Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple instances of dlhost running as com surrogate


  • This topic is locked This topic is locked
24 replies to this topic

#1 grandstandvideo

grandstandvideo

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 29 October 2014 - 03:43 PM

**update** I blocked atieclxx.exe at the firewall in nortons and the problem has stopped. Not I need to see what the root of the problem is.

 

Hello,

 

I have been working on this for a few days and can not figure it out. I hope I detail it in proper order and I can gain some insight.

Upon starting the computer (always log in as a user, not admin) the following processes are in task manager with no user name and no description 

Winlogon.exe

atieclxx.exe ( I have an ATI video card installed)

csrss.exe

I do not have permission to end them.

After browsing the interned the computer slows down and multiple instances of dllhost open as com surrogate.

I can close them but the pop back up. Sometimes I get 3 or up to 7 instances.

At the same time Malwarebytes informs me of the following 3 detections that repeated a lot of times.

 

Malicious website protection,ip,88.214.193.77,xmlka.com,54291(this number changed a lot), Outbound ,C/windows/SysWOW64/dllhost.exe

Malicious website protection,ip,216.172.61.83,honeymods.com,57411, Outbound ,C/windows/SysWOW64/dllhost.exe

Malicious website protection,ip,66.45.56.109,114258url,directdisplayad.com, Outbound ,C/windows/SysWOW64/dllhost.exe

 

the above happened most recently today while my wife was playing online games.

 

 

Superantispyware finds nothing run as user or administrate in safe mode w/networking, Malwarebytes found  what I listed above.

TDSSkiller finds nothing

CCleaner finds nothing

 

 

Log files attached and thank you.

Attached Files


Edited by grandstandvideo, 30 October 2014 - 11:06 AM.


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:22 AM

Posted 04 November 2014 - 03:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/553892 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 grandstandvideo

grandstandvideo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 04 November 2014 - 09:18 PM

Since posting this I have deleted the file atieclxx.exe and it has temporarily solved the problem. I also updated Java.

I re-ran DDS while logged in as a user. Here are the 2 files. Thank you!

 

 

 

 

Attached Files



#4 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:09:22 AM

Posted 05 November 2014 - 01:54 AM


Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)


Sorry to keep you waiting for so long, but we are really overwhelmed here.



FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.
There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other.
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.

Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#5 grandstandvideo

grandstandvideo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 05 November 2014 - 10:19 AM

Hello Naathim, Thank you for your help so far.

Please see the logfiles below.

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Jeff and Mel (administrator) on HOME on 05-11-2014 08:54:38
Running from C:\Users\normal use\Desktop
Loaded Profiles: Jeff and Mel & normal use (Available profiles: Jeff and Mel & normal use)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
( ) C:\Windows\System32\lxcycoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Akamai Technologies, Inc.) C:\Users\normal use\AppData\Local\Akamai\netsession_win.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Akamai Technologies, Inc.) C:\Users\normal use\AppData\Local\Akamai\netsession_win.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2008-09-06] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1469705351-4241513676-1628539046-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-1469705351-4241513676-1628539046-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1469705351-4241513676-1628539046-1000\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-1469705351-4241513676-1628539046-1000\...\MountPoints2: {2819626b-fb17-11df-87a7-806e6f6e6963} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1469705351-4241513676-1628539046-1000\...\MountPoints2: {fa4be668-9874-11de-a629-806e6f6e6963} - E:\SetupAssistant.exe
HKU\S-1-5-21-1469705351-4241513676-1628539046-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-05-18] (Hewlett-Packard Company)
HKU\S-1-5-21-1469705351-4241513676-1628539046-1001\...\Run: [ISUSPM] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-1469705351-4241513676-1628539046-1001\...\Run: [Akamai NetSession Interface] => C:\Users\normal use\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1469705351-4241513676-1628539046-1001\...\Run: [Pinnacle] => rundll32.exe "C:\Users\normal use\AppData\Local\Roxio\Pinnacle\cupoouux.dll",DllRegisterServerW <===== ATTENTION
HKU\S-1-5-21-1469705351-4241513676-1628539046-1001\...\Run: [Mozilla] => rundll32.exe "C:\Users\normal use\AppData\Local\Pinnacle\Mozilla\ggkbgn.dll",VC1ConfigGetAPIExtW <===== ATTENTION
HKU\S-1-5-21-1469705351-4241513676-1628539046-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-01] (SUPERAntiSpyware)
HKU\S-1-5-21-1469705351-4241513676-1628539046-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-1469705351-4241513676-1628539046-1001\...\MountPoints2: {2819626b-fb17-11df-87a7-806e6f6e6963} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1469705351-4241513676-1628539046-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(3).dll [88376 2013-07-24] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(3).dll [81160 2013-07-24] (Zemana Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\3.8.3.6\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\3.8.3.6\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\3.8.3.6\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {CEC019A3-2714-47A9-8D78-0B71F2C46863} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKLM-x32 - {CEC019A3-2714-47A9-8D78-0B71F2C46863} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKCU - {CEC019A3-2714-47A9-8D78-0B71F2C46863} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.922.1\NativeBHO.dll (WhiteSky)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10}
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.5.cab
DPF: HKLM-x32 {49232000-16E4-426C-A231-62846947304B} https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: HKLM-x32 {784797A8-342D-4072-9486-03C8D0F2F0A1} http://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.203.0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} -  No File
Handler-x32: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @movenetworks.com/Quantum Media Player -> C:\Users\Jeff and Mel\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player -> C:\Users\Jeff and Mel\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn [2011-11-01]
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\Jeff and Mel\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\Jeff and Mel\AppData\Roaming\Move Networks [2010-03-22]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-09] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
R2 lxcy_device; C:\Windows\system32\lxcycoms.exe [566192 2006-11-29] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe [117648 2011-10-11] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Roxio UPnP Renderer 9; C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [57344 2006-12-13] (Sonic Solutions) [File not signed]
S2 Roxio Upnp Server 9; C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe [294912 2006-12-13] (Sonic Solutions) [File not signed]
S3 RoxMediaDB9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2007-01-16] (Sonic Solutions) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49752 2014-10-08] (Zemana Ltd.)
R1 BHDrvx64; C:\Windows\System32\Drivers\N360x64\0308030.006\BHDrvx64.sys [334384 2010-03-11] (Symantec Corporation)
R1 ccHP; C:\Windows\System32\Drivers\N360x64\0308030.006\ccHPx64.sys [561800 2011-10-11] (Symantec Corporation)
R2 DLABMFSE; C:\Windows\System32\DLA\DLABMFSE.SYS [44152 2006-11-01] (Roxio)
R2 DLABOIOE; C:\Windows\System32\DLA\DLABOIOE.SYS [41976 2006-11-01] (Roxio)
S1 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [15992 2006-09-15] (Roxio)
R2 DLADResE; C:\Windows\System32\DLA\DLADResE.SYS [10360 2006-11-01] (Roxio)
R2 DLAIFS_E; C:\Windows\System32\DLA\DLAIFS_E.SYS [142200 2006-11-01] (Roxio)
R2 DLAOPIOE; C:\Windows\System32\DLA\DLAOPIOE.SYS [34552 2006-11-01] (Roxio)
R2 DLAPoolE; C:\Windows\System32\DLA\DLAPoolE.SYS [18040 2006-11-01] (Roxio)
R1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [39288 2006-09-15] (Roxio)
R2 DLAUDFAE; C:\Windows\System32\DLA\DLAUDFAE.SYS [137080 2006-11-01] (Roxio)
R2 DLAUDF_E; C:\Windows\System32\DLA\DLAUDF_E.SYS [143736 2006-11-01] (Roxio)
R0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [123928 2006-10-25] (Sonic Solutions)
R2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63608 2006-09-15] (Roxio)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-08-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-08-26] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20141104.001\IDSvia64.sys [633560 2014-08-22] (Symantec Corporation)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25056 2013-07-24] (Zemana Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20141104.035\ENG64.SYS [129752 2014-10-30] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20141104.035\EX64.SYS [2137304 2014-10-30] (Symantec Corporation)
S2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [26624 2009-06-10] (Windows ® Codename Longhorn DDK provider) [File not signed]
S1 RxFilter; C:\Windows\System32\DRIVERS\RxFilter.sys [58880 2006-12-02] (Sonic Solutions) [File not signed]
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [58880 2006-12-02] (Sonic Solutions) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\0308030.006\SRTSP64.SYS [476720 2010-03-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0308030.006\SRTSPX64.SYS [32304 2010-03-11] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0308030.006\SYMEFA64.SYS [402992 2010-03-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2010-03-11] (Symantec Corporation)
R3 SYMFW; C:\Windows\System32\Drivers\N360x64\0308030.006\SYMFW.SYS [120952 2011-10-11] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [31280 2010-03-11] (Symantec Corporation)
R3 SYMNDISV; C:\Windows\System32\Drivers\N360x64\0308030.006\SYMNDISV.SYS [56952 2011-10-11] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\N360x64\0308030.006\SYMTDI.SYS [279160 2011-10-11] (Symantec Corporation)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2009-02-13] (Western Digital Technologies) [File not signed]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 08:54 - 2014-11-05 08:55 - 00022698 _____ () C:\Users\normal use\Desktop\FRST.txt
2014-11-05 08:53 - 2014-11-05 08:54 - 00000000 ____D () C:\FRST
2014-11-05 08:52 - 2014-11-05 08:52 - 02114560 _____ (Farbar) C:\Users\normal use\Desktop\FRST64.exe
2014-11-05 08:40 - 2014-11-05 08:40 - 00000000 ____D () C:\Users\normal use\AppData\Local\{55AACAA5-1143-4B46-A25E-CFB84C878476}
2014-11-04 14:41 - 2014-11-04 14:41 - 00000000 ____D () C:\Users\normal use\AppData\Local\{2E715F2E-88D5-4D7F-89A0-D14BD3C0BCC7}
2014-11-04 11:20 - 2014-11-04 11:20 - 00000000 ____D () C:\Users\normal use\AppData\Local\{F7C4223C-CD51-4693-A5CE-F85E2A56DD4C}
2014-11-04 10:50 - 2014-11-04 10:50 - 00000000 ____D () C:\Users\normal use\AppData\Local\{49D19A12-6D75-40DA-898C-1C5BBA425F19}
2014-11-04 09:12 - 2014-11-05 08:42 - 00029631 _____ () C:\Windows\WindowsUpdate.log
2014-11-04 09:08 - 2014-11-05 08:36 - 00000168 _____ () C:\Windows\setupact.log
2014-11-04 09:08 - 2014-11-04 09:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-03 15:09 - 2014-11-03 15:11 - 00000000 ____D () C:\Users\normal use\Documents\Moo texts
2014-11-03 14:55 - 2014-11-03 14:55 - 00000000 ____D () C:\Users\normal use\AppData\Roaming\Apple Computer
2014-11-03 14:55 - 2014-11-03 14:55 - 00000000 ____D () C:\Users\normal use\AppData\Local\Apple Computer
2014-11-03 14:51 - 2014-11-03 14:57 - 00000000 ____D () C:\Users\Jeff and Mel\AppData\Roaming\Apple Computer
2014-11-03 14:51 - 2014-11-03 14:51 - 00001745 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-03 14:51 - 2014-11-03 14:51 - 00000000 ____D () C:\Users\Jeff and Mel\AppData\Local\Apple Computer
2014-11-03 14:51 - 2014-11-03 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-03 14:51 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-11-03 14:50 - 2014-11-03 14:51 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-03 14:50 - 2014-11-03 14:51 - 00000000 ____D () C:\Program Files\iTunes
2014-11-03 14:50 - 2014-11-03 14:51 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-03 14:50 - 2014-11-03 14:50 - 00000000 ____D () C:\Program Files\iPod
2014-11-03 14:48 - 2014-11-03 14:50 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-03 14:48 - 2014-11-03 14:48 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-11-03 14:48 - 2014-11-03 14:48 - 00000000 ____D () C:\Users\Jeff and Mel\AppData\Local\Apple
2014-11-03 14:48 - 2014-11-03 14:48 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-11-03 14:47 - 2014-11-03 14:48 - 00000000 ____D () C:\ProgramData\Apple
2014-11-03 14:47 - 2014-11-03 14:47 - 00000000 ____D () C:\Program Files\Bonjour
2014-11-03 14:47 - 2014-11-03 14:47 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-11-03 14:45 - 2014-11-03 14:54 - 00000000 ____D () C:\Program Files (x86)\Tansee iPhone Transfer SMS
2014-11-03 14:45 - 2014-11-03 14:45 - 00001144 _____ () C:\Users\Jeff and Mel\Desktop\iPhone SMS.lnk
2014-11-03 14:45 - 2014-11-03 14:45 - 00000000 ____D () C:\Users\Jeff and Mel\Documents\Tansee
2014-11-03 14:45 - 2014-11-03 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tansee iPhone Transfer SMS
2014-11-03 14:44 - 2014-11-03 14:44 - 00000000 ____D () C:\Users\normal use\Downloads\New folder
2014-11-03 14:44 - 2014-11-03 14:44 - 00000000 ____D () C:\Users\normal use\Downloads\I phone app
2014-11-03 14:39 - 2014-11-03 14:39 - 00000000 ____D () C:\Users\normal use\AppData\Local\{417DB7C8-5B13-4DBA-8CBD-11ED96712AB9}
2014-11-03 10:30 - 2014-11-03 10:30 - 00000000 ____D () C:\Users\normal use\AppData\Local\{5528497E-3DFA-40B9-AF0A-5A12011EE89E}
2014-11-02 18:32 - 2014-11-02 18:32 - 00000000 ____D () C:\Users\normal use\AppData\Local\{DCFA9AB3-55C1-45E0-832C-544296037E9C}
2014-11-02 14:14 - 2014-11-02 14:14 - 00000000 ____D () C:\Users\normal use\AppData\Local\{1F5C25E3-8083-4A7E-85E9-918161AE86EA}
2014-11-01 16:15 - 2014-11-01 16:15 - 00000000 ____D () C:\Users\normal use\AppData\Local\{5672C128-A1D3-4C4F-8677-33A40ED0A18B}
2014-10-31 14:55 - 2014-10-31 14:56 - 00000000 ____D () C:\Users\normal use\AppData\Local\{01B2862E-80ED-4B0E-8473-D3491E607A44}
2014-10-31 08:10 - 2014-10-31 08:10 - 00000000 ____D () C:\Users\normal use\AppData\Local\{A93BBF91-1822-4481-933C-7E8D8F59C5E0}
2014-10-30 14:42 - 2014-10-30 14:42 - 00000000 ____D () C:\Users\normal use\AppData\Local\{D5D49F17-4764-41B1-B52C-B23D2900E0D4}
2014-10-30 12:39 - 2014-10-30 12:39 - 00000000 ____D () C:\Users\normal use\AppData\Local\{FA534F28-D94F-4565-89A9-2C4F0FE8DDF6}
2014-10-30 07:54 - 2014-10-30 07:54 - 00000000 ____D () C:\Users\normal use\AppData\Local\{D9C23AE4-4D9E-4471-A7D6-B012ADBA895B}
2014-10-29 21:32 - 2014-10-29 21:32 - 00093600 _____ () C:\Users\normal use\Desktop\getservice.txt
2014-10-29 14:03 - 2014-11-04 20:12 - 00014166 _____ () C:\Users\Jeff and Mel\Desktop\attach.txt
2014-10-29 14:03 - 2014-11-04 20:11 - 00020685 _____ () C:\Users\Jeff and Mel\Desktop\dds.txt
2014-10-29 13:20 - 2014-10-29 13:20 - 00000000 ____D () C:\Users\normal use\AppData\Local\{2228DA61-941E-4AA1-86A3-9886D6F6CCC6}
2014-10-29 12:24 - 2014-10-29 12:24 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\normal use\Downloads\tdsskiller.exe
2014-10-29 07:51 - 2014-10-29 07:51 - 00000000 ____D () C:\Users\normal use\AppData\Local\{93031919-B47F-40E0-ACC6-7009EE69C638}
2014-10-29 06:59 - 2014-10-29 06:59 - 00000000 ____D () C:\Users\normal use\AppData\Local\{4A4BBF2F-A3E6-4B05-BBE1-04348BABA4D5}
2014-10-28 19:40 - 2014-10-28 19:40 - 00485872 _____ () C:\Users\Jeff and Mel\Documents\cc_20141028_203820.reg
2014-10-28 19:38 - 2014-10-28 19:38 - 00000000 ____D () C:\Users\Jeff and Mel\Documents\cccleaner
2014-10-28 19:37 - 2014-10-28 19:37 - 00002786 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-10-28 19:37 - 2014-10-28 19:37 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-28 19:37 - 2014-10-28 19:37 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-28 18:50 - 2014-10-28 18:50 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\normal use\Desktop\tdsskiller.exe
2014-10-28 18:14 - 2014-10-28 18:14 - 04974864 _____ (Piriform Ltd) C:\Users\normal use\Downloads\ccsetup419.exe
2014-10-28 17:53 - 2014-10-28 17:53 - 00000000 ____D () C:\SUPERDelete
2014-10-28 11:09 - 2014-10-28 11:09 - 00000000 ____D () C:\Users\normal use\AppData\Local\{0C8FF64A-E92C-423F-BB3A-23E735BB6222}
2014-10-28 11:07 - 2014-10-28 11:07 - 00000000 ____D () C:\Users\normal use\AppData\Local\{B47D259D-0F12-4468-9BAB-4A7A5D2ACC40}
2014-10-28 08:02 - 2014-10-28 08:02 - 00000000 ____D () C:\Users\normal use\AppData\Local\{09401F77-60F8-4A99-8855-AB023CA26D17}
2014-10-27 07:58 - 2014-10-27 07:58 - 00000000 ____D () C:\Users\normal use\AppData\Local\{D24704D1-76EA-4D35-AB9C-FB11E2582F0A}
2014-10-26 08:20 - 2014-10-26 08:20 - 00000000 ____D () C:\Users\normal use\AppData\Local\{AB921711-FA37-411B-B09B-41946126D560}
2014-10-25 13:31 - 2014-10-25 13:31 - 00000000 ____D () C:\Users\normal use\AppData\Local\{38263DE8-5ECF-464E-B39C-8803D48B5AC6}
2014-10-24 22:14 - 2014-10-24 22:14 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-10-24 22:13 - 2014-10-24 22:13 - 00000000 ____D () C:\Program Files\Java
2014-10-24 22:10 - 2014-10-24 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-24 22:10 - 2014-10-24 22:09 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\1WindowsAccessBridge-32.dll
2014-10-24 22:09 - 2014-10-24 22:11 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-24 21:17 - 2014-10-24 21:04 - 14087848 _____ (Microsoft Corporation) C:\Users\normal use\Desktop\mseinstall.exe
2014-10-24 18:51 - 2014-10-24 18:51 - 04161313 _____ () C:\Users\Jeff and Mel\Downloads\tdsskiller.zip
2014-10-24 18:19 - 2014-10-24 18:19 - 00000000 ____D () C:\Users\Jeff and Mel\AppData\Roaming\SUPERAntiSpyware.com
2014-10-24 17:28 - 2014-10-24 17:28 - 00000000 ____D () C:\Users\normal use\AppData\Roaming\SUPERAntiSpyware.com
2014-10-24 17:27 - 2014-11-05 08:38 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-24 17:27 - 2014-10-24 17:27 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-10-24 17:27 - 2014-10-24 17:27 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-10-24 17:27 - 2014-10-24 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-10-24 17:25 - 2014-10-24 17:25 - 19944640 _____ (SUPERAntiSpyware) C:\Users\normal use\Documents\SUPERAntiSpyware.exe
2014-10-24 16:20 - 2014-11-04 08:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-24 16:19 - 2014-10-24 16:19 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-24 16:19 - 2014-10-24 16:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-24 16:19 - 2014-10-24 16:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-24 16:19 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-24 16:19 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-24 16:19 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-24 16:14 - 2014-10-24 16:15 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\normal use\Documents\mbam-setup-2.0.3.1025.exe
2014-10-24 09:10 - 2014-10-24 09:11 - 00000000 ____D () C:\Users\normal use\AppData\Local\{1521B1DB-309B-4284-BDEB-6DE61EC79AF9}
2014-10-24 08:11 - 2014-10-24 08:11 - 00000000 ____D () C:\Users\normal use\AppData\Local\{F25859AB-ED1E-4BBD-85F0-D8BEE6518A1D}
2014-10-23 07:38 - 2014-10-23 07:39 - 00000000 ____D () C:\Users\normal use\AppData\Local\{F98D2DC9-527D-415F-9B03-481CB2612CD1}
2014-10-22 11:31 - 2014-10-22 11:31 - 00000000 ____D () C:\Users\normal use\AppData\Local\{7EEFCB53-901B-44C0-9385-ED202F416D50}
2014-10-21 14:20 - 2014-10-21 14:21 - 00000000 ____D () C:\Users\normal use\AppData\Local\{07E6191D-B005-466F-95FB-278B20593213}
2014-10-21 09:38 - 2014-10-21 09:38 - 00000000 ____D () C:\Users\normal use\AppData\Local\{59260998-3B5D-4853-B050-BA39241D7769}
2014-10-21 07:22 - 2014-10-21 07:22 - 00000000 ____D () C:\Users\normal use\AppData\Local\{9A1AAFD1-05BD-4DB6-B649-B058935AC745}
2014-10-20 16:57 - 2014-11-02 07:56 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-20 09:25 - 2014-10-20 09:25 - 00000000 ____D () C:\Users\normal use\AppData\Local\{1D6A949D-E290-4C48-A305-2D3430C7F19D}
2014-10-19 19:37 - 2014-10-19 19:37 - 00000000 ____D () C:\Users\normal use\AppData\Local\{EE6F9676-77DE-481A-8B0A-A3092C7FD57E}
2014-10-18 07:36 - 2014-10-18 07:36 - 00000000 ____D () C:\Users\normal use\AppData\Local\{5968433F-B706-4090-9FD6-1D6ADA3213E8}
2014-10-17 10:19 - 2014-10-17 10:20 - 00000000 ____D () C:\Users\normal use\AppData\Local\{F8985BCC-B756-4103-B8BD-3CE14879CEC2}
2014-10-17 07:07 - 2014-10-17 07:07 - 00000000 ____D () C:\Users\normal use\AppData\Local\{E083B16A-F453-4A61-8BD4-73353D5E5D26}
2014-10-16 09:52 - 2014-10-16 09:53 - 00000000 ____D () C:\Users\normal use\AppData\Local\{197CB9AA-6AAF-4E36-B241-045BDEB31ADE}
2014-10-16 07:43 - 2014-10-09 20:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 07:43 - 2014-10-09 20:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 07:43 - 2014-10-09 20:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 07:43 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 07:43 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 07:43 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 07:43 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 07:43 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 07:43 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 07:43 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 07:42 - 2014-10-06 20:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 07:42 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 07:42 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 07:42 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 07:42 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 07:42 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 07:42 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 07:42 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 07:42 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 07:42 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 07:42 - 2014-09-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 07:42 - 2014-09-18 19:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 07:42 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 07:42 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 07:42 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 07:42 - 2014-09-18 19:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 07:42 - 2014-09-18 19:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 07:42 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 07:42 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 07:42 - 2014-09-18 19:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 07:42 - 2014-09-18 19:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 07:42 - 2014-09-18 19:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 07:42 - 2014-09-18 19:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 07:42 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 07:42 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 07:42 - 2014-09-18 19:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 07:42 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 07:42 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 07:42 - 2014-09-18 19:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 07:42 - 2014-09-18 19:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 07:42 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 07:42 - 2014-09-18 19:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 07:42 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 07:42 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 07:42 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 07:42 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 07:42 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 07:42 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 07:42 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 07:42 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 07:42 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 07:42 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 07:42 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 07:42 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 07:42 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 07:42 - 2014-09-18 18:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 07:42 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 07:42 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 07:42 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 07:42 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 07:42 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 07:42 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 07:42 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 07:42 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 07:42 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 07:42 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 07:42 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 07:42 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 07:41 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 07:41 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 07:41 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 07:41 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 07:41 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 07:41 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 07:41 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 07:41 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 07:41 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 07:41 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 07:41 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 07:41 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 07:41 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 07:41 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 07:41 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 07:41 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 07:41 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 07:41 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 07:40 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 07:40 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 07:33 - 2014-10-16 07:33 - 00000000 ____D () C:\Users\normal use\AppData\Local\{DB7A27AD-3710-45E0-B3EF-B57FB5FA5278}
2014-10-15 10:35 - 2014-10-15 10:35 - 00000000 ____D () C:\Users\normal use\AppData\Local\{E5749EF5-D023-404E-9AE4-7801DF589524}
2014-10-14 07:28 - 2014-10-14 07:28 - 00000000 ____D () C:\Users\normal use\AppData\Local\{EC638310-A434-4F10-A70C-47D2DAA0DA32}
2014-10-13 12:31 - 2014-10-13 12:31 - 00000000 ____D () C:\Users\normal use\AppData\Local\{4C1D79D5-3546-4F62-A888-73727B94D9EB}
2014-10-13 07:19 - 2014-10-13 07:19 - 00000000 ____D () C:\Users\normal use\AppData\Local\{94071D51-9D70-4D3B-AFC0-7B98C3597D90}
2014-10-11 13:22 - 2014-10-11 13:22 - 00000000 ____D () C:\Users\normal use\AppData\Local\{B43D7127-C058-48BB-A621-F553DF556D5D}
2014-10-10 15:23 - 2014-10-10 15:23 - 00000000 ____D () C:\Users\normal use\AppData\Local\{9C905E69-3C04-48CE-A0F2-2FA1146626EE}
2014-10-09 20:38 - 2014-10-09 20:38 - 00000000 ____D () C:\Users\normal use\AppData\Local\{C87576DC-4AA3-4C72-A6B1-F6494C71E19F}
2014-10-09 08:30 - 2014-10-09 08:30 - 00000000 ____D () C:\Users\normal use\AppData\Local\{6416F788-DA34-4F7F-B59F-EA4A3E96604C}
2014-10-08 13:31 - 2014-10-08 13:31 - 00000000 ____D () C:\Users\normal use\AppData\Local\{0111C883-327F-43E6-A7A2-A2C78471BD91}
2014-10-08 05:57 - 2014-10-08 05:57 - 00000000 ____D () C:\Users\normal use\AppData\Local\{94DCB83A-6FF2-4D37-89D7-DBDF44D7A0B3}
2014-10-07 07:31 - 2014-10-07 07:32 - 00000000 ____D () C:\Users\normal use\AppData\Local\{E7958F4D-ADFE-4F28-8DD9-FDD7235550F9}
2014-10-06 16:30 - 2014-10-06 16:30 - 00000000 ____D () C:\Users\normal use\AppData\Local\{353B6813-6F9D-4413-BC2C-490FF8F12894}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 08:48 - 2014-03-19 18:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-05 08:45 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-05 08:45 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-05 08:43 - 2010-11-12 11:05 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-05 08:43 - 2009-07-13 23:13 - 00795858 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-05 08:40 - 2011-09-18 22:46 - 00000000 ____D () C:\Users\normal use\AppData\Roaming\ID Vault
2014-11-05 08:40 - 2010-11-12 11:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-05 08:36 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-03 16:19 - 2010-01-11 23:31 - 00040358 _____ () C:\Users\normal use\AppData\Roaming\wklnhst.dat
2014-11-03 14:50 - 2011-07-31 14:00 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-11-02 19:35 - 2012-07-26 08:10 - 00000000 ____D () C:\Users\normal use\AppData\Local\CrashDumps
2014-11-01 23:00 - 2010-01-31 12:57 - 00000446 _____ () C:\Windows\Tasks\Norton Internet Security - Jeff and Mel - Full System Scan.job
2014-11-01 12:58 - 2009-07-13 23:08 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-29 13:47 - 2011-09-18 22:45 - 00000000 ____D () C:\Users\Jeff and Mel\AppData\Roaming\ID Vault
2014-10-29 13:44 - 2012-07-24 12:03 - 00000000 ____D () C:\Users\Jeff and Mel\AppData\Local\ID Vault
2014-10-28 19:42 - 2014-03-13 09:25 - 00000000 ____D () C:\Users\Jeff and Mel\AppData\Local\CrashDumps
2014-10-28 19:42 - 2009-08-19 12:34 - 00000000 ____D () C:\Windows\Panther
2014-10-28 17:53 - 2009-08-19 12:18 - 00000000 ____D () C:\Program Files (x86)\NetZeroPreloader
2014-10-28 17:53 - 2009-08-19 12:17 - 00000000 ____D () C:\Program Files (x86)\JunoPreloader
2014-10-28 05:34 - 2012-11-12 12:47 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-25 21:03 - 2010-01-09 23:25 - 00000000 ____D () C:\Program Files (x86)\SureThing Express Labeler
2014-10-25 18:47 - 2014-03-25 15:56 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-24 22:09 - 2010-01-17 21:54 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-24 21:20 - 2011-03-01 22:45 - 00002052 _____ () C:\Windows\epplauncher.mif
2014-10-24 16:19 - 2011-03-01 23:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-24 16:05 - 2011-09-18 22:46 - 00000000 ____D () C:\Users\normal use\AppData\Local\ID Vault
2014-10-17 18:38 - 2010-11-12 11:05 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-17 18:38 - 2010-11-12 11:05 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 02:33 - 2009-07-13 22:45 - 00477280 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 02:31 - 2014-05-01 11:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 02:05 - 2013-08-15 02:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 02:01 - 2010-01-09 20:47 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-08 05:58 - 2013-01-29 08:12 - 00049752 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\AntiLog64.sys
2014-10-08 05:58 - 2013-01-29 08:12 - 00000000 ____D () C:\Windows\SysWOW64\ZALSDK_uninst
2014-10-08 05:58 - 2011-09-18 22:44 - 00002163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Constant Guard.lnk
2014-10-08 05:58 - 2011-09-18 22:44 - 00002151 _____ () C:\Users\Public\Desktop\Constant Guard.lnk
2014-10-08 05:58 - 2011-09-18 22:44 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-02 16:54

==================== End Of Log ============================

 

 

 

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Jeff and Mel at 2014-11-05 08:57:27
Running from C:\Users\normal use\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Media Live Encoder 3.2 (HKLM-x32\...\{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}) (Version: 3.2.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Akamai NetSession Interface Service (HKLM-x32\...\Akamai) (Version:  - )
AntiLogger SDK version 1.7.6.367 (HKLM-x32\...\{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1) (Version: 1.7.6.367 - Zemana Ltd.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.50527 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{EDA9E418-06E0-1FCB-1210-838F1ED5FBE6}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (x32 Version: 2010.0527.1242.20909 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Comcast Access (HKLM-x32\...\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1) (Version: ComcastAccess-1.57 - Comcast Cable Communications Management LLC)
Comcast Access (x32 Version: 1.57 - Comcast Cable Communications Management LLC) Hidden
Comcast High-Speed Internet Install Wizard (HKLM-x32\...\ComcastHSI) (Version:  - Comcast Cable Communications, LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Constant Guard Protection Suite (HKLM-x32\...\ID Vault) (Version: 1.14.922.1 - Comcast)
Content Management Utility (HKLM-x32\...\{5BAB204E-AAB2-45DF-9C06-4473865892DF}) (Version: 1.1.00.04130 - Sony Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
HP Customer Experience Enhancements (HKLM-x32\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
HP Deskjet 2510 series Basic Device Software (HKLM\...\{293CC68A-32BA-4BA4-84BD-0DCF6583566F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Help (HKLM-x32\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3205 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
HydraVision (x32 Version: 4.2.166.0 - ATI Technologies Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 3.2.1.0 - Microsoft Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.220 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label Design Studio 5.0 (HKLM-x32\...\{2287E391-1CBD-4F1A-9D0B-B8E09D91B8A5}_is1) (Version: 5.0.689.1 - MicroVision Development, Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Move Media Player (HKCU\...\Move Media Player) (Version:  - Move Networks)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1229 - Electronic Arts)
Norton Security Suite (HKLM-x32\...\N360) (Version: 3.8.3.6 - Symantec Corporation)
Pinnacle Video Driver (HKLM\...\{5EB90C06-964F-4195-B83E-BD7E55C88415}) (Version: 12.00.0017 - Pinnacle Systems)
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QuickTime (HKLM-x32\...\{8DC42D05-680B-41B0-8878-6C14D24602DB}) (Version: 7.55.90.70 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.05 - Roxio)
Roxio Easy CD and DVD Burning (HKLM-x32\...\{6599091B-D42D-4765-ABC3-8B25E844C746}) (Version: 9.0.554 - Roxio)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.6 - SmartSound Software Inc.) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
SureThing Express Labeler (HKLM-x32\...\stax-Pinnacle_is1) (Version:  - MicroVision Development, Inc.)
System Checkup 3.5 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.1.17 - iolo technologies, LLC)
Tansee iPhone Transfer SMS 6.5.1.0 (HKLM-x32\...\Tansee iPhone Transfer SMS_is1) (Version: 6.5.1.0 - Tansee, Inc.)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live OneCare safety scanner (HKLM\...\Windows Live OneCare safety scanner) (Version:  - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 3.1.1.0 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Xilisoft Video Converter Platinum (HKLM-x32\...\Xilisoft Video Converter Platinum) (Version: 5.1.18.1211 - Xilisoft)
Zoner Photo Studio 12 (HKLM-x32\...\ZonerPhotoStudio12_EN_is1) (Version: 12.0.1.12 - ZONER software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1469705351-4241513676-1628539046-1000_Classes\CLSID\{BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B}\InprocServer32 -> C:\Program Files (x86)\Zoner\Photo Studio 12\Program\SHELLEXT64.DLL (ZONER software)
CustomCLSID: HKU\S-1-5-21-1469705351-4241513676-1628539046-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\normal use\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1469705351-4241513676-1628539046-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-1469705351-4241513676-1628539046-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\normal use\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1469705351-4241513676-1628539046-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\normal use\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1469705351-4241513676-1628539046-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\normal use\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1469705351-4241513676-1628539046-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\normal use\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1469705351-4241513676-1628539046-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\normal use\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1469705351-4241513676-1628539046-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\normal use\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1469705351-4241513676-1628539046-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\normal use\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1469705351-4241513676-1628539046-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\normal use\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

28-10-2014 14:06:02 Windows Update
31-10-2014 14:13:50 Windows Update
03-11-2014 20:48:45 Installed iTunes
04-11-2014 13:57:43 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1C2D18FE-951A-4DA9-AE9E-277C30BCCD23} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
Task: {2D25C856-B9A4-4019-A6D0-31944EF1E1F1} - System32\Tasks\Test TimeTrigger => C:\Users\JEFFAN~1\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {2F296E12-D80D-4734-8750-E4C371EA4349} - System32\Tasks\hpUtility.exe_{B46B7672-60A6-408A-9174-C5F8DA976355} => C:\Program Files\HP\HP Deskjet 2510 series\Bin\utils\hpUtility.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {4BED586B-AAC0-439D-971F-AB2C4B1D54EA} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-08-05] (CyberLink)
Task: {4F72A6A4-0D37-4EEC-87F9-28D148B05E68} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: {688D9A13-BBAF-4103-85F9-D7F8F288E1CD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {6A705770-4A1C-4DBC-B079-7C74AB88AA38} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {8114EC69-FB79-4019-9C9C-9A4E7949AA39} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk [2014-10-03] ()
Task: {99ED5067-F238-47A0-AEE8-0271BF879237} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
Task: {A1141ED6-3A7B-4144-9FDC-89C533FBE902} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {B341774D-B6F7-4253-BD54-5421B3B36996} - System32\Tasks\Norton Internet Security - Jeff and Mel - Full System Scan => C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\Navw32.exe
Task: {FB096925-C96F-4B85-BAB5-260D5B944664} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {FBDFF0AA-C2C3-454B-8CCB-8DD287E0D7D3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Internet Security - Jeff and Mel - Full System Scan.job => C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\Navw32.exe

==================== Loaded Modules (whitelisted) =============

2011-05-31 08:34 - 2006-11-27 02:55 - 00144896 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxcypp6c.dll
2010-01-11 22:02 - 2006-11-01 08:59 - 00049912 _____ () C:\Windows\system32\DLAAPI_W.DLL
2009-07-08 15:35 - 2009-07-08 15:35 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-07-13 15:03 - 2009-07-13 19:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2009-05-18 11:55 - 2009-05-18 11:55 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-05-18 11:55 - 2009-05-18 11:55 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-05-18 11:55 - 2009-05-18 11:55 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-09-22 14:30 - 2014-09-22 14:30 - 00548488 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.DLL
2009-08-05 14:45 - 2009-08-05 14:45 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\normal use\Documents\R_A # 000748393 Confirmation Attached.eml:OECustomProperty
AlternateDataStreams: C:\Users\normal use\Documents\Woodland Foods.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\05220721.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\21135328.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\21258971.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\28479010.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\05220721.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\21135328.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\21258971.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\28479010.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR300 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SymEFA.sys => ""="FSFilter Activity Monitor"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Jeff and Mel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GameStop Now.lnk => C:\Windows\pss\GameStop Now.lnk.Startup
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1469705351-4241513676-1628539046-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1469705351-4241513676-1628539046-1005 - Limited - Enabled)
Guest (S-1-5-21-1469705351-4241513676-1628539046-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1469705351-4241513676-1628539046-1003 - Limited - Enabled)
Jeff and Mel (S-1-5-21-1469705351-4241513676-1628539046-1000 - Administrator - Enabled) => C:\Users\Jeff and Mel
normal use (S-1-5-21-1469705351-4241513676-1628539046-1001 - Limited - Enabled) => C:\Users\normal use

==================== Faulty Device Manager Devices =============

Name: Realtek NDIS Protocol Driver
Description: Realtek NDIS Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RtNdPt60
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Atheros 802.11 a/b/g/n Dualband Wireless Network Module
Description: Atheros 802.11 a/b/g/n Dualband Wireless Network Module
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/05/2014 08:36:58 AM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (11/04/2014 10:10:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2068

Start Time: 01cff8a8f75dd0ff

Termination Time: 231

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (11/04/2014 09:32:03 AM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (11/04/2014 09:09:31 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/04/2014 09:09:31 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/04/2014 09:09:31 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/04/2014 09:09:31 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/04/2014 09:09:31 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (11/04/2014 09:09:22 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/04/2014 09:09:22 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)

System errors:
=============
Error: (11/05/2014 08:51:48 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/05/2014 08:37:29 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter

Error: (11/05/2014 08:36:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Realtek NDIS Protocol Driver service failed to start due to the following error:
%%577

Error: (11/05/2014 08:36:39 AM) (Source: Application Popup) (EventID: 876) (User: )
Description: Driver DLACDBHE.SYS has been blocked from loading.

Error: (11/04/2014 08:13:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/04/2014 09:32:19 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter

Error: (11/04/2014 09:32:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Realtek NDIS Protocol Driver service failed to start due to the following error:
%%577

Error: (11/04/2014 09:31:43 AM) (Source: Application Popup) (EventID: 876) (User: )
Description: Driver DLACDBHE.SYS has been blocked from loading.

Error: (11/04/2014 09:28:09 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/04/2014 09:28:09 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (11/05/2014 08:36:58 AM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (11/04/2014 10:10:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17344206801cff8a8f75dd0ff231C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (11/04/2014 09:32:03 AM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (11/04/2014 09:09:31 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (11/04/2014 09:09:31 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/04/2014 09:09:31 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/04/2014 09:09:31 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/04/2014 09:09:31 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (11/04/2014 09:09:22 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (11/04/2014 09:09:22 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)

CodeIntegrity Errors:
===================================
  Date: 2014-11-05 08:36:57.059
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RtNdPt60.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-05 08:36:56.699
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RtNdPt60.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-05 08:36:36.539
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-05 08:36:36.196
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-04 09:32:01.150
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RtNdPt60.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-04 09:32:00.776
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RtNdPt60.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-04 09:31:41.151
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-04 09:31:40.823
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RxFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-04 09:08:05.025
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RtNdPt60.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-04 09:08:04.675
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RtNdPt60.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 30%
Total physical RAM: 8191.18 MB
Available physical RAM: 5713.91 MB
Total Pagefile: 16380.54 MB
Available Pagefile: 13543.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:686.69 GB) (Free:305.34 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.84 GB) (Free:2.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=686.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=11.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:09:22 AM

Posted 07 November 2014 - 02:05 AM

Hi :)

I'm sorry for the delay, my work has swallowed me alive.


ESETOnline.png Scan with ESET Poweliks Cleaner

Please download ESET Poweliks Cleaner and save the file to your desktop.
  • Right-click on ESETOnline.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • If the tool will find Poweliks, you will be prompted Win32/Poweliks found in your system.
  • Press Y to continue the removal.
  • You should be noted that the tool succesfully removed the threat from your system.
  • The tool will also produce a logfile on your desktop, named ESETPoweliksCleaner_Date.Time.
Please attach this file to your next reply. To do so:
- after typing in your message, click More reply options instead of Post.
- below the post preview and the post editor, you should be able to see Attach files option - please click Choose file.
- in the pop-up window navigate to the desktop. Choose the one named ESETPoweliksCleaner_Date.Time.log and attach it.

If the file will be to big to attach it (it may happen), then please host it on a Dropbox account or a site like mediafire.com, providing me the link to the uploaded file.


51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!


Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.
  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).
Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
icon_idea.gif Don't forget to re-enable your previously switched-off protection software!

Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#7 grandstandvideo

grandstandvideo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 07 November 2014 - 10:16 PM

Hello there Naathim!

 

 

I ran both programs successfully.

 

Combofix.log  attached.

Link to the ESET log: 

https://www.dropbox.com/s/kth9qvmvm46tth4/ESETPoweliksCleaner.exe_20141107.092942.2604.log?dl=0

 

 

Your help is greatly appreciated.

 

Please note I still have 2 programs running I see in task manager that have no information for in the user name line and the description line.

If I try to close them I get access denied.

 

They are winlogon.exe and csrss.exe

 

The computer is experienced no problems restarting after running the programs

Attached File  ComboFix.txt   24.41KB   1 downloads

 

 

 

 

 

 

 

 

 

 



#8 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:09:22 AM

Posted 12 November 2014 - 03:37 AM

Hello and I am terribly sorry for the delay, I was totally out for the last days. Post back if you are still around and we will continue.

Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#9 grandstandvideo

grandstandvideo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 12 November 2014 - 09:31 AM

Yes I am. It would be great to finish this when you have time.



#10 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:09:22 AM

Posted 12 November 2014 - 03:47 PM

I have both time & desire, once again please accept my apologies for the delay.



FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.

Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#11 grandstandvideo

grandstandvideo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 14 November 2014 - 02:40 PM

Naathim,

 

Here are the 2 log files from Farbar.

 

Thank you,

Attached Files



#12 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:09:22 AM

Posted 15 November 2014 - 12:13 PM

This is just a heads-up, as I am unable to reply since I am on mobile.

I should have a full reply later tonight/tomorrow at the latest.

 

Naat


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#13 grandstandvideo

grandstandvideo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 16 November 2014 - 12:55 PM

Thanks for the update. 



#14 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:09:22 AM

Posted 17 November 2014 - 08:10 AM


51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!


Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.
  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).
Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
icon_idea.gif Don't forget to re-enable your previously switched-off protection software!

Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#15 grandstandvideo

grandstandvideo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 17 November 2014 - 10:04 AM

Combofix run successfully, Log attached and thank you.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users