 -------- d-----w- C:\Program Files (x86)\Garmin
.
==================== Find3M  ====================
.
2014-09-22 15:40:35 128728 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-22 06:42:39 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-21 02:19:59 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-21 01:19:20 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-21 01:19:20 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-14 15:18:18 92008 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-07-14 15:18:18 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-07-14 15:18:18 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-07-14 15:18:18 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-07-14 15:18:18 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-07-14 15:18:18 1041168 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-07-14 15:18:17 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-07-14 15:18:17 43152 ----a-w- C:\Windows\avastSS.scr
2013-12-21 03:19:00 13024768 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 13:26:33.90 ===============
 
Attached File  Attach.txt   10.98KB   0 downloads

 

 

 

 



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 AM

Posted 22 September 2014 - 01:49 PM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 stevenp61

stevenp61
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 22 September 2014 - 02:02 PM

Thanks! Here's the FRST scan log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by steve (administrator) on STEVE-PC on 22-09-2014 14:58:24
Running from C:\Users\steve\Desktop\UTILS\Security\FRST
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
() C:\Program Files\Everything\Everything.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Livescribe) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 4\Integrator.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
() C:\Program Files\Everything\Everything.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(FSL - Freesoftland) C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-08-20] (Lenovo)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1357824 2013-06-26] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2010-05-03] (Intel Corporation)
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-03-13] (Sony Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-749296369-316787904-2774653599-1001\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2013-04-11] ()
HKU\S-1-5-21-749296369-316787904-2774653599-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-749296369-316787904-2774653599-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-749296369-316787904-2774653599-1001\...\Run: [Orics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\steve\AppData\Local\Ebtion\PythonctrlTime.dll
HKU\S-1-5-21-749296369-316787904-2774653599-1001\...\Run: [Igsoft] => regsvr32.exe C:\Users\steve\AppData\Local\Igsoft\SysUserKit4.dll <===== ATTENTION
HKU\S-1-5-21-749296369-316787904-2774653599-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-749296369-316787904-2774653599-1001\...\Policies\Explorer: [Run] "C:\Users\steve\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exe"
HKU\S-1-5-21-749296369-316787904-2774653599-1001\...\MountPoints2: {705eebea-def1-11e3-9e9d-f0def1074b92} - G:\LaunchU3.exe -a
HKU\S-1-5-21-749296369-316787904-2774653599-1001\...\MountPoints2: {787f167b-ffbe-11e2-837a-00235ad6da54} - E:\WMS_Auto.exe
HKU\S-1-5-21-749296369-316787904-2774653599-1001\...\MountPoints2: {a129da56-c64a-11e3-b512-f0def1074b92} - F:\LaunchU3.exe -a
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
Startup: C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconRestorer.lnk
ShortcutTarget: IconRestorer.lnk -> C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe (FSL - Freesoftland)
Startup: C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xwizard.lnk
ShortcutTarget: xwizard.lnk -> C:\Users\steve\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exe (No File)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: 1SecureIconsProvider -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
BootExecute: autocheck autochk *  sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {890405EF-6F66-4282-8B0D-E57EBEF6B915} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - DataVault Bar - {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files (x86)\DataVault\ie64.dll ()
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKLM-x32 - DataVault Bar - {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files (x86)\DataVault\ie.dll ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{2EAD6592-66D5-4060-BF0A-7032A849D6BA}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{7C5A5F03-917C-43B5-B627-61A44C154C4C}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{CFD0AE7B-A652-4FFF-B4BE-E750853AFD51}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{D61CE6B7-261A-43DC-9E6B-63D2B089C460}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{E7B84712-7320-4B6A-8B58-F702691B2D05}: [NameServer] 8.8.8.8,8.8.8.8,4.2.2.1,209.184.47.61
 
FireFox:
========
FF ProfilePath: C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\4bmq4opk.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @ascendo-inc/DataVault;version=1 -> C:\Program Files (x86)\DataVault\npapi.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @sony.com/eBookLibrary -> C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\4bmq4opk.default\searchplugins\yahoo-avast.xml
FF Extension: Xmarks - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\4bmq4opk.default\Extensions\foxmarks@kei.com [2014-06-23]
FF Extension: LastPass - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\4bmq4opk.default\Extensions\support@lastpass.com [2014-03-05]
FF Extension: Forecastfox - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\4bmq4opk.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2013-12-21]
FF Extension: Flashblock - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\4bmq4opk.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-12-20]
FF Extension: DownloadHelper - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\4bmq4opk.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-14]
FF Extension: Classic Compact Options - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\4bmq4opk.default\Extensions\notreal.ccoptions@environmentalchemistry.com.xpi [2013-12-20]
FF Extension: ScrapBook MAF Creator - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\4bmq4opk.default\Extensions\{1544D611-955F-4ceb-95D3-82C720C29EAE}.xpi [2014-03-07]
FF Extension: ScrapBook - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\4bmq4opk.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2014-03-07]
FF Extension: classiccompact - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\4bmq4opk.default\Extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}.xpi [2013-12-20]
FF Extension: Tab Mix Plus - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\4bmq4opk.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [datavault@ascendo.inc] - C:\Program Files (x86)\DataVault\firefox
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-20]
 
Chrome: 
=======
CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Stop YouTube HTML5 Autoplay) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkibmginjljbmmpgnipfbcbmkcodaap [2014-09-06]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-08-26]
CHR Extension: (Google Docs) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-20]
CHR Extension: (Google Drive) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-20]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-07]
CHR Extension: (Google Search) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-20]
CHR Extension: (FlashFree) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebmieckllmmifjjbipnppinpiohpfahm [2014-09-07]
CHR Extension: (FlashBlock) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl [2014-09-07]
CHR Extension: (avast! Online Security) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-05]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-08-26]
CHR Extension: (FVD Downloader) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2014-09-07]
CHR Extension: (Stop Autoplay for Youtube™ Extended) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnpbhnhmmjioijfgilcohbknkgfmpa [2014-09-07]
CHR Extension: (Google Wallet) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-20]
CHR Extension: (Gmail) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-20]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\steve\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-08-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [idbmmgcdhhiblollphopejjpnkpdgbii] - C:\Program Files (x86)\DataVault\extension.crx [2013-03-09]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-14] (AVAST Software)
S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-09-09] (Research In Motion Limited) [File not signed]
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-09-03] (Lenovo.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [69192 2013-10-11] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 Everything; C:\Program Files\Everything\Everything.exe [1357824 2013-06-26] () [File not signed]
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2007-11-28] (Sony Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2007-11-28] (Sony Corporation) [File not signed]
R2 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [470528 2011-10-27] (Livescribe) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2010-04-02] (Sony Corporation) [File not signed]
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2007-11-28] (Sony Corporation) [File not signed]
S3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2013-04-25] (WiseCleaner.com)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-14] ()
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17088 2013-11-17] (Glarysoft Ltd)
S3 BXOIS; C:\Windows\system32\drivers\bxois.sys [533544 2010-12-10] (Broadcom Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [61000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2013-09-04] () [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [18504 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-10-28] (Intel Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2014-09-20] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-06-27] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [41272 2012-10-18] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-22 14:57 - 2014-09-22 14:58 - 00000000 ____D () C:\FRST
2014-09-22 10:59 - 2014-09-22 10:59 - 00000000 ____D () C:\Python34
2014-09-22 10:59 - 2014-09-22 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2014-09-22 10:53 - 2014-09-22 14:01 - 00000248 _____ () C:\Windows\error.log
2014-09-22 10:53 - 2014-09-22 14:01 - 00000112 _____ () C:\Windows\setupact.log
2014-09-22 10:53 - 2014-09-22 14:01 - 00000056 _____ () C:\Windows\errord.log
2014-09-22 10:53 - 2014-09-22 10:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-21 13:11 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-21 13:10 - 2014-09-22 11:42 - 00000000 ____D () C:\AdwCleaner
2014-09-21 13:07 - 2014-09-21 13:07 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-20 22:00 - 2014-09-22 12:02 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-20 21:31 - 2014-09-20 21:31 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-20 21:31 - 2014-09-20 21:31 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-20 21:31 - 2014-09-20 21:31 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-20 21:31 - 2014-09-20 21:31 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-20 21:31 - 2014-09-20 21:31 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-20 21:21 - 2014-09-20 21:21 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-20 21:21 - 2014-09-20 21:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-20 21:21 - 2014-09-20 21:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-20 21:21 - 2014-09-20 21:21 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-20 15:55 - 2014-09-20 15:55 - 00000000 __SHD () C:\Users\steve\AppData\Local\EmieUserList
2014-09-20 15:55 - 2014-09-20 15:55 - 00000000 __SHD () C:\Users\steve\AppData\Local\EmieSiteList
2014-09-20 15:48 - 2014-09-21 13:54 - 00000000 ____D () C:\Users\steve\AppData\Local\Igsoft
2014-09-20 15:47 - 2014-09-20 17:02 - 00000000 ____D () C:\Users\steve\AppData\Local\Ebtion
2014-09-18 10:14 - 2014-09-18 10:14 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-09-16 00:41 - 2014-09-16 00:44 - 00001131 _____ () C:\Windows\SysWOW64\rsrorx32.LOG
2014-09-15 18:28 - 2014-09-15 18:28 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced Outlook Repair
2014-09-15 18:28 - 2014-09-15 18:28 - 00000000 ____D () C:\Program Files (x86)\AOR
2014-09-15 18:21 - 2014-09-16 10:13 - 00000000 ____D () C:\Users\steve\Desktop\outlook mipl
2014-09-15 18:21 - 2014-09-15 18:21 - 00000000 ____D () C:\Users\steve\Desktop\DataNumen Advanced Outlook Repair 3.4 [vokeon]
2014-09-02 12:40 - 2014-09-02 12:41 - 00000000 ____D () C:\Users\steve\Desktop\NYC
2014-09-01 08:53 - 2014-09-01 08:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-01 00:58 - 2014-09-21 13:39 - 00000000 ____D () C:\Users\steve\Desktop\NMR
2014-08-26 16:48 - 2014-08-26 16:48 - 00000000 ____D () C:\Users\steve\Documents\Garmin
2014-08-26 16:46 - 2014-08-26 18:11 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Garmin
2014-08-26 16:46 - 2014-08-26 18:11 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-26 16:46 - 2014-08-26 16:46 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-08-26 16:46 - 2014-08-26 16:46 - 00000000 ____D () C:\Users\steve\AppData\Local\Garmin
2014-08-26 16:46 - 2014-08-26 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-08-26 16:46 - 2014-08-26 16:46 - 00000000 ____D () C:\ProgramData\Garmin
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-22 14:58 - 2014-09-22 14:57 - 00000000 ____D () C:\FRST
2014-09-22 14:57 - 2013-12-15 19:25 - 00000000 ____D () C:\Users\steve\Desktop\DLs
2014-09-22 14:41 - 2014-05-29 17:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-22 14:08 - 2009-07-14 00:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-22 14:08 - 2009-07-14 00:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-22 14:07 - 2013-12-20 13:33 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-22 14:07 - 2009-07-14 01:13 - 00785302 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-22 14:05 - 2014-07-09 18:30 - 01799458 _____ () C:\Windows\WindowsUpdate.log
2014-09-22 14:03 - 2014-07-04 15:24 - 00000328 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-09-22 14:02 - 2014-07-04 21:55 - 00000000 ___RD () C:\Users\steve\Google Drive
2014-09-22 14:02 - 2013-12-20 22:33 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-09-22 14:02 - 2013-12-20 18:48 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-22 14:02 - 2013-12-20 13:33 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-22 14:01 - 2014-09-22 10:53 - 00000248 _____ () C:\Windows\error.log
2014-09-22 14:01 - 2014-09-22 10:53 - 00000112 _____ () C:\Windows\setupact.log
2014-09-22 14:01 - 2014-09-22 10:53 - 00000056 _____ () C:\Windows\errord.log
2014-09-22 14:01 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-22 14:00 - 2013-12-20 22:32 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Everything
2014-09-22 12:02 - 2014-09-20 22:00 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-22 11:42 - 2014-09-21 13:10 - 00000000 ____D () C:\AdwCleaner
2014-09-22 11:40 - 2014-07-09 11:47 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 10:59 - 2014-09-22 10:59 - 00000000 ____D () C:\Python34
2014-09-22 10:59 - 2014-09-22 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2014-09-22 10:53 - 2014-09-22 10:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-22 02:42 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 13:54 - 2014-09-20 15:48 - 00000000 ____D () C:\Users\steve\AppData\Local\Igsoft
2014-09-21 13:45 - 2013-12-07 20:40 - 00000000 ____D () C:\Users\steve\Desktop\fun
2014-09-21 13:42 - 2013-12-07 20:50 - 00000000 ____D () C:\Users\steve\Desktop\Pinball
2014-09-21 13:41 - 2014-03-18 19:17 - 00000000 ____D () C:\Users\steve\Desktop\KINDLE ROOT
2014-09-21 13:39 - 2014-09-01 00:58 - 00000000 ____D () C:\Users\steve\Desktop\NMR
2014-09-21 13:07 - 2014-09-21 13:07 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-20 22:19 - 2014-07-09 11:47 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-20 22:18 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\addins
2014-09-20 21:50 - 2014-01-18 14:21 - 00000000 ____D () C:\Users\steve\AppData\Roaming\vlc
2014-09-20 21:31 - 2014-09-20 21:31 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-20 21:31 - 2014-09-20 21:31 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-20 21:31 - 2014-09-20 21:31 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-20 21:31 - 2014-09-20 21:31 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-20 21:31 - 2014-09-20 21:31 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-20 21:31 - 2013-12-19 03:57 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-20 21:21 - 2014-09-20 21:21 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-20 21:21 - 2014-09-20 21:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-20 21:21 - 2014-09-20 21:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-20 21:21 - 2014-09-20 21:21 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-20 21:21 - 2014-01-18 22:03 - 00000000 ____D () C:\Program Files\Java
2014-09-20 21:19 - 2014-05-29 17:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-20 21:19 - 2013-08-07 20:13 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-20 21:19 - 2013-08-07 20:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-20 17:02 - 2014-09-20 15:47 - 00000000 ____D () C:\Users\steve\AppData\Local\Ebtion
2014-09-20 17:02 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-09-20 16:50 - 2013-12-20 22:36 - 00000000 ____D () C:\Users\steve\AppData\Roaming\uTorrent
2014-09-20 15:55 - 2014-09-20 15:55 - 00000000 __SHD () C:\Users\steve\AppData\Local\EmieUserList
2014-09-20 15:55 - 2014-09-20 15:55 - 00000000 __SHD () C:\Users\steve\AppData\Local\EmieSiteList
2014-09-18 16:01 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\Performance
2014-09-18 10:14 - 2014-09-18 10:14 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-09-18 02:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-16 12:29 - 2014-03-05 15:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-16 10:13 - 2014-09-15 18:21 - 00000000 ____D () C:\Users\steve\Desktop\outlook mipl
2014-09-16 00:44 - 2014-09-16 00:41 - 00001131 _____ () C:\Windows\SysWOW64\rsrorx32.LOG
2014-09-16 00:43 - 2013-12-20 19:59 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-15 18:28 - 2014-09-15 18:28 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced Outlook Repair
2014-09-15 18:28 - 2014-09-15 18:28 - 00000000 ____D () C:\Program Files (x86)\AOR
2014-09-15 18:21 - 2014-09-15 18:21 - 00000000 ____D () C:\Users\steve\Desktop\DataNumen Advanced Outlook Repair 3.4 [vokeon]
2014-09-14 19:10 - 2014-01-04 17:42 - 00000000 ____D () C:\Users\steve\Desktop\BB
2014-09-13 16:41 - 2014-01-04 17:20 - 00001463 _____ () C:\Users\steve\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-09-13 16:41 - 2014-01-04 17:20 - 00001463 _____ () C:\Users\steve\AppData\Roaming\Rim.Desktop.Exception.log
2014-09-02 12:41 - 2014-09-02 12:40 - 00000000 ____D () C:\Users\steve\Desktop\NYC
2014-09-02 12:40 - 2013-12-25 15:55 - 00000000 ____D () C:\Users\steve\Desktop\Anna's Docs
2014-09-02 12:38 - 2013-12-15 19:19 - 00000000 ____D () C:\Users\steve\Desktop\Dr Brenner
2014-09-01 20:07 - 2014-07-09 18:22 - 00000000 ____D () C:\Program Files (x86)\DataVault
2014-09-01 20:07 - 2014-05-29 18:42 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-09-01 20:07 - 2014-04-28 15:08 - 00000000 ____D () C:\Program Files\MediaInfo
2014-09-01 20:07 - 2014-04-19 01:18 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-01 20:07 - 2014-04-05 18:52 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-09-01 20:07 - 2013-12-20 22:32 - 00000000 ____D () C:\Program Files\Everything
2014-09-01 08:54 - 2014-09-01 08:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-01 00:59 - 2014-04-09 14:21 - 00000000 ____D () C:\Users\steve\Desktop\SPM job search 2014
2014-08-29 13:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-28 18:11 - 2013-12-08 00:10 - 00000000 ____D () C:\Users\steve\Desktop\Travel
2014-08-26 23:10 - 2013-12-07 19:58 - 00000000 ____D () C:\Users\steve\Desktop\AV-gadgets
2014-08-26 18:11 - 2014-08-26 16:46 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Garmin
2014-08-26 18:11 - 2014-08-26 16:46 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-26 16:48 - 2014-08-26 16:48 - 00000000 ____D () C:\Users\steve\Documents\Garmin
2014-08-26 16:46 - 2014-08-26 16:46 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-08-26 16:46 - 2014-08-26 16:46 - 00000000 ____D () C:\Users\steve\AppData\Local\Garmin
2014-08-26 16:46 - 2014-08-26 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-08-26 16:46 - 2014-08-26 16:46 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-26 16:46 - 2014-03-15 17:59 - 00000000 ____D () C:\Program Files\DIFX
2014-08-26 16:46 - 2014-03-01 18:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-26 13:46 - 2009-07-13 22:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140916-123048.backup
2014-08-25 00:48 - 2013-12-31 16:38 - 00000000 ____D () C:\Users\steve\AppData\Local\CutePDF Writer
 
Some content of TEMP:
====================
C:\Users\steve\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-16 13:10
 
==================== End Of Log ============================
 
 
And the FRST Addition scan log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2014 01
Ran by steve at 2014-09-22 14:58:57
Running from C:\Users\steve\Desktop\UTILS\Security\FRST
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Advanced Outlook Repair v3.2 (HKLM-x32\...\Advanced Outlook Repair v3.2) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{b64ca997-b626-4abb-a046-5ca2d92ed659}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Python 3.4.1 (64-bit) (HKLM\...\{d54842cb-f761-30ba-881f-1ff821dc44df}) (Version: 3.4.1150 - Python Software Foundation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Windows Driver Package - Amazon.com (WinUSB) KindleFireUsbDeviceClass  (08/20/2012 1.0.0000.00000) (HKLM\...\289137531F7C014BF296EFFBFC7E3748A293FEE9) (Version: 08/20/2012 1.0.0000.00000 - Amazon.com)
Windows Driver Package - Amazon.com (WinUSB) KindleFireUsbDeviceClass  (12/03/2012 1.2.0000.00000) (HKLM\...\32F8755FAEB4107085D8EB430DFE56CD6E5ADDB7) (Version: 12/03/2012 1.2.0000.00000 - Amazon.com)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
15-09-2014 22:25:46 tp410 9-15-14
16-09-2014 21:22:36 Windows Update
18-09-2014 20:06:00 Removed Java 7 Update 67
18-09-2014 20:06:26 Installed Java 7 Update 67
20-09-2014 04:47:46 Windows Update
21-09-2014 01:21:14 Installed Java 7 Update 67 (64-bit)
21-09-2014 01:30:44 Removed Java 7 Update 67
21-09-2014 01:31:05 Installed Java 7 Update 67
21-09-2014 02:17:32 Malwarebytes Anti-Rootkit Restore Point
22-09-2014 14:58:54 Installed Python 3.4.1 (64-bit)
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2014-09-18 10:14 - 00001394 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
107.181.174.68 www.google-analytics.com.
107.181.174.68 google-analytics.com.
107.181.174.68 connect.facebook.net.
188.40.62.184 www.google-analytics.com.
188.40.62.184 google-analytics.com.
188.40.62.184 connect.facebook.net.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {008A923E-C3E8-4C89-9DDC-0E5CE7BDAC14} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-11-15] (Synaptics Incorporated)
Task: {0CA725FD-1C1E-43AC-9163-4C239B6573A6} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-17] (Lenovo)
Task: {1A6EA1C7-E8B4-48BE-823A-2D065C1C36FA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-20] (Google Inc.)
Task: {30689D0D-01B1-493D-9621-E4A6B3B39200} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {3CC8D0B2-FEEB-4ECE-AC55-EC5596A35F51} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {44FD3413-3C9A-447A-8855-470202606F64} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {865E732D-61B7-4F57-BF60-74ACF936ABDF} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe [2013-11-18] (Glarysoft Ltd)
Task: {8A66144F-87D3-4675-A1EF-B9AC7AB4C889} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2013-09-03] (Lenovo Group Limited)
Task: {8E1E1620-796D-497E-B1BB-933A51383B33} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {AD888152-0396-4451-9A8B-BD249B105C2C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-20] (Adobe Systems Incorporated)
Task: {B6139BB7-A623-4371-A830-3A37BF6A573C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {C4972512-8460-48F0-B727-CB10EADCD258} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
Task: {ED198D4C-0225-4E3D-8EE1-F17CDD07BF43} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-17] ()
Task: {F4913603-B9DA-4F60-A9CE-75B552099E97} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-20] (Google Inc.)
Task: {F550C64C-C81E-4625-B486-E1914D00A396} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-14] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-12-21 22:56 - 2013-10-23 16:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2013-12-20 22:32 - 2013-06-26 00:30 - 01357824 _____ () C:\Program Files\Everything\Everything.exe
2014-09-16 01:42 - 2014-09-16 01:42 - 03140096 _____ () C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
2014-09-22 14:02 - 2014-09-22 14:02 - 02498560 _____ () C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
2013-08-07 20:14 - 2011-10-26 20:41 - 00126464 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2013-06-27 12:26 - 2011-09-01 06:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-08-07 09:52 - 2013-09-03 07:03 - 00104448 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2013-08-07 20:14 - 2011-10-26 20:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2014-07-14 11:18 - 2014-07-14 11:18 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-22 10:54 - 2014-09-22 10:54 - 02864640 _____ () C:\Program Files\AVAST Software\Avast\defs\14092200\algo.dll
2014-09-22 14:02 - 2014-09-22 14:02 - 02865152 _____ () C:\Program Files\AVAST Software\Avast\defs\14092201\algo.dll
2013-12-20 14:05 - 2013-09-04 12:19 - 00098888 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2013-12-20 14:05 - 2013-11-14 15:59 - 00031304 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll
2013-12-20 14:05 - 2013-09-04 12:19 - 00029768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2013-12-20 14:05 - 2008-11-25 18:18 - 01291264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2013-12-20 14:05 - 2004-10-05 04:08 - 00055808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2013-12-20 14:05 - 2013-09-04 12:19 - 00050248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2013-12-20 14:05 - 2013-10-24 18:46 - 00106568 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2013-12-20 14:05 - 2013-09-04 12:19 - 00030280 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2013-12-20 14:05 - 2013-09-04 12:19 - 00293960 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll
2013-12-20 14:05 - 2013-09-04 12:19 - 00578632 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2013-12-20 14:05 - 2013-09-04 12:19 - 00468040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll
2013-12-20 14:05 - 2013-09-04 12:19 - 00192072 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2013-12-20 14:05 - 2013-09-04 12:19 - 00068680 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2013-12-20 14:05 - 2013-09-04 12:19 - 00069192 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2013-12-20 14:05 - 2013-09-04 12:19 - 00022600 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2013-12-20 14:05 - 2013-09-04 12:19 - 00115784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2013-12-20 14:05 - 2013-09-04 12:19 - 00192584 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2013-12-20 14:05 - 2013-09-04 12:19 - 00135752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2013-12-20 14:05 - 2013-10-22 18:31 - 00037960 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2013-12-20 14:05 - 2013-09-04 12:19 - 00135240 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2013-12-20 14:05 - 2013-09-04 12:19 - 00249928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\uexper.dll
2013-12-20 14:05 - 2013-09-04 12:19 - 00096840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
2011-10-27 19:56 - 2011-10-27 19:56 - 00276992 _____ () C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommSdk.dll
2014-03-05 15:23 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-05 15:23 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-05 15:23 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-05 15:23 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-05 15:23 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-08-20 20:02 - 2013-08-20 20:02 - 00092456 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2013-11-18 23:56 - 2013-11-18 23:56 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 4\zlib1.dll
2014-07-14 11:18 - 2014-07-14 11:18 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-13 10:23 - 2014-03-13 10:23 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
2014-03-13 10:24 - 2014-03-13 10:24 - 00040264 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
2014-03-13 10:24 - 2014-03-13 10:24 - 00239944 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
2014-03-13 10:24 - 2014-03-13 10:24 - 00026952 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
2013-11-26 11:34 - 2013-11-26 11:34 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
2014-03-13 10:24 - 2014-03-13 10:24 - 00125256 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
2014-03-13 10:24 - 2014-03-13 10:24 - 00016200 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
2014-03-13 10:24 - 2014-03-13 10:24 - 00024904 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
2014-03-13 10:24 - 2014-03-13 10:24 - 00017224 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
2014-03-13 10:24 - 2014-03-13 10:24 - 00015176 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
2014-03-13 10:24 - 2014-03-13 10:24 - 00034632 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
2014-03-13 10:24 - 2014-03-13 10:24 - 00018760 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
2014-03-13 10:24 - 2014-03-13 10:24 - 00092488 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
2014-03-13 10:24 - 2014-03-13 10:24 - 00149832 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
2014-03-13 10:24 - 2014-03-13 10:24 - 00178504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
2014-09-22 14:02 - 2014-09-22 14:02 - 00098816 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\win32api.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00110080 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\pywintypes27.dll
2014-09-22 14:02 - 2014-09-22 14:02 - 00364544 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\pythoncom27.dll
2014-09-22 14:02 - 2014-09-22 14:02 - 00045568 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\_socket.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 01160704 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\_ssl.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00320512 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\win32com.shell.shell.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00713216 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\_hashlib.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 01175040 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\wx._core_.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00805888 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\wx._gdi_.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00811008 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\wx._windows_.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 01062400 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\wx._controls_.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00735232 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\wx._misc_.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00128512 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\_elementtree.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00127488 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\pyexpat.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00557056 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\pysqlite2._sqlite.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00007168 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\hashobjs_ext.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00087552 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\_ctypes.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00119808 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\win32file.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00108544 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\win32security.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00018432 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\win32event.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00038912 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\win32inet.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00070656 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\wx._html2.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00167936 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\win32gui.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00011264 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\win32crypt.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00027136 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\_multiprocessing.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00686080 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\unicodedata.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00122368 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\wx._wizard.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00010240 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\select.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00024064 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\win32pipe.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00025600 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\win32pdh.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00525640 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\windows._lib_cacheinvalidation.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00035840 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\win32process.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00017408 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\win32profile.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00022528 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\win32ts.pyd
2014-09-22 14:02 - 2014-09-22 14:02 - 00078336 _____ () C:\Users\steve\AppData\Local\Temp\_MEI54082\wx._animate.pyd
2014-09-09 18:09 - 2014-09-03 23:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-09 18:09 - 2014-09-03 23:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-09 18:09 - 2014-09-03 23:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-09 18:09 - 2014-09-03 23:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-09 18:09 - 2014-09-03 23:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57
AlternateDataStreams: C:\ProgramData\TEMP:E5A9D792
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: EaseUs TB Tray Agent => "C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe"
MSCONFIG\startupreg: EaseUs Tray => "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
MSCONFIG\startupreg: EaseUs Watch => "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: ForteConfig => C:\Program Files\Conexant\ForteConfig\fmapp.exe
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: TpShocks => TpShocks.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Intel® Core™ i5 CPU       M 520  @ 2.40GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.
 
Name: Intel® Core™ i5 CPU       M 520  @ 2.40GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.
 
Name: Intel® Core™ i5 CPU       M 520  @ 2.40GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.
 
Name: Intel® Core™ i5 CPU       M 520  @ 2.40GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/22/2014 02:56:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/22/2014 02:01:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/22/2014 01:34:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/22/2014 11:43:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/22/2014 11:43:18 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/22/2014 11:39:12 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/22/2014 10:53:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/21/2014 05:24:30 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/21/2014 04:42:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/21/2014 04:42:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (09/22/2014 02:01:45 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004
 
Error: (09/22/2014 02:01:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error: 
%%1053
 
Error: (09/22/2014 02:01:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
 
Error: (09/22/2014 02:01:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:00:16 PM on ‎9/‎22/‎2014 was unexpected.
 
Error: (09/22/2014 11:39:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Crypkey License service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/22/2014 11:39:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Cisco AnyConnect Secure Mobility Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (09/22/2014 10:53:32 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004
 
Error: (09/22/2014 10:53:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error: 
%%1053
 
Error: (09/22/2014 10:53:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
 
Error: (09/22/2014 10:53:15 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:17:36 AM on ‎9/‎22/‎2014 was unexpected.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 35%
Total physical RAM: 5939.67 MB
Available physical RAM: 3859.32 MB
Total Pagefile: 11877.52 MB
Available Pagefile: 9567.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:219.51 GB) (Free:48.04 GB) NTFS
Drive e: (WMS - Zeus II) (CDROM) (Total:0.34 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 52B4AFB5)
Partition 1: (Active) - (Size=4.1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=219.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 AM

Posted 22 September 2014 - 02:49 PM

Ok, now please do the following:


Step 1

Please download this attached Attached File  fixlist.txt   838bytes   5 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 stevenp61

stevenp61
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 22 September 2014 - 04:01 PM

Here's the Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-09-2014 01
Ran by steve at 2014-09-22 16:53:39 Run:1
Running from C:\Users\steve\Desktop\UTILS\Security\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
HKU\S-1-5-21-749296369-316787904-2774653599-1001\...\Run: [Orics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\steve\AppData\Local\Ebtion\PythonctrlTime.dll
HKU\S-1-5-21-749296369-316787904-2774653599-1001\...\Run: [Igsoft] => regsvr32.exe C:\Users\steve\AppData\Local\Igsoft\SysUserKit4.dll <===== ATTENTION
C:\Users\steve\AppData\Local\Ebtion
C:\Users\steve\AppData\Local\Igsoft
HKU\S-1-5-21-749296369-316787904-2774653599-1001\...\Policies\Explorer: [Run] "C:\Users\steve\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exe"
C:\Users\steve\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exe
ShellIconOverlayIdentifiers: 1SecureIconsProvider -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
C:\ProgramData\Microsoft\Secure
Hosts:
EmptyTemp:
 
*****************
 
Processes closed successfully.
HKU\S-1-5-21-749296369-316787904-2774653599-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Orics => value deleted successfully.
HKU\S-1-5-21-749296369-316787904-2774653599-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Igsoft => value deleted successfully.
C:\Users\steve\AppData\Local\Ebtion => Moved successfully.
C:\Users\steve\AppData\Local\Igsoft => Moved successfully.
HKU\S-1-5-21-749296369-316787904-2774653599-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\Run => value deleted successfully.
"C:\Users\steve\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exe" => File/Directory not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1SecureIconsProvider" => Key deleted successfully.
"HKCR\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA}" => Key deleted successfully.
 
"C:\ProgramData\Microsoft\Secure" directory move:
 
C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll => Moved successfully.
Could not move "C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll" => Scheduled to move on reboot.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp847D.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\zepplauncher.mif => Moved successfully.
Could not move "C:\ProgramData\Microsoft\Secure" directory. => Scheduled to move on reboot.
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 199.5 MB temporary data.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-22 16:55:23)<=
 
C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll => Is moved successfully.
C:\ProgramData\Microsoft\Secure => Is moved successfully.
 
==== End of Fixlog ====
 
 
 
 
 
And here's the FRST log, from the san after the fix and reboot:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by steve (administrator) on STEVE-PC on 22-09-2014 16:56:53
Running from C:\Users\steve\Desktop\UTILS\Security\FRST
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
() C:\Program Files\Everything\Everything.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Livescribe) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 4\Integrator.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files\Everything\Everything.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(FSL - Freesoftland) C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-08-20] (Lenovo)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1357824 2013-06-26] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2010-05-03] (Intel Corporation)
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-03-13] (Sony Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-749296369-316787904-2774653599-1001\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2013-04-11] ()
HKU\S-1-5-21-749296369-316787904-2774653599-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-749296369-316787904-2774653599-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-749296369-316787904-2774653599-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-749296369-316787904-2774653599-1001\...\MountPoints2: {705eebea-def1-11e3-9e9d-f0def1074b92} - G:\LaunchU3.exe -a
HKU\S-1-5-21-749296369-316787904-2774653599-1001\...\MountPoints2: {787f167b-ffbe-11e2-837a-00235ad6da54} - E:\WMS_Auto.exe
HKU\S-1-5-21-749296369-316787904-2774653599-1001\...\MountPoints2: {a129da56-c64a-11e3-b512-f0def1074b92} - F:\LaunchU3.exe -a
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
Startup: C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconRestorer.lnk
ShortcutTarget: IconRestorer.lnk -> C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe (FSL - Freesoftland)
Startup: C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xwizard.lnk
ShortcutTarget: xwizard.lnk -> C:\Users\steve\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exe (No File)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk *  sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {890405EF-6F66-4282-8B0D-E57EBEF6B915} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - DataVault Bar - {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files (x86)\DataVault\ie64.dll ()
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKLM-x32 - DataVault Bar - {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files (x86)\DataVault\ie.dll ()
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{2EAD6592-66D5-4060-BF0A-7032A849D6BA}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{7C5A5F03-917C-43B5-B627-61A44C154C4C}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{CFD0AE7B-A652-4FFF-B4BE-E750853AFD51}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{D61CE6B7-261A-43DC-9E6B-63D2B089C460}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{E7B84712-7320-4B6A-8B58-F702691B2D05}: [NameServer] 8.8.8.8,8.8.8.8,4.2.2.1,209.184.47.61
 
FireFox:
========
FF ProfilePath: C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\4bmq4opk.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @ascendo-inc/DataVault;version=1 -> C:\Program Files (x86)\DataVault\npapi.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @sony.com/eBookLibrary -> C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\4bmq4opk.default\searchplugins\yahoo-avast.xml
FF Extension: Xmarks - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\4bmq4opk.default\Extensions\foxmarks@kei.com [2014-06-23]
FF Extension: LastPass - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\4bmq4opk.default\Extensions\support@lastpass.com [2014-03-05]
FF Extension: Forecastfox - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\4bmq4opk.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2013-12-21]
FF Extension: Flashblock - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\4bmq4opk.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-12-20]
FF Extension: DownloadHelper - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\4bmq4opk.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-14]
FF Extension: Classic Compact Options - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\4bmq4opk.default\Extensions\notreal.ccoptions@environmentalchemistry.com.xpi [2013-12-20]
FF Extension: ScrapBook MAF Creator - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\4bmq4opk.default\Extensions\{1544D611-955F-4ceb-95D3-82C720C29EAE}.xpi [2014-03-07]
FF Extension: ScrapBook - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\4bmq4opk.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2014-03-07]
FF Extension: classiccompact - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\4bmq4opk.default\Extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}.xpi [2013-12-20]
FF Extension: Tab Mix Plus - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\4bmq4opk.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [datavault@ascendo.inc] - C:\Program Files (x86)\DataVault\firefox
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-20]
 
Chrome: 
=======
CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Stop YouTube HTML5 Autoplay) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkibmginjljbmmpgnipfbcbmkcodaap [2014-09-06]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-08-26]
CHR Extension: (Google Docs) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-20]
CHR Extension: (Google Drive) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-20]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-07]
CHR Extension: (Google Search) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-20]
CHR Extension: (FlashFree) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebmieckllmmifjjbipnppinpiohpfahm [2014-09-07]
CHR Extension: (FlashBlock) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl [2014-09-07]
CHR Extension: (avast! Online Security) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-05]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-08-26]
CHR Extension: (FVD Downloader) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2014-09-07]
CHR Extension: (Stop Autoplay for Youtube™ Extended) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnpbhnhmmjioijfgilcohbknkgfmpa [2014-09-07]
CHR Extension: (Google Wallet) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-20]
CHR Extension: (Gmail) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-20]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\steve\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-08-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [idbmmgcdhhiblollphopejjpnkpdgbii] - C:\Program Files (x86)\DataVault\extension.crx [2013-03-09]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-14] (AVAST Software)
S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-09-09] (Research In Motion Limited) [File not signed]
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-09-03] (Lenovo.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [69192 2013-10-11] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 Everything; C:\Program Files\Everything\Everything.exe [1357824 2013-06-26] () [File not signed]
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2007-11-28] (Sony Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2007-11-28] (Sony Corporation) [File not signed]
R2 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [470528 2011-10-27] (Livescribe) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2010-04-02] (Sony Corporation) [File not signed]
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2007-11-28] (Sony Corporation) [File not signed]
S3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2013-04-25] (WiseCleaner.com)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-14] ()
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17088 2013-11-17] (Glarysoft Ltd)
S3 BXOIS; C:\Windows\system32\drivers\bxois.sys [533544 2010-12-10] (Broadcom Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [61000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2013-09-04] () [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [18504 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-10-28] (Intel Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2014-09-20] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-06-27] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [41272 2012-10-18] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-22 16:54 - 2014-09-22 16:54 - 00001992 _____ () C:\Windows\PFRO.log
2014-09-22 14:57 - 2014-09-22 16:56 - 00000000 ____D () C:\FRST
2014-09-22 10:59 - 2014-09-22 10:59 - 00000000 ____D () C:\Python34
2014-09-22 10:59 - 2014-09-22 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2014-09-22 10:53 - 2014-09-22 16:54 - 00000372 _____ () C:\Windows\error.log
2014-09-22 10:53 - 2014-09-22 16:54 - 00000168 _____ () C:\Windows\setupact.log
2014-09-22 10:53 - 2014-09-22 16:54 - 00000084 _____ () C:\Windows\errord.log
2014-09-22 10:53 - 2014-09-22 10:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-21 13:11 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-21 13:10 - 2014-09-22 11:42 - 00000000 ____D () C:\AdwCleaner
2014-09-21 13:07 - 2014-09-21 13:07 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-20 22:00 - 2014-09-22 12:02 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-20 21:31 - 2014-09-20 21:31 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-20 21:31 - 2014-09-20 21:31 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-20 21:31 - 2014-09-20 21:31 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-20 21:31 - 2014-09-20 21:31 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-20 21:31 - 2014-09-20 21:31 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-20 21:21 - 2014-09-20 21:21 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-20 21:21 - 2014-09-20 21:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-20 21:21 - 2014-09-20 21:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-20 21:21 - 2014-09-20 21:21 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-20 15:55 - 2014-09-20 15:55 - 00000000 __SHD () C:\Users\steve\AppData\Local\EmieUserList
2014-09-20 15:55 - 2014-09-20 15:55 - 00000000 __SHD () C:\Users\steve\AppData\Local\EmieSiteList
2014-09-18 10:14 - 2014-09-18 10:14 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-09-16 00:41 - 2014-09-16 00:44 - 00001131 _____ () C:\Windows\SysWOW64\rsrorx32.LOG
2014-09-15 18:28 - 2014-09-15 18:28 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced Outlook Repair
2014-09-15 18:28 - 2014-09-15 18:28 - 00000000 ____D () C:\Program Files (x86)\AOR
2014-09-15 18:21 - 2014-09-16 10:13 - 00000000 ____D () C:\Users\steve\Desktop\outlook mipl
2014-09-15 18:21 - 2014-09-15 18:21 - 00000000 ____D () C:\Users\steve\Desktop\DataNumen Advanced Outlook Repair 3.4 [vokeon]
2014-09-02 12:40 - 2014-09-02 12:41 - 00000000 ____D () C:\Users\steve\Desktop\NYC
2014-09-01 08:53 - 2014-09-01 08:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-01 00:58 - 2014-09-21 13:39 - 00000000 ____D () C:\Users\steve\Desktop\NMR
2014-08-26 16:48 - 2014-08-26 16:48 - 00000000 ____D () C:\Users\steve\Documents\Garmin
2014-08-26 16:46 - 2014-08-26 18:11 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Garmin
2014-08-26 16:46 - 2014-08-26 18:11 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-26 16:46 - 2014-08-26 16:46 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-08-26 16:46 - 2014-08-26 16:46 - 00000000 ____D () C:\Users\steve\AppData\Local\Garmin
2014-08-26 16:46 - 2014-08-26 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-08-26 16:46 - 2014-08-26 16:46 - 00000000 ____D () C:\ProgramData\Garmin
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-22 16:56 - 2014-09-22 14:57 - 00000000 ____D () C:\FRST
2014-09-22 16:55 - 2014-07-04 21:55 - 00000000 ___RD () C:\Users\steve\Google Drive
2014-09-22 16:55 - 2014-07-04 15:24 - 00000328 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-09-22 16:54 - 2014-09-22 16:54 - 00001992 _____ () C:\Windows\PFRO.log
2014-09-22 16:54 - 2014-09-22 10:53 - 00000372 _____ () C:\Windows\error.log
2014-09-22 16:54 - 2014-09-22 10:53 - 00000168 _____ () C:\Windows\setupact.log
2014-09-22 16:54 - 2014-09-22 10:53 - 00000084 _____ () C:\Windows\errord.log
2014-09-22 16:54 - 2013-12-20 22:33 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-09-22 16:54 - 2013-12-20 13:33 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-22 16:54 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-22 16:53 - 2014-07-09 18:30 - 01802298 _____ () C:\Windows\WindowsUpdate.log
2014-09-22 16:51 - 2013-12-15 19:25 - 00000000 ____D () C:\Users\steve\Desktop\DLs
2014-09-22 16:47 - 2014-05-29 17:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-22 16:47 - 2013-12-20 13:33 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-22 14:08 - 2009-07-14 00:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-22 14:08 - 2009-07-14 00:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-22 14:07 - 2009-07-14 01:13 - 00785302 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-22 14:02 - 2013-12-20 18:48 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-22 14:00 - 2013-12-20 22:32 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Everything
2014-09-22 12:02 - 2014-09-20 22:00 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-22 11:42 - 2014-09-21 13:10 - 00000000 ____D () C:\AdwCleaner
2014-09-22 11:40 - 2014-07-09 11:47 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 10:59 - 2014-09-22 10:59 - 00000000 ____D () C:\Python34
2014-09-22 10:59 - 2014-09-22 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2014-09-22 10:53 - 2014-09-22 10:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-22 02:42 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 13:45 - 2013-12-07 20:40 - 00000000 ____D () C:\Users\steve\Desktop\fun
2014-09-21 13:42 - 2013-12-07 20:50 - 00000000 ____D () C:\Users\steve\Desktop\Pinball
2014-09-21 13:41 - 2014-03-18 19:17 - 00000000 ____D () C:\Users\steve\Desktop\KINDLE ROOT
2014-09-21 13:39 - 2014-09-01 00:58 - 00000000 ____D () C:\Users\steve\Desktop\NMR
2014-09-21 13:07 - 2014-09-21 13:07 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-20 22:19 - 2014-07-09 11:47 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-20 22:18 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\addins
2014-09-20 21:50 - 2014-01-18 14:21 - 00000000 ____D () C:\Users\steve\AppData\Roaming\vlc
2014-09-20 21:31 - 2014-09-20 21:31 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-20 21:31 - 2014-09-20 21:31 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-20 21:31 - 2014-09-20 21:31 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-20 21:31 - 2014-09-20 21:31 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-20 21:31 - 2014-09-20 21:31 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-20 21:31 - 2013-12-19 03:57 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-20 21:21 - 2014-09-20 21:21 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-20 21:21 - 2014-09-20 21:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-20 21:21 - 2014-09-20 21:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-20 21:21 - 2014-09-20 21:21 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-20 21:21 - 2014-01-18 22:03 - 00000000 ____D () C:\Program Files\Java
2014-09-20 21:19 - 2014-05-29 17:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-20 21:19 - 2013-08-07 20:13 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-20 21:19 - 2013-08-07 20:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-20 17:02 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-09-20 16:50 - 2013-12-20 22:36 - 00000000 ____D () C:\Users\steve\AppData\Roaming\uTorrent
2014-09-20 15:55 - 2014-09-20 15:55 - 00000000 __SHD () C:\Users\steve\AppData\Local\EmieUserList
2014-09-20 15:55 - 2014-09-20 15:55 - 00000000 __SHD () C:\Users\steve\AppData\Local\EmieSiteList
2014-09-18 16:01 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\Performance
2014-09-18 10:14 - 2014-09-18 10:14 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-09-18 02:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-16 12:29 - 2014-03-05 15:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-16 10:13 - 2014-09-15 18:21 - 00000000 ____D () C:\Users\steve\Desktop\outlook mipl
2014-09-16 00:44 - 2014-09-16 00:41 - 00001131 _____ () C:\Windows\SysWOW64\rsrorx32.LOG
2014-09-16 00:43 - 2013-12-20 19:59 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-15 18:28 - 2014-09-15 18:28 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced Outlook Repair
2014-09-15 18:28 - 2014-09-15 18:28 - 00000000 ____D () C:\Program Files (x86)\AOR
2014-09-15 18:21 - 2014-09-15 18:21 - 00000000 ____D () C:\Users\steve\Desktop\DataNumen Advanced Outlook Repair 3.4 [vokeon]
2014-09-14 19:10 - 2014-01-04 17:42 - 00000000 ____D () C:\Users\steve\Desktop\BB
2014-09-13 16:41 - 2014-01-04 17:20 - 00001463 _____ () C:\Users\steve\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-09-13 16:41 - 2014-01-04 17:20 - 00001463 _____ () C:\Users\steve\AppData\Roaming\Rim.Desktop.Exception.log
2014-09-02 12:41 - 2014-09-02 12:40 - 00000000 ____D () C:\Users\steve\Desktop\NYC
2014-09-02 12:40 - 2013-12-25 15:55 - 00000000 ____D () C:\Users\steve\Desktop\Anna's Docs
2014-09-02 12:38 - 2013-12-15 19:19 - 00000000 ____D () C:\Users\steve\Desktop\Dr Brenner
2014-09-01 20:07 - 2014-07-09 18:22 - 00000000 ____D () C:\Program Files (x86)\DataVault
2014-09-01 20:07 - 2014-05-29 18:42 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-09-01 20:07 - 2014-04-28 15:08 - 00000000 ____D () C:\Program Files\MediaInfo
2014-09-01 20:07 - 2014-04-19 01:18 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-01 20:07 - 2014-04-05 18:52 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-09-01 20:07 - 2013-12-20 22:32 - 00000000 ____D () C:\Program Files\Everything
2014-09-01 08:54 - 2014-09-01 08:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-01 00:59 - 2014-04-09 14:21 - 00000000 ____D () C:\Users\steve\Desktop\SPM job search 2014
2014-08-29 13:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-28 18:11 - 2013-12-08 00:10 - 00000000 ____D () C:\Users\steve\Desktop\Travel
2014-08-26 23:10 - 2013-12-07 19:58 - 00000000 ____D () C:\Users\steve\Desktop\AV-gadgets
2014-08-26 18:11 - 2014-08-26 16:46 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Garmin
2014-08-26 18:11 - 2014-08-26 16:46 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-26 16:48 - 2014-08-26 16:48 - 00000000 ____D () C:\Users\steve\Documents\Garmin
2014-08-26 16:46 - 2014-08-26 16:46 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-08-26 16:46 - 2014-08-26 16:46 - 00000000 ____D () C:\Users\steve\AppData\Local\Garmin
2014-08-26 16:46 - 2014-08-26 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-08-26 16:46 - 2014-08-26 16:46 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-26 16:46 - 2014-03-15 17:59 - 00000000 ____D () C:\Program Files\DIFX
2014-08-26 16:46 - 2014-03-01 18:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-26 13:46 - 2009-07-13 22:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140916-123048.backup
2014-08-25 00:48 - 2013-12-31 16:38 - 00000000 ____D () C:\Users\steve\AppData\Local\CutePDF Writer
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-16 13:10
 
==================== End Of Log ============================


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 AM

Posted 22 September 2014 - 07:21 PM

Hi,

it's looking better already. How is your computer running now? What problems or symptoms are still present (if any)?


Step 1

Please download this attached Attached File  fixlist.txt   211bytes   1 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif

#7 stevenp61

stevenp61
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 22 September 2014 - 11:13 PM

Done, and done. Haven't been using the computer until now to check/apply fixes; feeling a bit exposed.

 

 

Here are the Fixlog and Hitman log. 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-09-2014 01
Ran by steve at 2014-09-23 00:05:25 Run:2
Running from C:\Users\steve\Desktop\UTILS\Security\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Startup: C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xwizard.lnk
ShortcutTarget: xwizard.lnk -> C:\Users\steve\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exe (No File)
 
*****************
 
C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xwizard.lnk => Moved successfully.
C:\Users\steve\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exe not found.
 
==== End of Fixlog ====
 
 
HitmanPro 3.7.9.225
www.hitmanpro.com
 
   Computer name . . . . : STEVE-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : steve-PC\steve
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-09-23 00:07:28
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 31s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 7
 
   Objects scanned . . . : 1,871,507
   Files scanned . . . . : 109,747
   Remnants scanned  . . : 389,167 files / 1,372,593 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\steve\Desktop\UTILS\Security\FRST\FRST64.exe
      Size . . . . . . . : 2,105,856 bytes
      Age  . . . . . . . : 0.4 days (2014-09-22 14:56:23)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : B36B465C69EE92024F9E2935C5CFBAE2683E2028A2FD0A8034A4187C4A7E36E7
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\steve\Desktop\UTILS\Security\FRST\FRST64.exe
          0.0s C:\Users\steve\Desktop\UTILS\Security\FRST\FRST64.exe
          0.0s C:\Users\steve\Desktop\UTILS\Security\FRST\FRST64.exe
 
 
Potential Unwanted Programs _________________________________________________
 
   HKLM\SOFTWARE\Wow6432Node\Taronja\ (MyStart)
   HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro)
   HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro)
   HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro)
   HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro)
 
Cookies _____________________________________________________________________
 
   C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
 
 
 


#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 AM

Posted 23 September 2014 - 03:53 PM

It's looking good. :)

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#9 stevenp61

stevenp61
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 23 September 2014 - 04:30 PM

Thx!! Everything looks clean (ran ESET scan again) and no misdirected webpages now. Beer donated. :)



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 AM

Posted 23 September 2014 - 04:39 PM

Thank you very much for the beer.
Take care.

#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 AM

Posted 23 September 2014 - 04:39 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users