Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Machine Hangs [memory leak?] & Cannot Restore


  • This topic is locked This topic is locked
11 replies to this topic

#1 herbvan

herbvan

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 AM

Posted 12 October 2014 - 03:31 PM

My pc has started to hang after a period of uptime (usually a few hours) and I cannot determine the cause.  Research has indicated a memory leak or some sort of malware.  Any System restore attemts have failed to complete and issue an error.  I've run all of the diagnostic programs that I can think of and I'm getting real frustrated.   In an attempt to fine this mysterious "Leak", I started to shut off services but haven't been sucessfull yet.
 
 
Please fined the attached file with my system info. 
 
Thank you,
Herb

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/10/2014 6:34:09 AM
System Uptime: 10/12/2014 2:09:17 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0MFT5X
Processor: Intel® Core™ i7-4510U CPU @ 2.00GHz | SOCKET 0 | 1980/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 912 GiB total, 377.487 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.22beta
Accidental Damage Services Agreement
Adblock Plus for IE (32-bit and 64-bit)
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Photoshop 7.0
Adobe Reader XI MUI
Adobe Reader XI (11.0.09)
Adobe Setup
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Aimersoft DVD Copy(Build 2.5.1.5)
Apple Software Update
Audacity 2.0.5
Auslogics BoostSpeed 7
Banctec Service Agreement
Belarc Advisor 8.4
Beyond Compare 3.3.12
Bulk Rename Utility 2.7.1.3
Canon CanoScan Toolbox 5.0
Canon MP Navigator EX 4.0
CanoScan LiDE 110 Scanner Driver
Carbonite
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
ClipX
Complete Care Business Service Agreement
Consumer In-Home Service Agreement
Coupon Printer for Windows
CPUID CPU-Z 1.70
CuteFTP 9
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Backup and Recovery
Dell Backup and Recovery - Support Software
Dell Digital Delivery
Dell Edoc Viewer
Dell Home Systems Service Agreement
Dell System Detect
Dell Touchpad
Dropbox
DSC/AA Factory Installer
DW WLAN Card Utility
EaseUS Todo Backup Home 6.5
Easy Graphic Converter 1.2
eM Client
File Uploader
Free FreeCell Solitaire 2012 v2.1
Free Spider Solitaire v5.0
Google Chrome
Google Update Helper
GreenCloud Printer 7.7.2.1
HD Tune Pro 5.50
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Java 7 Update 67
Java Auto Updater
Jump Desktop
LAME v3.99.3 (for Windows)
Light Image Resizer 4.6.5.0
Logitech Solar App 1.10
Logo Design Studio Pro
LSI USB 2.0 Soft Modem
Malwarebytes Anti-Malware version 2.0.2.1012
McAfee Internet Security
McAfee SiteAdvisor
Media Jukebox 14
melon 3.78
Microsoft .NET Framework 4.5.1
Microsoft Office
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 32.0.3 (x86 en-US)
Mozilla Maintenance Service
MP3 Audio Editor v9.6.2
Mp3Doctor PRO
Mp3Gain PRO
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MusicTracker 1.0
My Dell
Nikon Message Center
Nikon Transfer
Nuance PDF Converter Professional 7
Pinnacle Studio 12
Pinnacle Video Driver
Premium Service Agreement
QualxServ Service Agreement
Quickset64
Realtek Card Reader
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Scansoft PDF Professional
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shared C Run-time for x64
Shutdown Command 1.1
Skype™ 6.21
Snarl 3.1
Solitaire XP version 1.2
Spider Solitaire
TightVNC 2.0.2
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition
USB VGA Display Driver
VideoPad Video Editor
VLC media player
WavePad Sound Editor
WIDCOMM Bluetooth Software
WinMerge 2.14.0
Wireless Audio - Multiroom for Desktop
.
==== Event Viewer Messages From Past Week ========
.
10/8/2014 12:01:58 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
10/5/2014 10:17:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
10/5/2014 10:17:53 PM, Error: Service Control Manager [7000] - The MBAMScheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/12/2014 5:41:07 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
10/12/2014 5:41:07 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/12/2014 2:49:54 PM, Error: Service Control Manager [7034] - The VPDAgent service terminated unexpectedly. It has done this 1 time(s).
10/12/2014 2:44:05 PM, Error: Service Control Manager [7034] - The EaseUS Agent Service service terminated unexpectedly. It has done this 1 time(s).
10/12/2014 2:14:07 PM, Error: Service Control Manager [7000] - The Dell Digital Delivery Service service failed to start due to the following error: The system cannot find the file specified.
10/12/2014 2:10:09 PM, Error: Service Control Manager [7000] - The Agere Modem Call Progress Audio service failed to start due to the following error: The system cannot find the file specified.
10/12/2014 2:10:05 PM, Error: Service Control Manager [7000] - The DW WLAN Tray Service service failed to start due to the following error: The system cannot find the file specified.
10/12/2014 11:08:54 AM, Error: Service Control Manager [7034] - The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).
10/12/2014 10:39:00 AM, Error: Service Control Manager [7031] - The Virtual Disk service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/12/2014 10:31:47 AM, Error: Service Control Manager [7034] - The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s).
10/12/2014 10:30:29 AM, Error: Service Control Manager [7034] - The Andrea RT Filters Service service terminated unexpectedly. It has done this 1 time(s).
10/12/2014 10:25:39 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.
10/11/2014 8:38:38 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/11/2014 7:28:33 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa800f4abb30, 0xfffffa800f4abe10, 0xfffff80003be1270). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101114-47471-01.
10/11/2014 7:09:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
10/11/2014 7:09:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {C90134D2-4AE9-407A-919A-4A2EF09C6C51}
10/11/2014 7:07:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/11/2014 7:06:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/11/2014 7:06:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/11/2014 7:06:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/11/2014 7:06:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/11/2014 7:05:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/11/2014 7:05:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
10/11/2014 7:05:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/11/2014 7:04:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache EUDSKACS EUFDDISK mfehidk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
10/11/2014 7:04:57 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/11/2014 7:04:57 PM, Error: Service Control Manager [7001] - The VPDAgent service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
10/11/2014 7:04:57 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/11/2014 7:04:57 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/11/2014 7:04:57 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/11/2014 7:04:57 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/11/2014 7:04:57 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/11/2014 7:04:57 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/11/2014 7:04:57 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
10/11/2014 7:04:57 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
10/11/2014 7:04:57 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
10/11/2014 7:04:57 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
10/11/2014 7:04:57 PM, Error: Service Control Manager [7001] - The McAfee AP Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
10/11/2014 7:04:57 PM, Error: Service Control Manager [7001] - The McAfee Anti-Malware Core service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
10/11/2014 7:04:57 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/11/2014 7:04:57 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/11/2014 12:00:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Jump Desktop Service service to connect.
10/11/2014 12:00:32 PM, Error: Service Control Manager [7000] - The Jump Desktop Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/11/2014 11:59:38 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa800673eb50, 0xfffff80000b9c3d0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101114-58203-01.
10/11/2014 11:48:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EaseUS Agent service.
10/11/2014 11:47:39 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CarboniteService service.
10/11/2014 11:47:08 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
10/11/2014 10:20:08 AM, Error: Service Control Manager [7034] - The DW WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
10/10/2014 9:56:01 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
10/10/2014 10:37:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
.
==== End Of File ===========================

Attached Files


Edited by Oh My!, 17 October 2014 - 08:03 PM.
Posted log


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 AM

Posted 17 October 2014 - 03:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/551715 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:19 AM

Posted 17 October 2014 - 08:01 PM

Greetings Herb and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 herbvan

herbvan
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 AM

Posted 20 October 2014 - 09:05 AM

Hello,
   Thank you for you help with this.  I cannot do a System Restore to any of the Restore points (Manual or Automatic).  It runs for a  while and then fails.
 
Herb
 
Attached File  Addition.zip   24.88KB   3 downloads
Attached File  FRST.zip   13.89KB   2 downloads
Attached File  SysInfo.zip   99.88KB   2 downloads

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014
Ran by Herb (administrator) on HERB-DELL-I7 on 20-10-2014 09:41:56
Running from C:\Users\Herb\Downloads
Loaded Profile: Herb (Available profiles: Herb)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Two Pilots) C:\Windows\VPDAgent_x64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(OSBASE) C:\Windows\System32\ddmgr.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Phase Five Systems) C:\Program Files (x86)\Jump Desktop\JumpService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Windows\System32\flvga_tray.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\Herb\Downloads\dsksve8\DeskSave.exe
(full phat products) C:\Program Files (x86)\full phat\Snarl\snarl.exe
(Limbo Software Solutions) C:\Users\Herb\Documents\Version 1 Final++\Version 1 Final++\Activity Indicator 1.1.4.29.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
() C:\Program Files (x86)\ClipX\clipx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Jonus Conrad & Noer.IT) C:\Program Files (x86)\full phat\Snarl\extensions\AudioMon\snarl-audiomon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(eM Client, Inc.) C:\Program Files (x86)\eM Client\MailClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Cubic Reality Software) C:\Program Files (x86)\CubicExplorer_dev\CubicExplorer.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Ulead Systems, Inc.) C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact\Iedit.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [flvga_tray64] => C:\Windows\system32\flvga_tray.exe [380928 2013-08-25] ()
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-30] (Waves Audio Ltd.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2806000 2014-01-15] (Synaptics Incorporated)
HKLM-x32\...\Run: [ClipX] => C:\Program Files (x86)\ClipX\clipx.exe [68608 2005-11-30] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-20] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\TightVNC\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe [1787752 2011-09-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe [141160 2011-09-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Nuance PDF Converter Professional 7-reminder] => C:\Program Files (x86)\Nuance\PDF Professional 7\Ereg\Ereg.exe [333672 2011-09-06] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Nikon Transfer Monitor] => C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-09-15] (Nikon Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => "C:\Program Files\Common~1\McAfee\Platform\mcuicnt.exe" /platui /runkey
HKLM-x32\...\Run: [EaseUs Tray] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe [1372232 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3067209623-2706563841-4154601197-1000\...\Run: [DeskSave] => C:\Users\Herb\Downloads\dsksve8\DeskSave.exe [82944 2008-07-26] ()
HKU\S-1-5-21-3067209623-2706563841-4154601197-1000\...\Run: [Snarl] => C:\Program Files (x86)\full phat\Snarl\snarl.exe [1441792 2014-01-20] (full phat products)
HKU\S-1-5-21-3067209623-2706563841-4154601197-1000\...\Run: [Activity Indicator] => C:\Users\Herb\Documents\Version 1 Final++\Version 1 Final++\Activity Indicator 1.1.4.29.exe [742400 2014-09-14] (Limbo Software Solutions)
HKU\S-1-5-21-3067209623-2706563841-4154601197-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3067209623-2706563841-4154601197-1000\...\Run: [DellSystemDetect] => C:\Users\Herb\AppData\Local\Apps\2.0\WENQ1N1D.RDL\L5Q21678.9J2\dell..tion_0f612f649c4a10af_0005.000b_17ede8fa7a4e5cac\DellSystemDetect.exe [267328 2014-09-24] (Dell)
Lsa: [Notification Packages] scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {6696724C-55BC-4413-8EE1-A875BB943D97} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {6696724C-55BC-4413-8EE1-A875BB943D97} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM-x32 - DefaultScope {6696724C-55BC-4413-8EE1-A875BB943D97} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {6696724C-55BC-4413-8EE1-A875BB943D97} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKCU - DefaultScope {915C26C6-FD63-48E5-8D03-A6FE3AEAF602} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20140915&p={SearchTerms}
SearchScopes: HKCU - {6696724C-55BC-4413-8EE1-A875BB943D97} URL =
SearchScopes: HKCU - {915C26C6-FD63-48E5-8D03-A6FE3AEAF602} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20140915&p={SearchTerms}
SearchScopes: HKCU - {BABC9345-C268-4462-9D1A-8EBA735A0164} URL = https://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Herb\AppData\Roaming\Mozilla\Firefox\Profiles\aupxuad8.default
FF SearchEngineOrder.1: Secure Search
FF Homepage: hxxp://www.foxnews.com/
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mcafee&type=A111US0&p=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Auto Refresh - C:\Users\Herb\AppData\Roaming\Mozilla\Firefox\Profiles\aupxuad8.default\Extensions\autorefresh@plugin.xpi [2014-09-10]
FF Extension: Classic Theme Restorer - C:\Users\Herb\AppData\Roaming\Mozilla\Firefox\Profiles\aupxuad8.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-09-10]
FF Extension: Hide My Ass Proxy Extension - C:\Users\Herb\AppData\Roaming\Mozilla\Firefox\Profiles\aupxuad8.default\Extensions\extension@hidemyass.com.xpi [2014-09-10]
FF Extension: FindBar Tweak - C:\Users\Herb\AppData\Roaming\Mozilla\Firefox\Profiles\aupxuad8.default\Extensions\fbt@quicksaver.xpi [2014-09-10]
FF Extension: History Button - C:\Users\Herb\AppData\Roaming\Mozilla\Firefox\Profiles\aupxuad8.default\Extensions\historybutton@darktrojan.net.xpi [2014-09-10]
FF Extension: Restart - C:\Users\Herb\AppData\Roaming\Mozilla\Firefox\Profiles\aupxuad8.default\Extensions\Restart@schuzak.jp.xpi [2014-09-10]
FF Extension: Adblock Plus - C:\Users\Herb\AppData\Roaming\Mozilla\Firefox\Profiles\aupxuad8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-10]
FF Extension: Zoom toolbar - C:\Users\Herb\AppData\Roaming\Mozilla\Firefox\Profiles\aupxuad8.default\Extensions\{FBFB7597-9E32-46b4-A500-8B6B0412777F}.xpi [2014-10-14]
FF Extension: PDF Converter 7.1 - C:\Program Files (x86)\Nuance\PDF Professional 7\FireFox [2014-09-14]
FF Extension: No Name - nuance@pdf7 [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-10]
CHR Extension: (Google Docs) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-10]
CHR Extension: (Google Drive) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-12]
CHR Extension: (YouTube) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-10]
CHR Extension: (Adblock Plus) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-12]
CHR Extension: (Google Search) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-10]
CHR Extension: (Google Sheets) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-10]
CHR Extension: (SiteAdvisor) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-09-15]
CHR Extension: (Google Wallet) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-10]
CHR Extension: (Gmail) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Agent; C:\Windows\VPDAgent_x64.exe [168960 2013-08-28] (Two Pilots) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
S4 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 ddmgr; C:\Windows\system32\ddmgr.exe [840864 2013-10-01] (OSBASE)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36936 2013-12-02] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-09-17] (Macrovision Europe Ltd.) [File not signed]
R2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 JumpDesktop; C:\Program Files (x86)\Jump Desktop\JumpService.exe [7680 2012-05-18] (Phase Five Systems) [File not signed]
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
S3 Media Jukebox 14 Service; C:\Program Files (x86)\J River\Media Jukebox 14\JRService.exe [379400 2010-07-15] (J. River, Inc.)
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [135016 2011-09-09] (Nuance Communications, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [316416 2014-10-13] (Microsoft Corporation) [File not signed]
R2 tvnserver; C:\Program Files (x86)\TightVNC\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)
S4 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6170624 2013-11-27] (Dell Inc.) [File not signed]
S2 DellDigitalDelivery; "c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [X]
S3 GoToAssist; "C:\Program Files (x86)\Citrix\GoToAssist\822\g2aservice.exe" Start=service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2013-11-27] (Broadcom Corporation.)
R4 ddkmd; C:\Windows\system32\drivers\ddkmd.sys [168096 2013-10-01] (OSBASE)
R0 ddkmdldr; C:\Windows\System32\drivers\ddkmdldr.sys [17056 2013-10-01] (OSBASE)
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [61000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2013-09-04] () [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [18504 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R3 FLxHCIv; C:\Windows\System32\Drivers\FLxHCIv.sys [170664 2013-10-02] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-29] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2014-10-14] ()
R0 xssflt; C:\Windows\System32\Drivers\xssflt.sys [87112 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 09:41 - 2014-10-20 09:42 - 00026600 _____ () C:\Users\Herb\Downloads\FRST.txt
2014-10-20 09:41 - 2014-10-20 09:41 - 02111488 _____ (Farbar) C:\Users\Herb\Downloads\FRST64.exe
2014-10-20 09:41 - 2014-10-20 09:41 - 00000000 ____D () C:\FRST
2014-10-20 00:57 - 2014-10-20 00:57 - 00000056 _____ () C:\Windows\setupact.log
2014-10-20 00:57 - 2014-10-20 00:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-16 14:06 - 2014-10-16 14:06 - 00017200 _____ () C:\Users\Herb\Desktop\Restore Report 10-16-2014 02-03-38PM.html
2014-10-16 14:02 - 2014-10-16 14:02 - 00017170 _____ () C:\Users\Herb\Desktop\Restore Report 10-16-2014 01-59-38PM.html
2014-10-16 10:17 - 2014-10-16 10:17 - 00001388 _____ () C:\1920x1080_20141016.dsv
2014-10-15 18:42 - 2014-10-15 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2014-10-14 21:33 - 2014-10-14 21:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-14 18:45 - 2014-10-14 18:45 - 03742594 _____ (CubicReality Software) C:\Users\Herb\Downloads\CubicExplorer_SVN_Setup.exe
2014-10-14 18:45 - 2014-10-14 18:45 - 00001101 _____ () C:\Users\Herb\Desktop\CubicExp.lnk
2014-10-14 18:45 - 2014-10-14 18:45 - 00000000 ____D () C:\Users\Herb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CubicExplorer_dev
2014-10-14 18:45 - 2014-10-14 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CubicExplorer_dev
2014-10-14 18:45 - 2014-10-14 18:45 - 00000000 ____D () C:\Program Files (x86)\CubicExplorer_dev
2014-10-14 17:29 - 2014-10-16 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-14 17:29 - 2014-10-14 17:28 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-14 17:29 - 2014-10-14 17:28 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-14 17:29 - 2014-10-14 17:28 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-14 17:29 - 2014-10-14 17:28 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-14 17:28 - 2014-10-14 17:28 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-14 14:27 - 2014-07-16 22:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 14:27 - 2014-07-16 22:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-14 14:27 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 14:27 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 14:27 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 14:27 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 14:27 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 14:27 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 14:27 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-14 14:27 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-14 14:27 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-14 14:27 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-14 14:27 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-14 14:27 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-14 14:27 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 14:27 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 14:24 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-14 14:24 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-14 14:24 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-14 14:24 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-14 14:24 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-14 14:24 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-14 14:24 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-14 14:24 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-14 14:24 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-14 14:24 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-14 14:24 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-14 14:24 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-14 13:57 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 13:57 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 13:57 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-14 13:57 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-14 13:57 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 13:57 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-14 13:57 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 13:56 - 2014-08-18 23:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-14 13:56 - 2014-08-18 23:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-14 13:56 - 2014-08-18 23:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-14 13:56 - 2014-07-06 22:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-14 13:56 - 2014-07-06 22:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 13:56 - 2014-07-06 22:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 13:56 - 2014-07-06 22:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 13:56 - 2014-07-06 22:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 13:56 - 2014-07-06 22:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 13:56 - 2014-07-06 22:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 13:56 - 2014-07-06 22:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 13:56 - 2014-07-06 22:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 13:56 - 2014-07-06 22:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 13:56 - 2014-07-06 22:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-14 13:56 - 2014-07-06 22:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 13:56 - 2014-07-06 22:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-14 13:56 - 2014-07-06 22:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 13:56 - 2014-07-06 22:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-14 13:56 - 2014-07-06 22:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 13:56 - 2014-07-06 22:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-14 13:56 - 2014-07-06 22:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-14 13:56 - 2014-07-06 22:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 13:56 - 2014-07-06 22:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 13:56 - 2014-07-06 21:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 13:56 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-14 13:56 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-14 13:56 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-14 13:56 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-14 13:56 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-14 13:56 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-14 13:56 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-14 13:56 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-14 13:56 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-14 13:56 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-14 13:56 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-14 13:56 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-14 13:56 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-14 13:56 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-14 13:56 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-14 13:56 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-14 13:56 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-14 13:56 - 2014-06-27 20:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 13:56 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 13:56 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 13:55 - 2014-08-18 23:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 13:55 - 2014-08-18 23:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-14 13:55 - 2014-08-18 23:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-14 13:55 - 2014-08-18 23:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-14 13:55 - 2014-08-18 23:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 13:55 - 2014-08-18 23:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 13:55 - 2014-08-18 23:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-14 13:55 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-14 13:55 - 2014-08-18 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-14 13:55 - 2014-08-18 22:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 13:55 - 2014-07-06 22:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 13:55 - 2014-07-06 22:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 13:55 - 2014-07-06 22:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 13:55 - 2014-07-06 22:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 13:55 - 2014-07-06 22:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 13:55 - 2014-07-06 22:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 13:55 - 2014-07-06 22:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-14 13:55 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-14 13:55 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-14 13:55 - 2014-07-06 22:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-14 13:55 - 2014-07-06 22:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-14 13:55 - 2014-07-06 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 13:55 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-14 13:55 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-14 13:55 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-14 13:55 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-14 13:55 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-14 13:55 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-14 13:55 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-14 13:55 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-14 13:55 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-14 13:55 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-14 13:55 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-14 13:55 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-14 13:53 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-14 13:53 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-14 13:53 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-14 13:52 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 13:52 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 13:52 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 13:52 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-14 13:52 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 13:52 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 13:52 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 13:52 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 13:52 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 13:52 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 13:52 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 13:52 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-14 13:52 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 13:52 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 13:52 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 13:52 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-14 13:52 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-14 13:52 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 13:52 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 13:52 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 13:52 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-14 13:52 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 13:52 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-14 13:52 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 13:52 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 13:52 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-14 13:52 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-14 13:52 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-14 13:52 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-14 13:52 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-14 13:52 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 13:52 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-14 13:52 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-14 13:52 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-14 13:52 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 13:52 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 13:52 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 13:52 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 13:52 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-14 13:52 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-14 13:52 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-14 13:52 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-14 13:52 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-14 13:52 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 13:52 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 13:52 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-14 13:52 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-14 13:52 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 13:52 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-14 13:52 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 13:52 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-14 13:52 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 13:52 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 13:52 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 13:52 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 13:52 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 13:51 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 13:51 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 13:51 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 13:51 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 13:50 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 13:50 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 09:02 - 2013-08-28 14:05 - 00168960 _____ (Two Pilots) C:\Windows\VPDAgent_x64.exe
2014-10-14 09:02 - 2012-03-06 10:05 - 00054784 _____ () C:\Windows\system32\gcprpm.dll
2014-10-14 09:00 - 2014-10-14 09:00 - 00000000 ____D () C:\ProgramData\ObviousIdea
2014-10-14 09:00 - 2014-10-14 09:00 - 00000000 ____D () C:\Program Files\ObviousIdea
2014-10-14 09:00 - 2013-08-16 19:16 - 05716992 _____ (Two Pilots) C:\Windows\system32\PDFCreatorPilot.dll
2014-10-14 08:51 - 2014-10-14 08:51 - 00347816 _____ (Microsoft Corporation) C:\Users\Herb\Downloads\MicrosoftFixit.Printing.Run.exe
2014-10-14 08:50 - 2014-10-14 08:52 - 16999712 _____ (ObviousIdea ) C:\Users\Herb\Downloads\greencloud_printer_setup_7.7.2.1.exe
2014-10-14 07:26 - 2014-10-14 07:26 - 00000000 ____D () C:\Users\Herb\AppData\Roaming\AVG2015
2014-10-14 07:24 - 2014-10-14 07:24 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-10-14 07:24 - 2014-10-14 07:24 - 00000000 ____D () C:\Users\Herb\AppData\Roaming\TuneUp Software
2014-10-14 07:24 - 2014-10-14 07:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-14 07:22 - 2014-10-20 01:06 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-14 07:22 - 2014-10-14 07:22 - 00000000 ___HD () C:\$AVG
2014-10-14 07:20 - 2014-10-14 07:20 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-14 06:43 - 2014-10-20 09:25 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-14 06:43 - 2014-10-14 07:45 - 00000000 ____D () C:\Users\Herb\AppData\Local\Avg2015
2014-10-14 06:43 - 2014-10-14 06:43 - 04579176 _____ (AVG Technologies) C:\Users\Herb\Downloads\avg_free_stb_all_2015_5315_cnet.exe
2014-10-14 06:43 - 2014-10-14 06:43 - 00000000 ____D () C:\Users\Herb\AppData\Local\MFAData
2014-10-14 06:32 - 2014-10-14 06:32 - 00030396 _____ () C:\ComboFix.txt
2014-10-14 06:21 - 2014-10-14 06:32 - 00000000 ____D () C:\Qoobox
2014-10-14 06:21 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-14 06:21 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-14 06:21 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-14 06:21 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-14 06:21 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-14 06:21 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-14 06:21 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-14 06:21 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-14 06:20 - 2014-10-14 06:30 - 00000000 ____D () C:\Windows\erdnt
2014-10-14 06:19 - 2014-10-16 14:02 - 00000000 ____D () C:\Users\Herb\AppData\Local\CrashDumps
2014-10-14 06:19 - 2014-10-14 06:19 - 05582915 ____R (Swearware) C:\Users\Herb\Downloads\ComboFix.exe
2014-10-14 06:15 - 2014-10-14 06:15 - 18495064 _____ () C:\Users\Herb\Downloads\RogueKillerX64.exe
2014-10-14 06:07 - 2014-10-14 06:15 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-14 06:07 - 2014-10-14 06:07 - 15677528 _____ () C:\Users\Herb\Downloads\RogueKiller.exe
2014-10-14 06:07 - 2014-10-14 06:07 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-14 06:02 - 2014-10-14 06:04 - 00000404 _____ () C:\Users\Herb\Downloads\RootkitRemover_20141014_060232.log
2014-10-14 06:02 - 2014-10-14 06:02 - 00783120 _____ (McAfee, Inc.) C:\Users\Herb\Downloads\rootkitremover.exe
2014-10-13 20:46 - 2014-10-13 20:46 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spoolsv.exe
2014-10-13 20:46 - 2014-10-13 20:46 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spoolss.dll
2014-10-13 20:45 - 2014-10-13 20:45 - 01880096 _____ () C:\Users\Herb\Downloads\Print-Spooler-Repair-Tool.exe
2014-10-13 20:45 - 2014-10-13 20:45 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacle.exe
2014-10-13 20:45 - 2014-10-13 20:45 - 00000000 ____D () C:\Program Files\PSRT
2014-10-13 20:27 - 2014-10-13 20:27 - 00000000 ____D () C:\Users\Herb\Themes
2014-10-13 20:27 - 2013-01-12 16:10 - 00357376 _____ () C:\Users\Herb\telemetry.dat
2014-10-13 20:27 - 2011-11-18 09:32 - 00000143 _____ () C:\Users\Herb\settings.xml
2014-10-13 20:05 - 2014-10-20 01:07 - 00355352 _____ () C:\Windows\WindowsUpdate.log
2014-10-13 19:29 - 2014-10-13 19:29 - 00000000 ____D () C:\Users\Herb\Downloads\backups
2014-10-13 17:02 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-13 17:02 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-24 10:03 - 2014-09-24 10:03 - 00000000 ____D () C:\Users\Herb\AppData\Roaming\Intel Corporation
2014-09-24 10:02 - 2014-09-24 10:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-09-24 10:00 - 2014-09-24 10:00 - 23663384 _____ (Dell Inc.) C:\Users\Herb\Downloads\Serial-ATA_Driver_NX86M_WN_12.8.2.1000_A00.EXE
2014-09-24 09:49 - 2013-08-05 13:50 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2014-09-24 09:48 - 2014-09-24 09:48 - 17715248 _____ (Dell Inc.) C:\Users\Herb\Downloads\Chipset_Driver_DKG7G_WN_9.4.0.1026_A00.EXE
2014-09-24 09:41 - 2014-09-24 09:42 - 65189960 _____ (Dell Inc.) C:\Users\Herb\Downloads\Chipset_Driver_P6Y5H_WN_9.5.24.1790_A00.EXE
2014-09-24 09:38 - 2014-09-24 09:38 - 05802600 _____ () C:\Users\Herb\Downloads\3442A04.EXE
2014-09-24 09:33 - 2014-09-24 09:33 - 00000000 ____D () C:\Users\Herb\AppData\Local\Citrix
2014-09-24 09:33 - 2014-09-24 09:33 - 00000000 ____D () C:\ProgramData\Citrix
2014-09-24 09:33 - 2014-09-24 09:33 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-09-24 08:43 - 2014-09-24 08:43 - 00000000 ____D () C:\Users\Herb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-09-24 08:01 - 2014-09-24 08:01 - 00001793 _____ () C:\Users\Herb\Desktop\Wavosaur.lnk
2014-09-24 07:52 - 2014-09-24 07:52 - 00000000 _____ () C:\Windows\system32\lame_enc.dll
2014-09-24 07:51 - 2014-09-24 07:51 - 00155483 _____ () C:\Users\Herb\Downloads\lame_enc.dll.zip
2014-09-24 07:51 - 2014-09-24 07:51 - 00000000 ____D () C:\Users\Herb\Downloads\lame_enc.dll
2014-09-24 07:47 - 2014-09-24 08:03 - 00000000 ____D () C:\Users\Herb\Downloads\Wavosaur.1.1.0.0-x86(en)
2014-09-24 07:47 - 2014-09-24 07:47 - 00295359 _____ () C:\Users\Herb\Downloads\Wavosaur.1.1.0.0-x86(en).zip
2014-09-24 06:58 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 06:58 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 18:15 - 2014-09-24 07:37 - 00891865 _____ () C:\Users\Herb\Downloads\lame3.99.5-64.zip
2014-09-23 18:15 - 2014-09-24 07:37 - 00000000 ____D () C:\Users\Herb\Downloads\lame3.99.5-64
2014-09-23 14:33 - 2014-09-24 07:45 - 00000000 ____D () C:\Users\Herb\Downloads\Wavosaur.1.1.0.0-x64(en)
2014-09-23 14:33 - 2014-09-24 07:19 - 01378561 _____ () C:\Users\Herb\Downloads\Wavosaur.1.1.0.0-x64(en).zip
2014-09-23 12:59 - 2014-09-23 18:19 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-09-23 12:58 - 2014-09-23 18:19 - 00527423 _____ ( ) C:\Users\Herb\Downloads\Lame_v3.99.3_for_Windows.exe
2014-09-23 12:51 - 2014-09-23 18:35 - 00000000 ____D () C:\Users\Herb\AppData\Roaming\Audacity
2014-09-23 12:51 - 2014-09-23 12:51 - 00001025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-09-23 12:50 - 2014-09-23 12:51 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-09-23 12:50 - 2014-09-23 12:50 - 22180353 _____ (Audacity Team ) C:\Users\Herb\Downloads\audacity-win-2.0.5.exe
2014-09-23 12:44 - 2014-09-23 12:50 - 00000000 ____D () C:\Users\Herb\AppData\Roaming\Mp3 Audio Editor
2014-09-23 12:44 - 2014-09-23 12:45 - 00000000 ____D () C:\Users\Herb\AppData\Roaming\New Version Available
2014-09-23 12:44 - 2014-09-23 12:44 - 16288032 _____ (Copyright© 2005-2014 MAESystems, Inc. ) C:\Users\Herb\Downloads\Mp3AudioEditor_CNET.exe
2014-09-23 12:44 - 2014-09-23 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Audio Editor
2014-09-23 12:44 - 2014-09-23 12:44 - 00000000 ____D () C:\Program Files (x86)\MP3 Audio Editor
2014-09-23 12:44 - 2006-03-23 12:56 - 00113486 _____ () C:\Windows\SysWOW64\NCTWMAProfiles.prx
2014-09-23 12:44 - 2005-05-18 11:52 - 01212416 _____ (Online Media Technologies Ltd.) C:\Windows\SysWOW64\NCTAudioInformation2.dll
2014-09-23 12:44 - 2005-05-17 12:37 - 01986560 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\NCTAudioFile2.dll
2014-09-23 12:44 - 2005-04-25 13:01 - 00458752 _____ (Online Media Technologies Ltd.) C:\Windows\SysWOW64\NCTAudioRecord2.dll
2014-09-23 12:44 - 2005-04-25 13:01 - 00458752 _____ (Online Media Technologies Ltd.) C:\Windows\SysWOW64\NCTAudioPlayer2.dll
2014-09-23 12:44 - 2005-04-15 12:08 - 00880640 _____ (Online Media Technologies Ltd.) C:\Windows\SysWOW64\NCTAudioEditor2.dll
2014-09-23 12:44 - 2005-04-04 17:21 - 00602112 _____ (Online Media Technologies Ltd.) C:\Windows\SysWOW64\NCTAudioTransform2.dll
2014-09-23 12:44 - 2005-03-28 15:54 - 00479232 _____ (Online Media Technologies Ltd.) C:\Windows\SysWOW64\NCTAudioVisualization2.dll
2014-09-23 12:44 - 2005-03-28 15:52 - 00417792 _____ (Online Media Technologies Ltd.) C:\Windows\SysWOW64\NCTTextToAudio2.dll
2014-09-23 12:44 - 2005-02-24 11:51 - 00348160 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\NCTWMAFile2.dll
2014-09-23 12:44 - 2004-11-04 13:31 - 00835584 _____ (NCT) C:\Windows\SysWOW64\NCTAudioCDGrabber2.dll
2014-09-23 12:29 - 2014-09-23 12:29 - 00671232 _____ () C:\Users\Herb\Downloads\MicrosoftFixit50688.msi
2014-09-23 12:14 - 2014-09-23 12:14 - 00001911 _____ () C:\Users\Herb\Desktop\Mp3Doctor PRO.lnk
2014-09-23 09:23 - 2014-09-23 09:23 - 00000000 ____D () C:\Users\Herb\Documents\Mixpad Projects
2014-09-23 07:01 - 2014-09-24 08:43 - 00000000 ____D () C:\Users\Herb\AppData\Local\Deployment
2014-09-22 12:34 - 2014-09-23 12:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3Doctor PRO
2014-09-22 12:34 - 2014-09-23 12:14 - 00000000 ____D () C:\Program Files (x86)\Mp3DoctorPRO
2014-09-22 12:33 - 2014-09-23 12:14 - 01415078 _____ () C:\Users\Herb\Downloads\mp3doctor.zip
2014-09-22 11:28 - 2014-09-23 09:52 - 00000000 ____D () C:\Program Files (x86)\Mp3DoctorPRO 2
2014-09-22 11:28 - 2014-09-23 06:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3Doctor PRO 2
2014-09-22 11:27 - 2014-09-22 11:27 - 05439553 _____ () C:\Users\Herb\Downloads\Mp3DoctorPRO2.zip
2014-09-22 11:21 - 2014-09-23 09:52 - 00000000 ____D () C:\Program Files (x86)\Mp4Gain
2014-09-22 11:20 - 2014-09-22 11:20 - 08056825 _____ () C:\Users\Herb\Downloads\Mp4Gain.zip
2014-09-22 11:11 - 2014-09-22 11:11 - 02032624 _____ () C:\Users\Herb\Downloads\mp3gainpro.zip
2014-09-22 08:36 - 2014-09-22 08:36 - 00001352 _____ () C:\1920x1080_20140922.dsv

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 09:42 - 2014-09-14 15:27 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-20 09:36 - 2014-09-15 12:25 - 00258563 _____ () C:\Windows\system32\gcpr
2014-10-20 09:09 - 2014-09-10 11:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-20 09:06 - 2014-09-10 06:41 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-10-20 09:00 - 2014-09-15 11:23 - 00060675 _____ () C:\Users\Herb\AppData\Roaming\Clock+.log
2014-10-20 08:52 - 2014-07-06 14:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-20 08:33 - 2014-09-11 09:31 - 00000590 _____ () C:\Windows\ULead32.ini
2014-10-20 08:15 - 2014-09-10 09:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-20 07:35 - 2014-09-12 08:33 - 00000000 ____D () C:\Users\Herb\AppData\Roaming\eM Client
2014-10-20 01:09 - 2014-09-10 11:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-20 01:08 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-20 01:08 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-20 01:04 - 2014-09-10 11:04 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-20 01:04 - 2014-09-10 11:04 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 01:03 - 2014-07-06 14:57 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-10-20 00:57 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-16 22:38 - 2014-09-11 10:38 - 00007629 _____ () C:\Users\Herb\AppData\Local\Resmon.ResmonCfg
2014-10-16 17:40 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-16 15:00 - 2014-09-10 09:17 - 00000000 ___RD () C:\Users\Herb\Desktop\Cleanup Tools
2014-10-16 13:05 - 2014-07-06 14:57 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-16 11:56 - 2014-07-06 14:57 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-16 11:55 - 2014-09-12 07:40 - 00000000 ____D () C:\Users\Herb\AppData\Local\Adobe
2014-10-16 11:55 - 2014-09-10 06:38 - 00000000 ____D () C:\Users\Herb\AppData\Roaming\Adobe
2014-10-16 11:43 - 2014-09-10 13:23 - 00000000 ____D () C:\Users\Herb\AppData\Roaming\ObviousIdea
2014-10-16 11:24 - 2014-09-10 13:06 - 00000000 ____D () C:\Users\Herb\Herb Music Hold
2014-10-16 10:39 - 2014-09-10 10:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-16 08:30 - 2014-09-12 08:33 - 00000968 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk
2014-10-16 08:30 - 2014-09-12 08:33 - 00000000 ____D () C:\Program Files (x86)\eM Client
2014-10-15 18:40 - 2014-09-10 12:15 - 17265240 _____ (Auslogics Labs Pty Ltd ) C:\Users\Herb\Downloads\boost-speed-setup.exe
2014-10-15 11:07 - 2014-09-16 16:46 - 00000000 ____D () C:\Users\Herb\Documents\eM Client
2014-10-14 22:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-10-14 18:39 - 2014-09-10 08:38 - 00000000 ____D () C:\Users\Herb\AppData\Roaming\CubicExplorer
2014-10-14 18:27 - 2014-09-12 08:05 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-14 17:17 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-14 17:12 - 2009-07-14 00:45 - 00608992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-14 17:08 - 2014-09-10 10:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-14 17:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-14 17:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-14 14:48 - 2014-09-10 09:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-14 14:29 - 2014-09-10 09:33 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 14:21 - 2014-09-15 10:32 - 00000000 ____D () C:\Program Files (x86)\WinMerge
2014-10-14 13:56 - 2014-09-10 06:34 - 00000000 ____D () C:\Users\Herb
2014-10-14 10:17 - 2014-09-11 11:22 - 00000000 ____D () C:\Windows\pss
2014-10-14 09:06 - 2014-09-14 15:26 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-10-14 09:00 - 2014-09-10 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ObviousIdea
2014-10-14 07:33 - 2014-09-15 11:09 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-10-14 06:48 - 2014-09-11 09:36 - 00000000 ____D () C:\Users\Herb\AppData\Local\Apps\2.0
2014-10-14 06:35 - 2014-09-15 11:59 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-10-14 06:29 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-14 06:03 - 2014-07-06 14:53 - 00000000 ____D () C:\Program Files\mcafee
2014-10-14 06:01 - 2014-07-06 14:53 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-13 22:58 - 2009-07-14 01:13 - 00783646 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-13 21:43 - 2014-09-10 08:37 - 00000000 ____D () C:\Program Files (x86)\CubicExplorer
2014-10-13 18:29 - 2014-09-10 06:41 - 00003632 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-10-13 16:57 - 2014-09-15 12:03 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-10-13 16:54 - 2014-07-06 14:36 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-13 16:53 - 2014-07-06 14:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-13 16:53 - 2014-07-06 14:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 10:03 - 2011-02-10 12:10 - 00799376 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-24 10:02 - 2014-07-06 14:43 - 00000000 ____D () C:\ProgramData\Intel
2014-09-24 10:02 - 2014-07-06 14:42 - 00000000 ____D () C:\Program Files\Intel
2014-09-24 08:28 - 2014-09-11 11:18 - 00420552 _____ () C:\Users\Herb\Downloads\DellSystemDetect.exe
2014-09-24 08:01 - 2014-09-15 10:45 - 00000000 ____D () C:\Users\Herb\Desktop\Misc Players
2014-09-23 21:41 - 2014-09-15 22:15 - 00001029 _____ () C:\Windows\cdplayer.ini
2014-09-23 12:10 - 2014-09-15 11:23 - 00011534 _____ () C:\Users\Herb\AppData\Roaming\TMinus.log
2014-09-23 11:49 - 2014-09-15 10:44 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-09-23 10:48 - 2014-07-06 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-09-23 09:52 - 2014-09-15 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3Gain PRO
2014-09-23 09:52 - 2014-09-15 10:36 - 00000000 ____D () C:\Program Files (x86)\Mp3GainPRO
2014-09-23 09:52 - 2014-09-11 11:43 - 00000000 ____D () C:\Program Files (x86)\ClipX
2014-09-23 09:52 - 2014-09-10 16:35 - 00000000 ____D () C:\Program Files\Bulk Rename Utility
2014-09-23 09:52 - 2014-07-06 14:45 - 00000000 ____D () C:\Windows\SysWOW64\sda
2014-09-23 09:52 - 2009-07-13 23:20 - 00000000 __RSD () C:\Windows\Media
2014-09-23 09:52 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-09-23 09:51 - 2014-09-15 10:44 - 00000000 ____D () C:\ProgramData\NCH Software
2014-09-23 09:51 - 2014-09-15 10:44 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-09-23 09:51 - 2014-07-06 14:40 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-09-23 08:08 - 2014-09-10 11:24 - 00000392 _____ () C:\Users\Public\MP3GainProCode.txt
2014-09-23 07:24 - 2014-07-06 14:40 - 00000000 ____D () C:\ProgramData\Dell
2014-09-22 10:44 - 2014-09-15 10:44 - 00000000 ____D () C:\Users\Herb\AppData\Roaming\NCH Software
2014-09-22 09:49 - 2014-09-19 14:09 - 00001602 _____ () C:\Users\Herb\Documents\E-Basy.bru

Files to move or delete:
====================
C:\Users\Herb\telemetry.dat
C:\Users\Public\CreateRP.VBS
C:\Users\Public\RunClubSanDisk.exe
C:\Users\Public\RunSanDiskSecureAccess_Win.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 13:28

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2014
Ran by Herb at 2014-10-20 09:42:57
Running from C:\Users\Herb\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{1CAFFEC6-23B4-484B-B17B-3200BE5C5636}) (Version: 99.9 - Eyeo GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS3 (HKLM-x32\...\Adobe_7328fdfcb73660ec8b11d5a3d5c6232) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CS3 (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS3 (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Aimersoft DVD Copy(Build 2.5.1.5) (HKLM-x32\...\Aimersoft DVD Copy_is1) (Version: - Aimersoft Software)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Auslogics BoostSpeed 7 (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 7.3.2.0 - Auslogics Labs Pty Ltd)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies)
AVG 2015 (Version: 15.0.4181 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Beyond Compare 3.3.12 (HKLM-x32\...\BeyondCompare3_is1) (Version: 3.3.12.18414 - Scooter Software)
Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
Canon CanoScan Toolbox 5.0 (HKLM-x32\...\CanoScan Toolbox 5.0) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq2414) (Version: - )
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151 (Jun-27-2014) - Carbonite)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
ClipX (HKLM-x32\...\ClipX) (Version: - )
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CuteFTP 9 (HKLM-x32\...\{89B9E358-75C6-4C6B-BD38-803FF156CC4B}) (Version: 9.0.5 - Globalscape)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.11.0.2 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.1 - Synaptics Incorporated)
DSC/AA Factory Installer (Version: 3.5.6426.22 - PC-Doctor, Inc.) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.30.223.99 - Dell Inc.)
EaseUS Todo Backup Home 6.5 (HKLM-x32\...\EaseUS Todo Backup Home 6.5 Trial_is1) (Version: 6.5 - CHENGDU YIWO Tech Development Co., Ltd)
Easy Graphic Converter 1.2 (HKLM-x32\...\Easy Graphic Converter 1.2_is1) (Version: 1.1 - Etru Software Development)
eM Client (HKLM-x32\...\{8A33684C-A2EF-4A49-A4A9-BD6EF80EC12A}) (Version: 6.0.21040.0 - eM Client Inc.)
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
Free FreeCell Solitaire 2012 v2.1 (HKLM-x32\...\Free FreeCell Solitaire_is1) (Version: - TreeCardGames)
Free Spider Solitaire v5.0 (HKLM-x32\...\Free Spider_is1) (Version: - TreeCardGames)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.2.0.822 - Citrix Online, a division of Citrix Systems, Inc.)
GreenCloud Printer 7.7.2.1 (HKLM\...\{F36B43F0-3BE6-48BA-A22D-3C098092BB3F}_is1) (Version: 7.7.2.1 - ObviousIdea)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.2.1000 - Intel Corporation) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) Hidden
Jump Desktop (HKLM-x32\...\{CAFC9C62-7C33-44C1-B317-F94287756CAA}) (Version: 3.2.5 - Phase Five Systems)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Light Image Resizer 4.6.5.0 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.6.5.0 - ObviousIdea)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Logo Design Studio Pro (HKLM-x32\...\{58BC2FF4-68A5-4D8A-B0B0-33C2CDCA2F2D}) (Version: 1.5 - Summitsoft Corporation)
LSI USB 2.0 Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.102 - LSI Corporation)
Media Jukebox 14 (HKLM-x32\...\Media Jukebox 14) (Version: 14 - J. River, Inc.)
melon 3.78 (HKLM-x32\...\melon) (Version: 3.78 - k23 productions)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MP3 Audio Editor v9.6.2 (HKLM-x32\...\MP3 Audio Editor_is1) (Version: - Copyright© 2005-2014 MAESystems, Inc.)
Mp3Doctor PRO (HKLM-x32\...\Mp3Doctor PRO_is1) (Version: 1.04 - Pro-Software.)
Mp3Gain PRO (HKLM-x32\...\Mp3Gain PRO_is1) (Version: 1.02 - Pro-Software.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MusicTracker 1.0 (HKLM-x32\...\MusicTracker 1.0) (Version: - )
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.3 - Nikon)
Nuance PDF Converter Professional 7 (HKLM\...\{F84EB50D-0FCA-4E59-B18A-44CFA6BD7687}) (Version: 7.20.6160 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 7 (HKLM-x32\...\{F84EB50D-0FCA-4E59-B18A-44CFA6BD7687}) (Version: 7.20.6160 - Nuance Communications, Inc.)
Pinnacle Studio 12 (HKLM-x32\...\{D041EB9E-890A-4098-8F94-51DA194AC72A}) (Version: 12.0.1.6173 - Pinnacle Systems)
Pinnacle Video Driver (HKLM\...\{5EB90C06-964F-4195-B83E-BD7E55C88415}) (Version: 12.00.0017 - Pinnacle Systems)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.18 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - )
Roxio Creator DE (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Scansoft PDF Professional (x32 Version: - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shutdown Command 1.1 (HKLM-x32\...\{F19B4819-DCDB-44D8-9AF5-DDDAF90E4350}_is1) (Version: - shutdowncommand.com)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Snarl 3.1 (HKLM-x32\...\Snarl) (Version: 3.1 - full phat products)
Solitaire XP version 1.2 (HKLM-x32\...\{2187FAB6-013A-4983-825F-F57F7BBBA373}_is1) (Version: 1.2 - SOLITAIREXP.COM)
Spider Solitaire (HKLM-x32\...\com.novelgames.flashgames.spidersolitaire) (Version: 1.6.3 - Novel Games Limited)
Spider Solitaire (x32 Version: 1.6.3 - Novel Games Limited) Hidden
TightVNC 2.0.2 (HKLM-x32\...\TightVNC) (Version: 2.0.2 - GlavSoft LLC.)
USB VGA Display Driver (HKLM\...\{D9295A3E-BCEB-474A-AA41-57DFB2E45B76}) (Version: 1.1.202.0 - USB to VGA Device)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.51 - NCH Software)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.96 - NCH Software)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4800 - Broadcom Corporation)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-10-14 06:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C1CB4B6-E3F3-4C72-9585-018ACD7F6FAF} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {35A71808-E216-488F-8C5D-95CD8EBE224C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {55783EB8-2F56-4E59-BEF7-F139858F39A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-13] (Adobe Systems Incorporated)
Task: {7BB7A8F2-A51A-4576-993B-48F1221C2026} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10] (Google Inc.)
Task: {8C77B60D-C650-4FBA-BEC6-1707A0E29372} - System32\Tasks\Fix Hacks Chrome => C:\Users\Herb\Desktop\Fix Hacks\FixCrapLoadIE-4-Chrome.bat [2014-08-29] ()
Task: {960CBB6C-F10C-431E-9A77-40F73A4515E8} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {9A611EBA-EA5D-4238-BE1D-CE84E22CFDA0} - System32\Tasks\Create Restore Point => C:\Users\Herb\Desktop\Cleanup Tools\CreateRP.VBS [2012-05-07] ()
Task: {A460A89C-5216-4CBD-A063-E0034EBF34DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10] (Google Inc.)
Task: {AA0063DB-9315-4FE7-9365-961B5EEBF952} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-10-14 09:02 - 2012-03-06 10:05 - 00054784 _____ () C:\Windows\System32\gcprpm.dll
2014-09-15 11:01 - 2012-12-04 20:33 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP2030PP.DLL
2014-09-15 12:10 - 2012-03-06 10:05 - 00019456 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\gcprui.dll
2014-07-06 14:58 - 2014-03-12 13:22 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-07-06 14:58 - 2014-03-12 13:22 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-08-25 21:45 - 2013-08-25 21:45 - 00380928 _____ () C:\Windows\System32\flvga_tray.exe
2008-07-26 19:56 - 2008-07-26 19:56 - 00082944 _____ () C:\Users\Herb\Downloads\dsksve8\DeskSave.exe
2005-11-30 17:34 - 2005-11-30 17:34 - 00068608 _____ () C:\Program Files (x86)\ClipX\clipx.exe
2014-09-15 11:01 - 2012-12-04 20:33 - 01236992 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP2030GC.dll
2014-09-15 11:01 - 2012-12-04 20:33 - 00341504 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP2030SD.DLL
2014-09-15 11:01 - 2012-12-04 20:33 - 02672128 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP2030SU.DLL
2014-09-15 15:49 - 2013-09-04 11:19 - 00098888 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2014-09-15 15:49 - 2013-11-14 14:59 - 00031304 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll
2014-09-15 15:50 - 2008-11-25 17:18 - 01291264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2014-09-15 15:50 - 2004-10-05 03:08 - 00055808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2014-09-15 15:49 - 2013-09-04 11:19 - 00029768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2014-09-15 15:50 - 2013-09-04 11:19 - 00050248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2014-09-15 13:56 - 2014-01-13 18:06 - 00105544 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2014-09-15 15:49 - 2013-09-04 11:19 - 00030280 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2014-09-15 15:49 - 2013-09-04 11:19 - 00293960 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll
2014-09-15 15:49 - 2013-09-04 11:19 - 00578632 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2014-09-15 15:49 - 2013-09-04 11:19 - 00468040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll
2014-09-15 15:49 - 2013-09-04 11:19 - 00192072 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2014-09-15 13:56 - 2013-12-23 11:01 - 00281672 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2014-09-15 15:49 - 2013-09-04 11:19 - 00068680 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2014-09-15 15:50 - 2013-09-04 11:19 - 00069192 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2014-09-15 13:56 - 2013-09-04 11:19 - 00022600 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2014-09-15 15:50 - 2013-09-04 11:19 - 00115784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2014-09-15 15:49 - 2013-09-04 11:19 - 00192584 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2014-09-15 15:49 - 2013-09-04 11:19 - 00135752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2014-09-15 13:56 - 2013-10-22 17:31 - 00037960 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2014-09-15 15:50 - 2013-09-04 11:19 - 00135240 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2014-09-15 13:56 - 2013-12-24 17:42 - 00017992 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2014-09-15 15:49 - 2013-09-04 11:19 - 00096840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
2014-09-15 15:50 - 2013-09-04 11:19 - 00033352 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\LibraryManager.dll
2012-05-18 05:25 - 2012-05-18 05:25 - 02112104 _____ () C:\Program Files (x86)\Jump Desktop\JumpNetwork.dll
2014-10-16 08:32 - 2014-10-16 08:32 - 00136704 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.1d52ed9e#\f9d6cc2a44c58920b6551d246ede5cd3\MailClient.Collections.ni.dll
2014-10-16 08:32 - 2014-10-16 08:32 - 00499200 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Mail\c1f4626383a767d539009789dba9e73f\MailClient.Mail.ni.dll
2014-10-16 08:32 - 2014-10-16 08:32 - 00950272 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\HTMLEditorControl\3ea29c79b4fc386656b80e2f7285e682\HTMLEditorControl.ni.dll
2014-10-16 08:32 - 2014-10-16 08:32 - 00583168 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Common.UI\834d378b666a784c3cbe68d47a0bdc64\MailClient.Common.UI.ni.dll
2014-10-16 08:32 - 2014-10-16 08:32 - 00022528 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Interop\47d8e07002c7f29138e38a4eaa8de94f\MailClient.Interop.ni.dll
2014-10-14 17:56 - 2014-10-14 17:56 - 00552448 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\LinqBridge\e8e0bca1a8b8120ef6ce7ba5a62c4adb\LinqBridge.ni.dll
2014-05-28 17:48 - 2014-05-28 17:48 - 00642016 _____ () C:\Program Files (x86)\eM Client\SQLite\x86\sqlite3.dll
2014-10-14 17:56 - 2014-10-14 17:56 - 00685056 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\HtmlInterop\6fca983e1461943f3e3aea925d83f89f\HtmlInterop.ni.dll
2014-09-12 12:11 - 2014-09-12 12:11 - 00087040 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\SystemCoreTimeZone\cf6ca56df8e7ad516b60f054212d7524\SystemCoreTimeZone.ni.dll
2014-10-14 17:57 - 2014-10-14 17:57 - 01587712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsAPICodePack\1f2a02faa63de564e80aa1769ebbda37\WindowsAPICodePack.ni.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-16 08:32 - 2014-10-16 08:32 - 00101376 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Sasl\3ef53be4826dcc6ba93ed5241cb18261\MailClient.Sasl.ni.dll
2014-09-24 09:44 - 2013-12-10 09:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-10-14 21:33 - 2014-10-14 21:33 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-14 17:28 - 2014-10-14 17:28 - 00018856 _____ () C:\Program Files (x86)\Java\jre7\bin\jp2native.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2011-09-09 02:16 - 2011-09-09 02:16 - 00418664 _____ () C:\Program Files (x86)\Nuance\PDF Professional 7\PDFCOffice2007Addin.dll
2011-02-18 10:04 - 2011-02-18 10:04 - 00196448 _____ () C:\Program Files (x86)\Microsoft Office\Office14\IEAWSDC.DLL
2014-09-11 09:31 - 1997-11-03 06:51 - 00063488 _____ () C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact\U32MISC.dll
2014-09-11 09:31 - 1997-11-08 15:24 - 00373248 _____ () C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact\U32path.dll
2014-09-11 09:31 - 1997-11-03 11:54 - 00108032 _____ () C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact\u32sel.dll
2014-09-11 09:31 - 1997-11-03 11:56 - 00145408 _____ () C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact\u32cvt.dll
2014-09-11 09:31 - 1998-02-20 18:53 - 00245248 _____ () C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact\u32FeUI.dll
2014-09-11 09:31 - 1997-11-03 07:32 - 00176128 _____ () C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact\u32Fe.dll
2014-09-11 09:31 - 1997-11-05 09:37 - 00123904 _____ () C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact\U32tx.dll
2014-09-11 09:31 - 1997-11-03 07:03 - 00030208 _____ () C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact\u32Plug.dll
2014-09-11 09:31 - 1997-11-03 12:58 - 00044032 _____ () C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact\UFCCOMM.dll
2014-09-11 09:31 - 1997-11-03 12:58 - 00020480 _____ () C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact\UFCBUF.dll
2014-09-11 09:31 - 1998-03-12 10:39 - 00340480 _____ () C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact\IERC.dll
2014-09-11 09:31 - 1997-11-03 10:56 - 00309760 _____ () C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact\Tge.dll
2014-09-11 09:31 - 1997-11-03 12:31 - 00013312 _____ () C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact\SCANRES.dll
2014-09-11 09:31 - 1997-11-03 13:00 - 00138752 _____ () C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact\UFCPNTBS.dll
2014-09-11 09:31 - 1997-11-03 12:59 - 00010240 _____ () C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact\UFCDLGBR.dll
2014-09-11 09:31 - 1997-11-03 12:59 - 00028160 _____ () C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact\UFCCOLOR.dll
2014-09-11 09:31 - 1997-11-03 12:58 - 00085504 _____ () C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact\Upbgen.dll
2014-09-11 09:31 - 1997-11-03 12:59 - 00020480 _____ () C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact\UFCCNBTN.dll
2014-09-11 09:31 - 1997-11-03 13:00 - 00026624 _____ () C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact\UFCPNMGR.dll
2014-09-11 09:31 - 1997-11-03 13:00 - 00034816 _____ () C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact\UFCPNTBP.dll
2014-09-11 09:31 - 1997-11-03 13:01 - 00057856 _____ () C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact\UPP\ufcclone.upp
2014-09-11 09:31 - 1997-11-03 13:01 - 00036864 _____ () C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact\UPP\ufclnobj.upp
2014-09-11 09:31 - 1997-11-03 13:02 - 00017920 _____ () C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact\UPP\ufcpidx.upp
2014-09-11 09:31 - 1997-11-03 13:01 - 00130560 _____ () C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact\UPP\UFCPNT.upp
2014-09-11 09:31 - 1997-11-03 13:01 - 00117760 _____ () C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact\UPP\ufcrtch.upp

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\1920x1080_20140915.dsv:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\1920x1080_20140917.dsv:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\1920x1080_20140922.dsv:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\eula.1028.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\eula.1031.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\eula.1033.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\eula.1036.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\eula.1040.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\eula.1041.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\eula.1042.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\eula.2052.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\eula.3082.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\globdata.ini:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\install.ini:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\install.res.1028.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\install.res.1031.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\install.res.1033.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\install.res.1036.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\install.res.1040.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\install.res.1041.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\install.res.1042.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\install.res.2052.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\install.res.3082.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\msdia80.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\VC_RED.cab:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\TEMP:0574215C
AlternateDataStreams: C:\Users\Herb\settings.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\Sti_Trace.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\telemetry.dat:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\Desktop\Adobe Photoshop 7.0.lnk:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\Desktop\Bode Remote.lnk:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\Desktop\Bulk Rename Utility.lnk:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\Desktop\Color Chart.url:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\Desktop\ColorCoder.exe.lnk:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\Desktop\Games.lnk:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\Desktop\NetVibes.url:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\Desktop\Proper E-Bay.url:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\Desktop\Publisher 2010.lnk:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\Desktop\RGB Colors.url:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\Downloads\2013-11-09-BillyCrystalTix.pdf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\Downloads\2013-FinancialSummary(1).pdf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\Downloads\2013-FinancialSummary.pdf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\Downloads\adnotifier2.2.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\Downloads\CapeMayFerry-2013-08-04-Booking.1801448.pdf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\Downloads\clipx-1.0.3.8-setup.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\Downloads\EvelynLabels.csv:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\Downloads\EvelynLabels.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\Downloads\Excel Shower Address List.csv:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\Downloads\Excel Shower Address List2.csv:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\Downloads\FileFormatConverters.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\Downloads\FreeEasyFontViewerSetup.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\Downloads\FreeVideoToDVDConverter.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\Downloads\ImageWaterMarker.zip:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\Downloads\JumpDesktopInstaller.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herb\Downloads\ResizeEnable:Shareaza.GUID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: 0145911413243825mcinstcleanup => 2
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: MSK80Service => 2
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: wltrysvc => 2
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3067209623-2706563841-4154601197-500 - Administrator - Disabled)
Guest (S-1-5-21-3067209623-2706563841-4154601197-501 - Limited - Disabled)
Herb (S-1-5-21-3067209623-2706563841-4154601197-1000 - Administrator - Enabled) => C:\Users\Herb
HomeGroupUser$ (S-1-5-21-3067209623-2706563841-4154601197-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/20/2014 09:42:58 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
Instantiating VSS server

Error: (10/20/2014 09:42:58 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
Instantiating VSS server

Error: (10/20/2014 09:36:14 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
Instantiating VSS server

Error: (10/20/2014 09:36:14 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
Instantiating VSS server

Error: (10/20/2014 09:06:38 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
Instantiating VSS server

Error: (10/20/2014 09:06:38 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
Instantiating VSS server

Error: (10/20/2014 08:18:23 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
Instantiating VSS server

Error: (10/20/2014 08:18:23 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
Instantiating VSS server

Error: (10/20/2014 08:11:01 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
Instantiating VSS server

Error: (10/20/2014 08:11:01 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
Instantiating VSS server


System errors:
=============
Error: (10/20/2014 01:02:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Digital Delivery Service service failed to start due to the following error:
%%2

Error: (10/20/2014 00:57:48 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:39:40 PM on ‎10/‎16/‎2014 was unexpected.

Error: (10/16/2014 10:50:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Digital Delivery Service service failed to start due to the following error:
%%2

Error: (10/16/2014 10:45:55 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:44:12 AM on ‎10/‎16/‎2014 was unexpected.

Error: (10/16/2014 10:41:52 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The AVGIDSAgent service hung on starting.

Error: (10/16/2014 10:39:27 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:38:05 AM on ‎10/‎16/‎2014 was unexpected.

Error: (10/15/2014 01:52:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Digital Delivery Service service failed to start due to the following error:
%%2

Error: (10/15/2014 01:48:19 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:43:40 PM on ‎10/‎15/‎2014 was unexpected.

Error: (10/15/2014 01:44:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CarboniteService service.

Error: (10/15/2014 01:02:07 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


Microsoft Office Sessions:
=========================
Error: (10/20/2014 09:42:58 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
Instantiating VSS server

Error: (10/20/2014 09:42:58 AM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
Instantiating VSS server

Error: (10/20/2014 09:36:14 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
Instantiating VSS server

Error: (10/20/2014 09:36:14 AM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
Instantiating VSS server

Error: (10/20/2014 09:06:38 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
Instantiating VSS server

Error: (10/20/2014 09:06:38 AM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
Instantiating VSS server

Error: (10/20/2014 08:18:23 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
Instantiating VSS server

Error: (10/20/2014 08:18:23 AM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
Instantiating VSS server

Error: (10/20/2014 08:11:01 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
Instantiating VSS server

Error: (10/20/2014 08:11:01 AM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
Instantiating VSS server


CodeIntegrity Errors:
===================================
Date: 2014-10-14 06:29:11.931
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-14 06:29:11.853
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4510U CPU @ 2.00GHz
Percentage of memory in use: 55%
Total physical RAM: 8096.03 MB
Available physical RAM: 3638.37 MB
Total Pagefile: 16190.23 MB
Available Pagefile: 11395.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:911.69 GB) (Free:389.44 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

Edited by Oh My!, 20 October 2014 - 09:07 AM.
Logs posted


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:19 AM

Posted 20 October 2014 - 10:04 AM

Greetings,

Please copy and paste all information in your reply unless specifically asked to attach a file.

There are a lot of Thumbnails associated with files that are listed under the Alternate Data Streams section of the FRST report. Did you intend for them to be attached to those files?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6696724C-55BC-4413-8EE1-A875BB943D97} URL =
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
FF Extension: No Name - nuance@pdf7 [Not Found]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
C:\Users\Herb\telemetry.dat
C:\Users\Public\CreateRP.VBS
C:\Users\Public\RunClubSanDisk.exe
C:\Users\Public\RunSanDiskSecureAccess_Win.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Thumbnails?
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:19 AM

Posted 26 October 2014 - 02:00 PM

Greetings Herb,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 herbvan

herbvan
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 AM

Posted 28 October 2014 - 05:38 AM

I'm sorry about falling behind with this issue.   I seem pretty stable (after getting rid of a lot of garbage) with the system hang.  The rootkit appears to have been buried within McAfee, which is now gone.  The restore will be tested again to see if it is still an issue.  If so, I'll repost.  Thank you for your help so far.

 

Herb



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:19 AM

Posted 28 October 2014 - 10:09 AM

Very good Herb, I'll be looking forward to your update.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:19 AM

Posted 31 October 2014 - 09:42 AM

Hi Herb,

How are things?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:19 AM

Posted 01 November 2014 - 06:10 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:19 AM

Posted 04 November 2014 - 09:37 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:19 AM

Posted 04 November 2014 - 09:37 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users