Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

UpdateFlashPlayer persistant popup and possibly BOO/Cidox.b


  • This topic is locked This topic is locked
26 replies to this topic

#1 C088

C088

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 31 October 2014 - 12:12 AM

A few days ago I noticed that everything seemed really slow and occasionally I would get a pop up window to allow permission for UpdateFlashPlayer and the first time I think I clicked allow but it disappeared for a second and then came back again and every time I clicked decline it would come back. Then also a free trial of Avira antivirus detected a virus called Boo/Cidox b and I Googled it and found a link on this site to someone else who had it and how they got rid of it and I tried to follow along and get rid of it myself and it seemed like I managed to get rid of it using TDSSKiller and Malwarebytes Anti Malware but occasionally different things got detected and the computer crashed a few times and then just now I was watching a video and suddenly everything went black but the computer was still on and I held down the power button and now I'm in safe mode and it seems like there's still a lot of infections and I'd really appreciate if someone could help as it doesn't seem like I'm able to remove it all.

I do have uTorrent installed but I havent used it in a while and I try to be careful of anything I download but I know I should keep things more up to date and update anti-virus regularly.

 

Here are the results from DDS:

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17344 BrowserJavaVersion: 10.51.2
Run by Casey at 4:45:07 on 2014-10-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.4058.2145 [GMT 0:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\Casey\AppData\Roaming\Microsoft\Windows\IEUpdate\esentutl.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Users\Casey\AppData\Roaming\Microsoft\Windows\IEUpdate\esentutl.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = about:blank
mSearch Page = about:blank
mDefault_Page_URL = about:blank
mDefault_Search_URL = about:blank
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned>
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: FireShot: {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} -
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [AdobeBridge] <no file>
uRunOnce: [esentutl] "C:\Users\Casey\AppData\Roaming\Microsoft\Windows\IEUpdate\esentutl.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\Users\Casey\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\esentutl.lnk - C:\Users\Casey\AppData\Roaming\Microsoft\Windows\IEUpdate\esentutl.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
uPolicies-Explorer: Run = "C:\Users\Casey\AppData\Roaming\Microsoft\Windows\IEUpdate\esentutl.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Casey\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - C:\Users\Casey\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{669B5E7F-7CB9-4BCF-AEDE-E9DDF7FB9F0F} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{669B5E7F-7CB9-4BCF-AEDE-E9DDF7FB9F0F}\35B4954463432473 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{669B5E7F-7CB9-4BCF-AEDE-E9DDF7FB9F0F}\94E4455425E45445 : DHCPNameServer = 192.168.9.254
TCP: Interfaces\{669B5E7F-7CB9-4BCF-AEDE-E9DDF7FB9F0F}\D495023465 : DHCPNameServer = 167.206.254.1 167.206.254.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-mSearch Page = about:blank
x64-mDefault_Page_URL = about:blank
x64-mDefault_Search_URL = about:blank
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned>
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: FireShot: {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} -
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\qsxx64z4.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Casey\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Casey\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.autoDisableScopes - 14
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-6-23 55856]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2012-4-29 272448]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-6-23 76912]
S1 avkmgr;avkmgr;C:\windows\System32\drivers\avkmgr.sys [2013-4-1 28600]
S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-23 431920]
S2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-12-23 431920]
S2 avgntflt;avgntflt;C:\windows\System32\drivers\avgntflt.sys [2013-4-1 119272]
S2 Avira.OE.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-9-23 160560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-26 1871160]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-26 968504]
S2 nlsX86cc;Nalpeiron Licensing Service;C:\windows\System32\nlssrv32.exe --> C:\windows\System32\nlssrv32.exe [?]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
S2 SpyHunter 4 Service;SpyHunter 4 Service;C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [2014-10-27 1025920]
S3 bbcap;bb_capture_driver;C:\windows\System32\drivers\bbcap.sys [2011-11-10 4608]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2013-10-1 77352]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2011-6-23 172704]
S3 EsgScanner;EsgScanner;C:\windows\System32\drivers\EsgScanner.sys [2014-10-27 22704]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-3-20 1431888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-10-24 111616]
S3 LVUVC64;Logitech Webcam C210(UVC);C:\windows\System32\drivers\lvuvc64.sys [2011-8-19 4869024]
S3 MADFUOZONE;Service for M-Audio Ozone DFU;C:\windows\System32\drivers\MAudioOzone_DFU.sys [2010-3-31 46088]
S3 MAUSBOZONE;Service for M-Audio Ozone;C:\windows\System32\drivers\MAudioOzone.sys [2010-3-31 187912]
S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-10-26 25816]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-10-26 129752]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-10-26 63704]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-12-24 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-6-23 232480]
S3 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2012-11-8 15552]
S3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
S3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
S3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
S3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 StkTMini;Syntek AVStream USB2.0 ATV;C:\windows\System32\drivers\StkTMini.sys [2012-6-10 528256]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-12-24 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-12-24 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-8-13 1255736]
S3 ZMHHPAudioSrv;ZOOM H Series High Performance Audio Driver Service;C:\windows\System32\drivers\zmhhpau.sys [2011-3-9 43520]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-6-23 98208]
S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-23 13336]
S4 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-12-16 5827072]
S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-6-23 689472]
S4 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-10-29 03:46:40 134200 ----a-w- C:\ProgramData\Microsoft\Crypto\RSA64\temp\tmpF67.exe
2014-10-28 22:07:46 647168 ----a-w- C:\ProgramData\Microsoft\Crypto\RSA64\temp\tmpB3AA.exe
2014-10-28 21:51:43 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8A39E8D2-B664-4AC9-9A2C-E015C5C9EF89}\offreg.dll
2014-10-28 01:15:47 -------- d-----w- C:\AdwCleaner
2014-10-27 19:09:46 -------- d-----w- C:\Users\Casey\AppData\Roaming\Enigma Software Group
2014-10-27 19:08:23 -------- d-----w- C:\sh4ldr
2014-10-27 19:02:05 22704 ----a-w- C:\windows\System32\drivers\EsgScanner.sys
2014-10-27 19:01:08 -------- d-----w- C:\Program Files\Enigma Software Group
2014-10-27 06:00:14 2319872 ----a-w- C:\ProgramData\Microsoft\Crypto\RSA64\rsa64.dll
2014-10-27 05:55:02 0 ----a-w- C:\windows\SysWow64\sho8BC9.tmp
2014-10-26 22:12:30 -------- d-----w- C:\Users\Casey\AppData\Local\Oqjics
2014-10-26 22:09:41 -------- d-----w- C:\Users\Casey\AppData\Local\Omics
2014-10-26 22:09:07 86016 ----a-w- C:\ProgramData\Microsoft\Crypto\RSA64\temp\tmpD051.exe
2014-10-26 15:57:17 49320 ----a-w- C:\windows\System32\drivers\iSafeNetFilter.sys
2014-10-26 15:57:16 -------- d-----w- C:\windows\System32\log
2014-10-26 15:56:26 -------- d-----w- C:\Users\Casey\AppData\Roaming\Elex-tech
2014-10-26 03:58:56 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-10-26 03:58:30 93400 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-10-26 03:58:30 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-10-26 03:58:30 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-10-26 03:58:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-26 03:25:45 -------- d-----w- C:\Program Files (x86)\ESET
2014-10-26 02:43:58 -------- d-----w- C:\Users\Casey\My Online Documents
2014-10-26 02:32:52 -------- d-----w- C:\TDSSKiller_Quarantine
2014-10-26 02:25:00 -------- d-----w- C:\FRST
2014-10-26 01:53:35 -------- d-----w- C:\Users\Casey\AppData\Local\CrashDumps
2014-10-26 01:50:40 -------- d-----w- C:\NPE
2014-10-26 00:51:01 -------- d-----w- C:\Users\Casey\AppData\Local\NPE
2014-10-26 00:51:01 -------- d-----w- C:\ProgramData\Norton
2014-10-24 18:07:01 -------- d-----w- C:\ProgramData\Package Cache
2014-10-24 18:04:02 43064 ----a-w- C:\windows\System32\drivers\avnetflt.sys
2014-10-24 02:36:17 0 ----a-w- C:\windows\SysWow64\sho1662.tmp
2014-10-24 02:21:28 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8A39E8D2-B664-4AC9-9A2C-E015C5C9EF89}\mpengine.dll
2014-10-24 00:48:02 44032 ----a-w- C:\windows\System32\tsgqec.dll
2014-10-24 00:48:02 37376 ----a-w- C:\windows\SysWow64\tsgqec.dll
2014-10-24 00:48:02 1050112 ----a-w- C:\windows\SysWow64\mstsc.exe
2014-10-24 00:48:01 4922368 ----a-w- C:\windows\SysWow64\mstscax.dll
2014-10-24 00:48:01 322560 ----a-w- C:\windows\System32\aaclient.dll
2014-10-24 00:48:01 269312 ----a-w- C:\windows\SysWow64\aaclient.dll
2014-10-24 00:48:01 1125888 ----a-w- C:\windows\System32\mstsc.exe
2014-10-24 00:48:00 5780480 ----a-w- C:\windows\System32\mstscax.dll
2014-10-24 00:47:59 3179520 ----a-w- C:\windows\System32\rdpcorets.dll
2014-10-24 00:42:37 77312 ----a-w- C:\windows\System32\packager.dll
2014-10-24 00:42:37 67072 ----a-w- C:\windows\SysWow64\packager.dll
2014-10-24 00:42:33 81560 ----a-w- C:\windows\SysWow64\mscories.dll
2014-10-24 00:42:33 73880 ----a-w- C:\windows\System32\mscories.dll
2014-10-24 00:42:33 1943696 ----a-w- C:\windows\System32\dfshim.dll
2014-10-24 00:42:33 156824 ----a-w- C:\windows\SysWow64\mscorier.dll
2014-10-24 00:42:33 156312 ----a-w- C:\windows\System32\mscorier.dll
2014-10-24 00:42:33 1131664 ----a-w- C:\windows\SysWow64\dfshim.dll
2014-10-24 00:42:30 424448 ----a-w- C:\windows\System32\rastls.dll
2014-10-24 00:42:30 372736 ----a-w- C:\windows\SysWow64\rastls.dll
2014-10-24 00:42:30 3198976 ----a-w- C:\windows\System32\win32k.sys
2014-10-24 00:42:11 404480 ----a-w- C:\windows\System32\gdi32.dll
2014-10-24 00:42:11 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
2014-10-22 21:24:08 2620928 ----a-w- C:\windows\System32\wucltux.dll
2014-10-22 21:23:45 97792 ----a-w- C:\windows\System32\wudriver.dll
2014-10-22 21:23:45 92672 ----a-w- C:\windows\SysWow64\wudriver.dll
2014-10-22 21:23:24 36864 ----a-w- C:\windows\System32\wuapp.exe
2014-10-22 21:23:24 33792 ----a-w- C:\windows\SysWow64\wuapp.exe
2014-10-22 21:23:24 198600 ----a-w- C:\windows\System32\wuwebv.dll
2014-10-22 21:23:24 179656 ----a-w- C:\windows\SysWow64\wuwebv.dll
.
==================== Find3M ====================
.
2014-10-24 17:29:54 28600 ----a-w- C:\windows\System32\drivers\avkmgr.sys
2014-10-24 17:29:44 119272 ----a-w- C:\windows\System32\drivers\avgntflt.sys
2014-10-02 14:53:02 278152 ------w- C:\windows\System32\MpSigStub.exe
2014-09-25 22:32:04 2017280 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\windows\System32\inetcpl.cpl
2014-09-19 01:56:02 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\windows\SysWow64\wininet.dll
2008-04-02 13:44:15 61440 ----a-w- C:\Program Files (x86)\RGSGrowBounds.aex
.
============= FINISH: 4:48:41.39 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:04 PM

Posted 02 November 2014 - 09:28 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi C088,

I must give you this warning:
 
Looking through your logs, one or more of your infections has been identified as a Backdoor Trojan. These threats have backdoor functionality which allows hackers to remotely control your computer, steal critical system information, and download and execute files.
 
I highly suggest you to disconnect this PC from the Internet immediately, and if possible use a clean computer and a flash drive to transfer the programs I request for you to run. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. It would be wise to contact those same financial institutions to notify them of your situation.
 
Due to the nature of this trojan, your computer is very likely to be compromised. There is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
 
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 
We can still clean this machine, but I can't guarantee that it will be 100% secure afterwards. If you decide to continue cleaning this machine, follow on with the rest of the steps posted below. If you do not want to clean this machine, please let me know.

--------------
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 C088

C088
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 02 November 2014 - 11:42 AM

Thanks xXToffeeXx,

I don't have any credit cards or anything so that should be fine at least.

So the only way to be sure its clean would be to reformat and reinstall the OS?

And if I do that then the computer should be able to be trusted and used for banking or anything like that in future right?

And if I make a list of the programs installed and settings and bookmarks and things and copy any files I want to keep onto an external hard drive then I should be able to transfer them back after and install the programs again and it would be basically the same as it is now, minus any virus's or malware right? Or would it be best not to copy files in case they're infected too?

and if I'm going to reformat and reinstall then there's not much point trying to remove the virus's and malware is there?

If thats the case then it seems like reformatting and reinstalling the OS would be the best option for me but the only thing is I don't have a reinstall disc and there were no discs included when I bought my computer, but I guess thats not your problem and I should be able to sort that out myself.

There's not any other disadvantages to reformatting and reinstalling that I've missed is there? 

It seems like it will take a while but other then that I couldn't find any disadvantages to it and trying to remove all the virus's would take a while too anyway wouldn't it?

 

I ran FRST anyway in the mean time.

Thanks for your help so far:)

 

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Casey (administrator) on CASEY-PC on 02-11-2014 15:09:48
Running from C:\Users\Casey\Downloads
Loaded Profile: Casey (Available profiles: Casey)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-24] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-775965781-4164882395-2063249504-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-775965781-4164882395-2063249504-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-775965781-4164882395-2063249504-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-775965781-4164882395-2063249504-1000\...\MountPoints2: {213b1c5f-2d48-11e3-a15a-18037363d166} - E:\AutoRun.exe
HKU\S-1-5-21-775965781-4164882395-2063249504-1000\...\MountPoints2: {68e0633c-2283-11e2-816d-18037363d166} - F:\AutoRun.exe
HKU\S-1-5-21-775965781-4164882395-2063249504-1000\...\MountPoints2: {bea00ad0-b29d-11e0-b3e7-18037363d166} - E:\AutoRun.exe
HKU\S-1-5-21-775965781-4164882395-2063249504-1000\...\MountPoints2: {d31d9f60-ae87-11e2-886a-18037363d166} - E:\AutoRun.exe
ShellIconOverlayIdentifiers: [1CryptoProviderIcons] -> {24808826-C2BF-4269-B3BA-89D1D5F431A4} => C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x63992B378584CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
SearchScopes: HKCU - {A707C749-2094-4831-802E-BF69E5DD738C} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\qsxx64z4.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin64-0.93.dll No File
Toolbar: HKLM-x32 - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\qsxx64z4.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.93.dll No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\windows\system32\urlmon.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\qsxx64z4.default
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.amaizingsearches.info/?pid=1810&r=2014/04/21&hid=12252970024118127981&lg=EN&cc=US&unqvl=51&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: about:home
FF Keyword.URL: hxxp://websearch.amaizingsearches.info/?pid=1810&r=2014/04/21&hid=12252970024118127981&lg=EN&cc=US&unqvl=51&l=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Casey\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Casey\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Casey\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\qsxx64z4.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\qsxx64z4.default\searchplugins\btjunkie.xml
FF SearchPlugin: C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\qsxx64z4.default\searchplugins\search.xml
FF SearchPlugin: C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\qsxx64z4.default\searchplugins\youtube-video-search.xml
FF Extension: Avira Browser Safety - C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\qsxx64z4.default\Extensions\abs@avira.com [2014-10-24]
FF Extension: Ant Video Downloader - C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\qsxx64z4.default\Extensions\anttoolbar@ant.com [2014-08-21]
FF Extension: FireShot - C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\qsxx64z4.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-08-21]
FF Extension: PSFactoryBuffer - C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\qsxx64z4.default\Extensions\{2F9D2134-58EE-7F74-2E5E-7D9A3813D509} [2014-10-26]
FF Extension: Html Validator - C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\qsxx64z4.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2013-11-25]
FF Extension: Cryptocat - C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\qsxx64z4.default\Extensions\cryptocat@crypto.cat.xpi [2014-07-19]
FF Extension: Firebug - C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\qsxx64z4.default\Extensions\firebug@software.joehewitt.com.xpi [2011-10-02]
FF Extension: Total Validator - C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\qsxx64z4.default\Extensions\validator@totalvalidator.com.xpi [2012-02-17]
FF Extension: NoScript - C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\qsxx64z4.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-06-20]
FF Extension: Greasemonkey - C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\qsxx64z4.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-12-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-02]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-12-04]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (PSFactoryBuffer) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-10-29]
CHR Extension: (YouTube) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-17]
CHR Extension: (Google Search) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-17]
CHR Extension: (Avira Browser Safety) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-24]
CHR Extension: (Google Wallet) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-29]
CHR Extension: (Gmail) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-24] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S4 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5827072 2011-12-16] (Native Instruments GmbH) [File not signed]
R2 nlsX86cc; C:\windows\SysWOW64\nlssrv32.exe [66560 2010-11-22] (Nalpeiron Ltd.) [File not signed]
S4 OzoneInstallerService; C:\Program Files (x86)\M-Audio Ozone\Install\Ozinst.exe [45056 2011-07-27] (Nemesis) [File not signed]
S3 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [15552 2012-11-08] (Seagate Technology LLC)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-03-24] (SolidWorks) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2014-10-27] (Enigma Software Group USA, LLC.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-24] (Avira Operations GmbH & Co. KG)
R3 bbcap; C:\Windows\System32\DRIVERS\bbcap.sys [4608 2011-11-10] (Windows ® Codename Longhorn DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [272448 2012-04-29] (DT Soft Ltd)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2014-10-27] ()
S3 MADFUOZONE; C:\Windows\System32\DRIVERS\MAudioOzone_DFU.sys [46088 2010-03-31] (M-Audio)
S3 MAUSBOZONE; C:\Windows\System32\DRIVERS\MAudioOzone.sys [187912 2010-03-31] (Avid Technology, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-02] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S2 Nsynas32; C:\Windows\SysWow64\Drivers\Nsynas32.sys [17784 2000-06-16] (Syncrosoft Hard- und Software GmbH) [File not signed]
R3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [82048 2012-01-08] (VSO Software) [File not signed]
S3 RDID1027; C:\Windows\System32\Drivers\rdwm1027.sys [81920 2009-09-18] (Roland Corporation)
S3 StkTMini; C:\Windows\System32\Drivers\StkTMini.sys [528256 2007-11-15] (Syntek)
S0 TPkd; C:\Windows\SysWow64\Drivers\TPkd.sys [69920 2005-09-27] (PACE Anti-Piracy, Inc.) [File not signed]
R1 WinFPdrv; C:\Windows\SysWow64\WinFPdrv.sys [33168 2012-01-03] ()
S3 ZMHHPAudioSrv; C:\Windows\System32\drivers\zmhhpau.sys [43520 2011-03-09] (ZOOM)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 15:09 - 2014-11-02 15:11 - 00020234 _____ () C:\Users\Casey\Downloads\FRST.txt
2014-11-02 14:54 - 2014-11-02 14:54 - 00000000 ____D () C:\Users\Casey\Downloads\FRST-OlderVersion
2014-11-01 03:51 - 2014-11-01 03:51 - 00005227 _____ () C:\Users\Casey\Documents\index.htm
2014-10-31 04:49 - 2014-10-31 04:53 - 00024231 _____ () C:\Users\Casey\Desktop\attach.txt
2014-10-31 04:49 - 2014-10-31 04:52 - 00022444 _____ () C:\Users\Casey\Desktop\dds.txt
2014-10-30 22:22 - 2014-10-30 22:25 - 06630207 _____ () C:\Users\Casey\Downloads\The Beatles - When I'm Sixty-Four Piano And Vocal Track With Partial Clarinet.mp4
2014-10-30 22:15 - 2014-10-30 22:17 - 08636638 _____ () C:\Users\Casey\Downloads\The Beatles - When I'm 64 (isolated drums and piano).mp4
2014-10-30 08:22 - 2014-10-30 08:37 - 78997665 _____ () C:\Users\Casey\Downloads\!!! KRIMH - DESTROY REPLACE CREATE !!!.mp4
2014-10-30 05:50 - 2014-10-30 05:50 - 00000000 ____D () C:\Users\Casey\Downloads\TB-MTMasters(1967)
2014-10-30 04:26 - 2014-10-30 04:27 - 03002922 _____ () C:\Users\Casey\Downloads\PM53-XX.igs
2014-10-29 22:35 - 2014-10-29 22:43 - 38307623 _____ () C:\Users\Casey\Downloads\Deconstructing Sgt. Pepper.mp4
2014-10-29 22:35 - 2014-10-29 22:38 - 08527006 _____ () C:\Users\Casey\Downloads\The Beatles - Shes leaving home vocals only.mp4
2014-10-29 18:47 - 2014-10-29 18:47 - 00000065 _____ () C:\Users\Casey\Desktop\programs.ps1
2014-10-29 16:00 - 2014-10-29 16:08 - 25385251 _____ () C:\Users\Casey\Downloads\Automated Garden.mp4
2014-10-29 15:54 - 2014-10-29 15:54 - 00007116 _____ () C:\Users\Casey\Downloads\timedFinger.zip
2014-10-29 15:45 - 2014-10-29 15:45 - 00013961 _____ () C:\Users\Casey\Downloads\FRUIT AND VEG WORKSHEET (1)-1 (1) (1).xlsx
2014-10-29 04:22 - 2014-10-29 04:22 - 00000592 _____ () C:\ProgramData\SMRResults430.dat
2014-10-28 05:46 - 2014-10-28 05:46 - 00057032 _____ () C:\Users\Casey\Downloads\robotgeek-joystick-eagle.zip
2014-10-28 01:15 - 2014-10-28 01:34 - 00000000 ____D () C:\AdwCleaner
2014-10-28 01:14 - 2014-10-28 01:15 - 01998336 _____ () C:\Users\Casey\Downloads\adwcleaner_4.002.exe
2014-10-27 19:10 - 2014-10-27 19:10 - 00388576 _____ () C:\windows\system32\GDIPFONTCACHEV1.DAT
2014-10-27 19:09 - 2014-10-27 19:09 - 00001089 _____ () C:\Users\Casey\Desktop\SpyHunter.lnk
2014-10-27 19:09 - 2014-10-27 19:09 - 00000000 ____D () C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-10-27 19:09 - 2014-10-27 19:09 - 00000000 ____D () C:\Users\Casey\AppData\Roaming\Enigma Software Group
2014-10-27 19:08 - 2014-10-27 19:09 - 00000000 ____D () C:\sh4ldr
2014-10-27 19:02 - 2014-10-27 19:02 - 00022704 _____ () C:\windows\system32\Drivers\EsgScanner.sys
2014-10-27 19:01 - 2014-10-27 19:01 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-27 18:45 - 2014-10-27 18:45 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Casey\Downloads\iExplore64.exe
2014-10-27 18:45 - 2014-10-27 18:45 - 00000000 ____D () C:\Users\Casey\Desktop\rkill
2014-10-27 18:09 - 2014-10-27 18:09 - 00111866 _____ () C:\Users\Casey\Downloads\Open_Source_Robotic_Arm.zip
2014-10-27 05:55 - 2014-10-28 17:18 - 00014434 _____ () C:\windows\PFRO.log
2014-10-27 05:55 - 2014-10-27 05:55 - 00000000 _____ () C:\windows\SysWOW64\sho8BC9.tmp
2014-10-27 03:52 - 2014-10-27 03:52 - 00278528 _____ () C:\Users\Casey\Downloads\chapter_4_mass_spectrometer.ppt
2014-10-27 03:41 - 2014-10-27 03:59 - 89890921 _____ () C:\Users\Casey\Downloads\Cuireadh Chun Cainte.mp4
2014-10-27 02:09 - 2014-10-27 02:12 - 18874792 _____ () C:\Users\Casey\Downloads\How to Play Fingerstyle Guitar.mp4
2014-10-27 01:39 - 2014-10-27 01:46 - 24639985 _____ () C:\Users\Casey\Downloads\Gutiar World- John Petrucci- Play Fast.mp4
2014-10-26 23:49 - 2014-10-26 23:49 - 00000117 _____ () C:\Users\Casey\Downloads\bloggertoblogger.cs
2014-10-26 23:13 - 2014-10-26 23:14 - 05253183 _____ () C:\Users\Casey\Downloads\how to improve study results by 50 % using spaced repetition and flashcards !.mp4
2014-10-26 22:12 - 2014-10-30 08:53 - 00000000 ____D () C:\Users\Casey\AppData\Local\Oqjics
2014-10-26 22:09 - 2014-10-30 04:17 - 00000000 ____D () C:\Users\Casey\AppData\Local\Omics
2014-10-26 19:45 - 2014-10-27 18:57 - 00007848 _____ () C:\Users\Casey\Desktop\Rkill.txt
2014-10-26 19:43 - 2014-10-26 19:43 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Casey\Downloads\iExplore.exe
2014-10-26 15:57 - 2014-10-28 01:34 - 00000000 ____D () C:\windows\system32\log
2014-10-26 15:57 - 2014-09-22 12:13 - 00049320 _____ (Elex do Brasil Participações Ltda) C:\windows\system32\Drivers\iSafeNetFilter.sys
2014-10-26 15:56 - 2014-10-26 15:56 - 00000000 ____D () C:\Users\Casey\AppData\Roaming\Elex-tech
2014-10-26 15:52 - 2014-10-26 15:54 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Casey\Downloads\SpyHunter-Installer (1).exe
2014-10-26 15:50 - 2014-10-26 15:53 - 15578360 _____ (Elex do Brasil Participações Ltda) C:\Users\Casey\Downloads\yet_another_cleaner_sk_6030551.exe
2014-10-26 14:57 - 2014-10-26 14:57 - 00855552 _____ () C:\Users\Casey\Downloads\chapter_16_rates.ppt
2014-10-26 14:45 - 2014-10-26 14:53 - 19529864 _____ () C:\Users\Casey\Downloads\Bullet Journal- Making Of-HD.mp4
2014-10-26 14:45 - 2014-10-26 14:52 - 15344173 _____ () C:\Users\Casey\Downloads\Bullet Journal-SD.mp4
2014-10-26 03:58 - 2014-11-02 14:04 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-26 03:58 - 2014-10-26 05:12 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-26 03:58 - 2014-10-26 05:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-26 03:58 - 2014-10-26 05:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-26 03:58 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-26 03:58 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-26 03:58 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-10-26 03:25 - 2014-10-26 03:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-26 03:20 - 2014-10-26 03:20 - 02347384 _____ (ESET) C:\Users\Casey\Downloads\esetsmartinstaller_enu.exe
2014-10-26 02:32 - 2014-10-26 02:32 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-10-26 02:29 - 2014-10-26 02:29 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Casey\Downloads\SpyHunter-Installer.exe
2014-10-26 02:25 - 2014-11-02 15:10 - 00000000 ____D () C:\FRST
2014-10-26 02:22 - 2014-11-02 14:54 - 02114560 _____ (Farbar) C:\Users\Casey\Downloads\FRST64.exe
2014-10-26 01:59 - 2014-10-26 02:01 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Casey\Downloads\tdsskiller.exe
2014-10-26 01:53 - 2014-10-27 06:17 - 00000000 ____D () C:\Users\Casey\AppData\Local\CrashDumps
2014-10-26 01:50 - 2014-10-28 18:20 - 00000000 ____D () C:\NPE
2014-10-26 01:49 - 2014-10-28 01:34 - 00109162 _____ () C:\windows\ntbtlog.txt.bak
2014-10-26 00:51 - 2014-10-29 03:46 - 00000000 ____D () C:\Users\Casey\AppData\Local\NPE
2014-10-26 00:51 - 2014-10-26 00:51 - 00000000 ____D () C:\ProgramData\Norton
2014-10-26 00:48 - 2014-10-26 00:49 - 03060320 ____N (Symantec Corporation) C:\Users\Casey\Downloads\NPE.exe
2014-10-25 15:03 - 2014-10-25 15:03 - 01212614 _____ () C:\Users\Casey\Downloads\UR5.STEP.zip
2014-10-25 14:47 - 2014-10-25 15:00 - 40483003 _____ () C:\Users\Casey\Downloads\8ba89f50-3ccd-4361-9b9a-60bdd0662ac6_LOW_PAYLOADS.zip
2014-10-25 14:47 - 2014-10-25 14:50 - 04566580 _____ () C:\Users\Casey\Downloads\8ba89f50-3ccd-4361-9b9a-60bdd0662ac6_KRC4_Controllers_step.zip
2014-10-25 14:47 - 2014-10-25 14:48 - 00276860 _____ () C:\Users\Casey\Downloads\8ba89f50-3ccd-4361-9b9a-60bdd0662ac6_KR6_16_Pedestal_stp.zip
2014-10-25 14:47 - 2014-10-25 14:47 - 00109494 _____ () C:\Users\Casey\Downloads\8ba89f50-3ccd-4361-9b9a-60bdd0662ac6_KR16L6-2KS_R14m_dxf.zip
2014-10-25 14:36 - 2014-10-25 14:37 - 01817600 _____ () C:\Users\Casey\Downloads\06._industrial_robotics.ppt
2014-10-25 02:45 - 2014-10-25 02:45 - 00404644 _____ () C:\Users\Casey\Downloads\$50.zip
2014-10-25 02:41 - 2014-10-25 02:41 - 00100347 _____ () C:\Users\Casey\Downloads\50buck bot.zip
2014-10-25 02:34 - 2014-10-25 02:34 - 00141590 _____ () C:\Users\Casey\Downloads\arduino_Uno_Rev3-02-TH.zip
2014-10-25 00:00 - 2014-11-02 14:02 - 00001008 _____ () C:\windows\setupact.log
2014-10-25 00:00 - 2014-10-25 00:00 - 00000000 _____ () C:\windows\setuperr.log
2014-10-24 23:21 - 2014-10-24 23:32 - 00060609 _____ () C:\Users\Casey\Downloads\constitution_and_rules.pdf.part
2014-10-24 21:59 - 2014-10-24 22:00 - 00600296 _____ () C:\Users\Casey\Desktop\cc_20141024_2258.reg
2014-10-24 18:20 - 2014-10-24 18:20 - 00001135 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-24 18:07 - 2014-10-24 18:20 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-24 18:04 - 2014-10-24 17:30 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-10-24 02:36 - 2014-10-24 02:36 - 00000000 _____ () C:\windows\SysWOW64\sho1662.tmp
2014-10-24 01:10 - 2014-10-07 02:54 - 00378552 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-24 01:10 - 2014-10-07 02:04 - 00331448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-24 01:10 - 2014-09-25 22:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-24 01:10 - 2014-09-25 22:46 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-24 01:10 - 2014-09-25 22:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-24 01:10 - 2014-09-25 22:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-24 01:10 - 2014-09-25 22:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-24 01:10 - 2014-09-25 22:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-24 01:10 - 2014-09-25 22:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-24 01:10 - 2014-09-19 02:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-24 01:10 - 2014-09-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-24 01:10 - 2014-09-19 01:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-10-24 01:10 - 2014-09-19 01:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-24 01:10 - 2014-09-19 01:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-24 01:10 - 2014-09-19 01:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-24 01:10 - 2014-09-19 01:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-24 01:10 - 2014-09-19 01:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-10-24 01:10 - 2014-09-19 01:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-24 01:10 - 2014-09-19 01:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-24 01:10 - 2014-09-19 01:31 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-24 01:10 - 2014-09-19 01:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-24 01:10 - 2014-09-19 01:27 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-24 01:10 - 2014-09-19 01:26 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-10-24 01:10 - 2014-09-19 01:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-24 01:10 - 2014-09-19 01:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-24 01:10 - 2014-09-19 01:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-10-24 01:10 - 2014-09-19 01:18 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-24 01:10 - 2014-09-19 01:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-24 01:10 - 2014-09-19 01:14 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-24 01:10 - 2014-09-19 01:06 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-24 01:10 - 2014-09-19 01:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-10-24 01:10 - 2014-09-19 01:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-24 01:10 - 2014-09-19 01:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-24 01:10 - 2014-09-19 01:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-10-24 01:10 - 2014-09-19 01:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-24 01:10 - 2014-09-19 00:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-10-24 01:10 - 2014-09-19 00:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-24 01:10 - 2014-09-19 00:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-24 01:10 - 2014-09-19 00:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-24 01:10 - 2014-09-19 00:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-24 01:10 - 2014-09-19 00:51 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-10-24 01:10 - 2014-09-19 00:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-10-24 01:10 - 2014-09-19 00:49 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-10-24 01:10 - 2014-09-19 00:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-24 01:10 - 2014-09-19 00:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-24 01:10 - 2014-09-19 00:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-10-24 01:10 - 2014-09-19 00:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-24 01:10 - 2014-09-19 00:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-24 01:10 - 2014-09-19 00:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-24 01:10 - 2014-09-19 00:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-24 01:10 - 2014-09-19 00:18 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-10-24 01:10 - 2014-09-19 00:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-24 01:10 - 2014-09-18 23:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-24 01:10 - 2014-09-18 23:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-24 01:10 - 2014-09-18 23:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-24 01:10 - 2014-09-18 23:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-10-24 00:48 - 2014-08-29 02:07 - 05780480 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-24 00:48 - 2014-08-29 02:07 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2014-10-24 00:48 - 2014-08-29 02:07 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-10-24 00:48 - 2014-08-29 02:06 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-10-24 00:48 - 2014-08-29 01:44 - 04922368 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-24 00:48 - 2014-08-29 01:44 - 01050112 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-10-24 00:48 - 2014-08-29 01:44 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-10-24 00:48 - 2014-08-29 01:44 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-10-24 00:47 - 2014-08-29 02:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-10-24 00:43 - 2014-07-17 02:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-24 00:43 - 2014-07-17 02:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-10-24 00:43 - 2014-07-17 02:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-24 00:43 - 2014-07-17 02:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-10-24 00:43 - 2014-07-17 02:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-10-24 00:43 - 2014-07-17 02:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-10-24 00:43 - 2014-07-17 01:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-10-24 00:43 - 2014-07-17 01:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-10-24 00:43 - 2014-07-17 01:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-10-24 00:43 - 2014-07-17 01:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-10-24 00:43 - 2014-07-17 01:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-10-24 00:43 - 2014-07-07 02:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-10-24 00:43 - 2014-07-07 02:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-10-24 00:43 - 2014-07-07 01:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-10-24 00:43 - 2014-07-07 01:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-10-24 00:43 - 2014-07-07 01:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-10-24 00:43 - 2014-05-30 08:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-10-24 00:43 - 2014-05-30 08:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-10-24 00:43 - 2014-05-30 08:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-10-24 00:43 - 2014-05-30 08:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-10-24 00:43 - 2014-05-30 07:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-10-24 00:43 - 2014-05-30 07:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-10-24 00:43 - 2014-05-30 07:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-10-24 00:43 - 2014-05-30 07:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-10-24 00:42 - 2014-09-29 00:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-24 00:42 - 2014-09-13 01:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-24 00:42 - 2014-09-13 01:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-24 00:42 - 2014-09-04 05:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-24 00:42 - 2014-09-04 05:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-24 00:42 - 2014-08-23 02:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-10-24 00:42 - 2014-08-23 01:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-10-24 00:42 - 2014-06-18 22:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-10-24 00:42 - 2014-06-18 22:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2014-10-24 00:42 - 2014-06-18 22:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2014-10-24 00:42 - 2014-06-18 22:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-10-24 00:42 - 2014-06-18 22:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2014-10-24 00:42 - 2014-06-18 22:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-10-24 00:08 - 2014-10-24 00:16 - 39739752 _____ () C:\Users\Casey\Downloads\The You Rock Foundation- Corey Taylor of Slipknot & Stone Sour.mp4
2014-10-23 23:02 - 2014-10-23 23:04 - 02633861 _____ () C:\Users\Casey\Downloads\Be Human Calculator.mp4
2014-10-23 23:01 - 2014-10-23 23:23 - 24526005 _____ () C:\Users\Casey\Downloads\Calculus I in 20 Minutes (The Original) by Thinkwell.mp4
2014-10-23 22:50 - 2014-10-23 23:12 - 76875482 _____ () C:\Users\Casey\Downloads\Slipknot - The Devil In I [OFFICIAL VIDEO].mp4
2014-10-23 00:31 - 2014-10-23 00:31 - 00184832 _____ () C:\Users\Casey\Downloads\iron.steel.ppt
2014-10-23 00:31 - 2014-10-23 00:31 - 00176640 _____ () C:\Users\Casey\Downloads\plastics LC eng.ppt
2014-10-23 00:31 - 2014-10-23 00:31 - 00064000 _____ () C:\Users\Casey\Downloads\non-ferrous metals.ppt
2014-10-22 23:51 - 2014-10-22 23:52 - 02332121 _____ () C:\Users\Casey\Downloads\2015LCPractical.zip
2014-10-22 21:24 - 2014-05-14 16:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-10-22 21:24 - 2014-05-14 16:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-10-22 21:24 - 2014-05-14 16:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-10-22 21:24 - 2014-05-14 16:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-10-22 21:23 - 2014-05-14 16:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-10-22 21:23 - 2014-05-14 16:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-10-22 21:23 - 2014-05-14 16:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-10-22 21:23 - 2014-05-14 16:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-10-22 21:23 - 2014-05-14 16:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-10-22 21:23 - 2014-05-14 16:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-10-22 21:23 - 2014-05-14 08:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-10-22 21:23 - 2014-05-14 08:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-10-22 21:23 - 2014-05-14 08:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-10-22 21:23 - 2014-05-14 08:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-10-20 21:20 - 2014-10-20 21:20 - 00011034 _____ () C:\Users\Casey\Desktop\1.sch
2014-10-20 21:07 - 2014-10-20 21:07 - 00582534 _____ () C:\Users\Casey\Desktop\LED DRIVE.sch
2014-10-20 21:03 - 2014-10-20 21:03 - 00070694 _____ () C:\Users\Casey\Desktop\LED DRIVE.brd

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 16:48 - 2012-02-18 14:18 - 00000000 ____D () C:\Users\Casey\AppData\Roaming\vlc
2014-11-02 16:48 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\AppCompat
2014-11-02 16:47 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\registration
2014-11-02 15:08 - 2011-07-20 01:33 - 00000422 _____ () C:\windows\Tasks\SystemToolsDailyTest.job
2014-11-02 15:04 - 2013-11-17 20:17 - 75401728 ___SH () C:\Users\Casey\Downloads\Thumbs.db
2014-11-02 14:57 - 2012-06-17 11:54 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-775965781-4164882395-2063249504-1000UA.job
2014-11-02 14:56 - 2011-06-23 12:43 - 01523234 _____ () C:\windows\WindowsUpdate.log
2014-11-02 14:52 - 2013-07-02 18:00 - 00000434 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-11-02 14:10 - 2009-07-14 04:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 14:10 - 2009-07-14 04:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 14:02 - 2009-07-14 05:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-02 14:01 - 2011-11-10 15:45 - 00000031 _____ () C:\windows\system32\bbcap.err
2014-11-02 10:50 - 2012-06-17 11:54 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-775965781-4164882395-2063249504-1000Core.job
2014-11-02 10:50 - 2011-07-20 01:28 - 00000000 ___HD () C:\Users\Casey
2014-10-29 03:17 - 2013-12-23 00:12 - 00000928 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-775965781-4164882395-2063249504-1000UA.job
2014-10-29 02:43 - 2011-08-23 00:07 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{001946F6-FBA9-4502-AD18-E8A652E1DD4C}
2014-10-29 00:17 - 2013-12-23 00:12 - 00000906 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-775965781-4164882395-2063249504-1000Core.job
2014-10-28 18:04 - 2014-05-31 22:51 - 00000000 ____D () C:\Users\Casey\Desktop\CC
2014-10-28 09:49 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\TAPI
2014-10-28 09:48 - 2011-07-20 02:03 - 00000000 ____D () C:\Users\Casey\AppData\Roaming\SoftGrid Client
2014-10-28 02:39 - 2012-03-15 22:24 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-10-27 13:48 - 2013-01-06 09:06 - 00003722 _____ () C:\windows\System32\Tasks\Casey Merge
2014-10-27 13:48 - 2013-01-06 09:06 - 00003706 _____ () C:\windows\System32\Tasks\Casey
2014-10-27 13:48 - 2013-01-06 09:00 - 00003494 _____ () C:\windows\System32\Tasks\Casey DBAgent 2 0
2014-10-27 13:37 - 2013-03-25 17:32 - 00388976 _____ () C:\windows\SysWOW64\GDIPFONTCACHEV1.DAT
2014-10-27 06:32 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\system32\NDF
2014-10-27 06:04 - 2009-07-14 05:13 - 00780220 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-27 05:55 - 2009-07-14 04:45 - 00000000 ____D () C:\windows\Setup
2014-10-26 23:50 - 2013-09-03 20:51 - 00000000 ____D () C:\Users\Casey\Documents\Visual Studio 2005
2014-10-26 23:50 - 2011-07-21 07:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-26 09:17 - 2011-08-15 00:26 - 00000000 ____D () C:\ProgramData\YouTube Downloader
2014-10-26 09:16 - 2011-09-02 17:04 - 00000000 ____D () C:\Program Files (x86)\Power Sound Editor Free
2014-10-26 03:58 - 2012-07-17 19:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-26 02:38 - 2011-07-20 01:28 - 00000000 ___HD () C:\Users\Casey\AppData\Local\SoftThinks
2014-10-26 02:35 - 2012-01-05 17:02 - 00000000 ____D () C:\Program Files (x86)\LooksBuilder
2014-10-26 02:35 - 2011-11-07 18:36 - 00000000 ____D () C:\Program Files (x86)\Zero-X
2014-10-26 02:35 - 2011-11-07 18:17 - 00000000 ____D () C:\Program Files (x86)\Propellerhead
2014-10-26 01:50 - 2009-07-14 04:45 - 05825848 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-26 01:36 - 2013-04-01 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-10-25 23:31 - 2011-07-20 02:03 - 00000000 ____D () C:\Users\Casey\AppData\Roaming\Skype
2014-10-25 18:02 - 2011-06-23 13:24 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-10-25 14:00 - 2011-07-20 01:33 - 00003448 _____ () C:\windows\System32\Tasks\SystemToolsDailyTest
2014-10-24 20:26 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\rescache
2014-10-24 18:20 - 2012-12-23 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-24 18:20 - 2012-12-23 14:46 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-24 18:07 - 2012-07-17 14:40 - 00000000 ____D () C:\ProgramData\Avira
2014-10-24 17:31 - 2014-04-25 03:10 - 00000000 ____D () C:\windows\system32\MRT
2014-10-24 17:29 - 2013-04-01 14:34 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-10-24 17:29 - 2013-04-01 14:34 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-10-24 17:29 - 2013-04-01 14:34 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2014-10-24 02:39 - 2009-07-14 03:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-24 02:36 - 2014-08-20 18:49 - 00000000 ____D () C:\Users\Casey\AppData\Roaming\Yhsyegza
2014-10-24 02:19 - 2011-06-23 12:56 - 00766132 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-10-21 23:06 - 2013-09-03 20:49 - 00000000 ____D () C:\Users\Casey\AppData\Roaming\SolidWorks
2014-10-21 01:38 - 2013-04-15 20:42 - 00000132 _____ () C:\Users\Casey\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-10-20 17:44 - 2012-07-24 18:47 - 00000000 ____D () C:\Users\Casey\Documents\eagle
2014-10-20 01:25 - 2013-09-03 21:10 - 00000000 ____D () C:\Users\Casey\AppData\Local\TempSWBackupDirectory
2014-10-19 18:14 - 2011-08-16 00:39 - 00000000 ____D () C:\Users\Casey\Documents\Program Installers
2014-10-17 21:32 - 2011-07-20 01:33 - 00000564 _____ () C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-10-16 19:17 - 2011-07-20 01:33 - 00004268 _____ () C:\windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-10-12 03:38 - 2014-09-23 10:01 - 00000000 ____D () C:\Users\Casey\Desktop\Research
2014-10-12 03:26 - 2013-09-03 21:00 - 00000000 ____D () C:\Users\Casey\AppData\Roaming\DassaultSystemes
2014-10-05 15:06 - 2009-07-14 05:08 - 00032620 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-10-03 09:02 - 2011-08-13 02:15 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\SMRResults430.dat


Some content of TEMP:
====================
C:\Users\ADMINI~1\AppData\Local\Temp\InstallAX.exe
C:\Users\Casey\AppData\Local\Temp\avgnt.exe
C:\Users\Casey\AppData\Local\Temp\Quarantine.exe
C:\Users\Casey\AppData\Local\Temp\sqlite3.dll
C:\Users\Casey\AppData\Local\Temp\UpdateFlashPlayer_0ba54b4b.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-26 09:47

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by Casey at 2014-11-02 15:12:47
Running from C:\Users\Casey\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ableton Live v6.0.3 (HKLM-x32\...\Ableton Live_is1) (Version: - AiR, Inc.)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Add or Remove Adobe Premiere Pro CS5 (HKLM-x32\...\{96F9B265-1367-4E1A-B8B9-F8530EF3AA62}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: - )
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.11 - Adobe Systems)
Adobe After Effects CS5.5 (HKLM-x32\...\{E82097B9-A3B8-404A-9A92-AC16A8AC9576}) (Version: 10.5 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe Audition CS5.5 (HKLM-x32\...\{D5B1535A-FDFC-4B40-B2E2-21DA83D9CB57}) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Design Premium (HKLM-x32\...\{60E59A6C-7399-495A-B85C-C829F4E59602}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.135 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe InDesign CS6 (HKLM-x32\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Anime Studio Pro 8.0 (HKLM-x32\...\ASP800_is1) (Version: 8.0 - Smith Micro Software, Inc.)
Anki (HKLM-x32\...\Anki) (Version: - )
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assignment Planning Guide V2 (HKLM-x32\...\Assignment Planning Guide V2) (Version: 2.0 - Project Perfect)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.33 - Atheros Communications Inc.)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version: - )
Avira (HKLM-x32\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
BB FlashBack Express (HKLM-x32\...\BB FlashBack Express) (Version: 3.0.3.2035 - Blueberry)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.30.1395.0 - Logitech) Hidden
CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
CCleaner (remove only) (HKLM-x32\...\CCleaner) (Version: - )
CIS Smart CD-Menu Creator (HKLM-x32\...\CIS Smart CD-Menu Creator) (Version: 1.00.0044 - Cupid Info Systems)
CloneDVD 4.1.0.23 (HKLM-x32\...\MainApp.exe_is1) (Version: - Copyright © 2003-2007 DVD X Studios.)
CoffeeCup Flash Photo Gallery - Registered (HKLM-x32\...\CoffeeCup Flash Photo Gallery - Registered) (Version: - )
CoffeeCup HTML Editor 2008 (HKLM-x32\...\CoffeeCup HTML Editor 2008) (Version: - )
CoffeeCup Shopping Cart Creator Pro (HKLM-x32\...\CoffeeCup Shopping Cart Creator Pro 3.9.4251) (Version: 3.9.4251 - CoffeeCup Software, Inc.)
CoffeeCup Visual Site Designer 7.0 (HKLM-x32\...\CoffeeCup Visual Site Designer 7.0) (Version: 7.0 - CoffeeCup Software, Inc.)
CoffeeCup Website Color Schemer (HKLM-x32\...\CoffeeCup Website Color Schemer) (Version: - CoffeeCup Software)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 4.41.0314.0232 - DT Soft Ltd)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{F336F89D-8C5A-432C-8EA9-DA19377AD591}) (Version: 1.4.162.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.30 - ArcSoft)
Dell Stage (HKLM-x32\...\{D770F4B4-C422-45D9-8CEE-1B4C66E68CA8}) (Version: 1.4.173.0 - Fingertapps)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5803.11 - Dell Inc.)
Dell Support Center (Version: 3.1.5803.11 - PC-Doctor, Inc.) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.101.209 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.1.1408 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Digidesign Audio Drivers 7.0 (HKLM-x32\...\{9F1D8E17-2AE6-4608-901D-42146D7D9C68}) (Version: 7.0 - Digidesign, A Division of Avid Technology, Inc.)
DigiDrum Pro 1.03 (HKLM-x32\...\DigiDrum Pro) (Version: 1.03 - Audiosonic.dk)
DisplayFusion 4.0.1 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 4.0.1.0 - Binary Fortress Software)
DVDFab 8.1.3.8 (09/12/2011) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version: - Fengtao Software Inc.)
EAGLE 6.2.0 (HKLM-x32\...\EAGLE 6.2.0) (Version: 6.2.0 - CadSoft Computer GmbH)
Easy-to-Use Android App Builder Demo (HKLM-x32\...\Easy-to-Use Android App Builder Demo_is1) (Version: - Intelligent Works Solutions)
Emagic EVP73 VSTi v1.0 (HKLM-x32\...\Emagic EVP73 VSTi v1.0) (Version: - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ExpressPCB (HKLM-x32\...\{ED5F7AF9-347B-4440-A211-C6236508CC08}) (Version: 7.0.2 - ExpressPCB)
EZdrummer (HKLM-x32\...\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}) (Version: 1.0.2 - Toontrack)
EZmix 64-bit (HKLM\...\{3D83CC9F-E2E1-47AE-B1AF-F6D3A8825196}) (Version: 2.0.0 - Toontrack)
EZXClaustrophobic (HKLM-x32\...\{8094F7AE-CA21-4AF2-A256-BC918CE0E796}) (Version: 1.0 - Toontrack)
EZXCocktail (HKLM-x32\...\{147567F0-8575-4BE0-B5B3-62706C67FA5A}) (Version: 1.0 - Toontrack)
EZXDfh (HKLM-x32\...\{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}) (Version: 1.0 - Toontrack)
EZXMetalHeads (HKLM-x32\...\{F4F365AB-BD66-4775-A36A-E3D8055873FD}) (Version: 1.0.0 - Toontrack)
EZXPercussion (HKLM-x32\...\{2CC4BC82-41CF-43D3-B533-7283AA8BB86F}) (Version: 1.0 - Toontrack)
EZXTwisted (HKLM-x32\...\{D1EBF11E-8CE3-4EF5-8E2D-FD5B8D6BD294}) (Version: 1.0 - Toontrack)
EZXVintage (HKLM-x32\...\{430399DC-98BC-4A7F-8F8E-77981CABAE05}) (Version: 1.0 - Toontrack)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fontlab Fontographer 5 DEMO (HKLM-x32\...\Fontographer 5.1 DEMO_is1) (Version: - )
Free QuizMaker 6 (HKLM-x32\...\{2C9C0E93-231E-4DB4-9C10-549C548CDC83}) (Version: 6.2.0 - iSpring Solutions Inc.)
Free Studio version 5.0.8 (HKLM-x32\...\Free Studio_is1) (Version: - DVDVideoSoft Limited.)
FruityLoops v3.4 (HKLM-x32\...\FruityLoops v3.4) (Version: - )
fxpansion!DR002 (HKLM-x32\...\fxpansion!DR002) (Version: - )
Glimmer (HKLM-x32\...\{84A7020E-33E1-4363-8EF1-D19445D09494}) (Version: 1.0.0 - Microsoft MIX Online)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music)
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
High-Logic FontCreator 6.2 (HKLM-x32\...\FontCreator6_is1) (Version: - High-Logic B.V.)
H-Series_ASIO64 (HKLM\...\{F9A11F80-49DA-11E0-B577-00269E8DC781}) (Version: 1.0.2 - ZOOM)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Install LoJack for Laptops (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0.17 - Absolute Software)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1994 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
InterLok Driver Kit (HKLM-x32\...\{1A24F9E8-009D-40FC-ABED-2AAFFAB0F4F0}) (Version: 5.3.0.2339 - PACE Anti-Piracy)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KTDrumTrigger 1.0b5 (HKLM-x32\...\KTDrumTrigger_is1) (Version: 1.0b5 - Koen Tanghe for Smartelectronix)
Live Lite 4 for M-Audio 4.0.4 (HKLM-x32\...\Live Lite 4 for M-Audio 4.0.4) (Version: - )
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.)
Luster Grade Presets Sampler for MBL2 (HKLM-x32\...\{E29C08AB-B5FD-48D7-8E96-386E1E902077}) (Version: 1.0.0 - Color Grading Central)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{2B092722-5855-466F-B7A5-8C5E64C64C77}) (Version: 11.0 - Red Giant Software)
Magic Bullet Suite 64-bit (Version: 11.0 - Red Giant Software) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
M-Audio Ozone Driver 6.0.3 (x64) (HKLM\...\{DD06AA57-1DF1-45E6-B234-07110667DD28}) (Version: 6.0.3 - M-Audio)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
MeldaProduction MFreeEffectsBundle 5 (HKLM-x32\...\MeldaProduction MFreeEffectsBundle 5) (Version: - MeldaProduction)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metal EZmix pack (HKLM-x32\...\{B232052F-1339-42DB-85A6-178CAA8E73A7}) (Version: 1.0.0 - Toontrack)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version: - Microsoft Corporation)
Mnemosyne 2.2a (HKLM-x32\...\Mnemosyne_is1) (Version: - )
Model ChemLab - Evaluation Version (HKLM-x32\...\Model ChemLab - Evaluation Version2.5.1) (Version: 2.5.1 - Model Science Software Inc)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mp3tag v2.50 (HKLM-x32\...\Mp3tag) (Version: v2.50 - Florian Heidenreich)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Muse (code name) (HKLM-x32\...\AdobeMuse) (Version: 0.8.683 - Adobe Systems Incorporated)
Muse (code name) (x32 Version: 0.8.683 - Adobe Systems Incorporated) Hidden
MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
Native Instruments Absynth 5 (HKLM-x32\...\Native Instruments Absynth 5) (Version: - Native Instruments)
Native Instruments Battery Demo (HKLM-x32\...\Native Instruments Battery Demo) (Version: - )
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments)
Native Instruments Massive v1.0.1.008 VSTi DXi RTAS (HKLM-x32\...\Native Instruments Massive v1.0.1.008 VSTi DXi RTAS) (Version: - )
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
Network Stumbler 0.4.0 (remove only) (HKLM-x32\...\Network Stumbler) (Version: - )
Notepad App (HKCU\...\Notepad App) (Version: - Sun Microsystems, Inc.)
Notepad++ (HKLM-x32\...\Notepad++) (Version: - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PCR Driver (HKLM\...\RolandRDID0027) (Version: - Roland Corporation)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PluralEyes® 2.0.4 for Premiere® Pro (HKLM-x32\...\{CE9ACBCA-B429-4DA7-9728-2A621C6479FA}_is1) (Version: 1.0 - Singular Software Inc.)
Power Sound Editor Free (HKLM-x32\...\Power Sound Editor Free) (Version: - PowerSE Studio Inc.)
Power Tab Editor 1.7 (HKLM-x32\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.06.02 - Dell Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6136 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30109 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version: - )
ReCycle 2.0 Demo (HKLM-x32\...\ReCycle 2.0 Demo) (Version: - )
Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version: - )
Rob Papen Albino 3 (HKCU\...\Rob Papen Albino 3) (Version: - )
Rock EZmix pack (HKLM-x32\...\{038B2DB1-2B9C-45C6-A55F-17B60D80C9D2}) (Version: 1.0.0 - Toontrack)
Room EQ Wizard V5 (HKLM-x32\...\RoomEQWizardV5) (Version: - John Mulcahy)
Save Flash 4.1 (HKLM-x32\...\Save Flash) (Version: 4.1 - PilotGroup Ltd)
Seagate Dashboard 2.0 (HKLM-x32\...\{43C423D9-E6D6-4607-ADC9-EBB54F690C57}) (Version: 2.2.15.0 - Seagate)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 8.0 (HKLM-x32\...\InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}) (Version: 3.11.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 8.0 (x32 Version: 3.11.3090 - SmartSound Software Inc) Hidden
SolidWorks 2013 x64 Edition SP05 (HKLM-x32\...\SolidWorks Installation Manager 20130-40500-1100-100) (Version: 21.5.0.76 - SolidWorks Corporation)
SolidWorks 2013 x64 Edition SP05 (Version: 21.150.76 - SolidWorks) Hidden
SolidWorks eDrawings 2013 x64 Edition SP05 (Version: 13.5.111 - Dassault Systèmes SolidWorks Corp) Hidden
SONAR Trial 1.0 (HKLM-x32\...\SONAR Trial 1.0) (Version: - )
Sothink SWF Quicker (HKLM-x32\...\{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1) (Version: 4.0 - SourceTec Software Co., LTD)
Soundforum Synth (HKLM-x32\...\Soundforum Synth) (Version: - )
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC)
The Merck Index (HKLM-x32\...\{25408622-A432-4532-A784-1EC9413CB898}) (Version: 13.0 - CambridgeSoft Corporation)
TimbreWolf V3.0 (HKLM-x32\...\TimbreWolf V3.0_is1) (Version: - )
TinyCAD 2.80.06 (HKLM-x32\...\TinyCAD) (Version: 2.80.06 - TinyCAD)
Tone Stack Calculator (HKLM-x32\...\Tone Stack Calculator) (Version: - )
Trapcode SoundKeys (HKLM-x32\...\Trapcode SoundKeys) (Version: - )
Trapcode Suite 64-bit (HKLM-x32\...\InstallShield_{DE02D760-9D68-49BA-A1CE-FDEC5892608D}) (Version: 11.0.2 - Red Giant Software)
Trapcode Suite 64-bit (Version: 11.0.2 - Red Giant Software) Hidden
TuxGuitar 1.2 (HKLM-x32\...\TuxGuitar_0) (Version: - )
Type light 3.1.012 (HKLM-x32\...\{A9B5B11A-ABFD-49E0-850E-690BE86C3A9E}_is1) (Version: 012 - CR8 Software Solutions)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - )
USB Webcam (HKLM-x32\...\USBWebcam) (Version: - )
USB2.0 ATV (HKLM-x32\...\{3C873221-12B9-475D-8DCB-62D0B2179AF9}) (Version: 6.10.000.001 - Regulus)
Vector Magic (HKLM-x32\...\Vector Magic) (Version: 1.14 - Vector Magic, Inc.)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}) (Version: 8.0.0.35 - GRISOFT, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VST Bridge 1.1 (HKLM-x32\...\VST Bridge_is1) (Version: - )
Wave Arts Power Suite (HKLM-x32\...\Wave Arts Power Suite) (Version: 5.49 - Wave Arts, Inc.)
Webinaria 2.0 (HKLM-x32\...\Webinaria_is1) (Version: - Charlwood eMarketing)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinHTTrack Website Copier 3.47-21 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.47.21 - HTTrack)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
YTD Video Downloader 4.0 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.0 - GreenTree Applications SRL) <==== ATTENTION
Zero-X BeatCreator (HKLM-x32\...\Zero-X BeatCreator) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-775965781-4164882395-2063249504-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Casey\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-775965781-4164882395-2063249504-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Casey\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

29-10-2014 03:46:19 Norton_Power_Eraser_20141029034617392

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2011-04-24 21:58 - 00001211 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {143F62FF-06CC-49C0-AB72-77F51AFFD352} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-775965781-4164882395-2063249504-1000Core => C:\Users\Casey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17] (Google Inc.)
Task: {18D017BD-7CCE-4E85-A82F-EDBAD6BFC395} - System32\Tasks\{AC884AC5-4930-425D-9976-6D256DF2BEA5} => C:\Users\Casey\Downloads\HideDesktopIcons\HideDesktopIcons.exe
Task: {2643F47E-76FF-44B1-B014-1A84ADC7CE78} - System32\Tasks\Casey DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2012-11-08] (Seagate Technology LLC)
Task: {2F8275B5-3ED3-45D4-A81C-15E9B9CEF543} - System32\Tasks\SystemToolsDailyTest => c:\Program Files\Dell Support Center\pcdrcui.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {38FAE326-7936-4811-8793-9185D59EB813} - System32\Tasks\PCDoctorBackgroundMonitorTask => c:\Program Files\Dell Support Center\uaclauncher.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {3D5C39F4-4FE9-459C-B597-84BA2D5C536A} - System32\Tasks\Casey => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-11-08] (Seagate Technology LLC)
Task: {51C46F28-AF27-4BFC-93A2-7BE1D0F8C036} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {5BF3C507-EFC3-4435-8897-F759D012EE76} - \Security Center Update - 2504285726 No Task File <==== ATTENTION
Task: {6B4C6F81-D33F-4803-86ED-19509EAE434A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-775965781-4164882395-2063249504-1000UA => C:\Users\Casey\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-23] (Facebook Inc.)
Task: {7337B495-B42A-46ED-AADF-ACA8A3137F89} - System32\Tasks\{5FE04504-AC0F-42A3-AC81-5C3E42641A10} => C:\Users\Casey\Downloads\DNA Canon LiDE50 x64 Driver\DNA Canon LiDE50 x64 Driver\SETUPSG.EXE
Task: {7956ABE0-11C5-436B-A60A-4E1A4F3C949A} - System32\Tasks\{BF6452BC-59D0-49B7-B9A6-C47B98F956C7} => F:\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_en-US.exe
Task: {9D5B0181-18D3-4719-930F-F77D5A749EB0} - System32\Tasks\{3CB70300-CFA7-4E7B-B9A6-F3E90AFB0A06} => C:\Users\Casey\Downloads\HideDesktopIcons\HideDesktopIcons.exe
Task: {BA4CC82F-C4E3-4D81-8563-DD1131043AB8} - System32\Tasks\{042B1EA9-459F-4D00-BF1E-962B34703250} => C:\Users\Casey\Downloads\DNA Canon LiDE50 x64 Driver\DNA Canon LiDE50 x64 Driver\SETUPSG.EXE
Task: {BCA51715-0059-4BDE-B513-DCEDD7974DC2} - System32\Tasks\Casey Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-11-08] (Seagate Technology LLC)
Task: {C7050180-3B13-46AB-9091-4BFC99459128} - System32\Tasks\{978CA462-39FF-4818-AB70-3760E82FAB9E} => C:\Users\Casey\Downloads\HideDesktopIcons\HideDesktopIcons.exe
Task: {D0825C0F-690A-4D67-9FF9-B9CAD1DAABEB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-775965781-4164882395-2063249504-1000UA => C:\Users\Casey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17] (Google Inc.)
Task: {D2FBBF6A-0481-45E0-88E2-7AE9CD226EED} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-775965781-4164882395-2063249504-1000Core => C:\Users\Casey\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-23] (Facebook Inc.)
Task: {EA22C432-26A9-4B24-9E91-FED0EAB0726F} - System32\Tasks\{7A48BB47-63AA-4C37-B055-B068EC1B8143} => C:\Users\Casey\Downloads\DNA Canon LiDE50 x64 Driver\DNA Canon LiDE50 x64 Driver\SETUPSG.EXE
Task: {F7862E27-33D1-465C-9F9E-08019C71C69D} - System32\Tasks\{3CCA10F4-FF8C-4A07-B165-B902C1EC27F9} => C:\Users\Casey\Downloads\DNA Canon LiDE50 x64 Driver\DNA Canon LiDE50 x64 Driver\SETUPSG.EXE
Task: {FFFFF4F6-D409-4A12-9654-FCCFBEFA60AF} - System32\Tasks\PCDEventLauncher => c:\Program Files\Dell Support Center\sessionchecker.exe [2011-03-22] (PC-Doctor, Inc.)
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-775965781-4164882395-2063249504-1000Core.job => C:\Users\Casey\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-775965781-4164882395-2063249504-1000UA.job => C:\Users\Casey\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-775965781-4164882395-2063249504-1000Core.job => C:\Users\Casey\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-775965781-4164882395-2063249504-1000UA.job => C:\Users\Casey\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job => c:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\windows\Tasks\SystemToolsDailyTest.job => c:\Program Files\Dell Support Center\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2014-07-16 22:39 - 2014-07-16 22:39 - 02893824 _____ () C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll
2014-10-27 06:00 - 2014-10-27 06:00 - 02319872 _____ () C:\ProgramData\Microsoft\Crypto\RSA64\rsa64.dll
2011-08-30 00:03 - 2006-12-11 01:14 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-07-09 19:57 - 2014-07-09 19:57 - 17029808 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Casey\Cookies:LzZFkl8pYEQzllAq4mUCdok0B
AlternateDataStreams: C:\Users\Casey\AppData\Local\RaJyMPSq:JERoWYeBW0SVhzxBJvQizvvh
AlternateDataStreams: C:\Users\Casey\AppData\Local\Temp:Dn5bA7i8kvgo2aNls
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\03122268.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFPdrv.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\03122268.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NIHardwareService => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: OzoneInstallerService => 2
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: UMVPFSrv => 2
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: Google Update => "C:\Users\Casey\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: M-Audio Taskbar Icon => C:\windows\system32\M-AudioTaskBarIcon.exe
MSCONFIG\startupreg: MSIDLL => C:\windows\SysWOW64\rundll32.exe mlFnKPtw
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PromptService => C:\windows\PromptService.exe
MSCONFIG\startupreg: PromptService64 => C:\windows\PromptService64.exe
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RoxWatchTray => "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-775965781-4164882395-2063249504-500 - Administrator - Disabled)
Casey (S-1-5-21-775965781-4164882395-2063249504-1000 - Administrator - Enabled) => C:\Users\Casey
Guest (S-1-5-21-775965781-4164882395-2063249504-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-775965781-4164882395-2063249504-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/02/2014 03:08:10 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (3140) Asapi: (15:08:10:1100)(3140) CSPinvoke - Error -- 461 Exception in C# layer (asapicsharp_wrap.cxx, line 41121; threadid = 3184): License authentication result = FAIL; reasons = SIGNATURE_CHECK
Stack Trace:
!!! Stack Trace exceptions not supported in 64-bit. !!!
(end stack trace)
***** NOTE *****: Use stacktraceparser.exe to translate the instruction offsets into function names.

Error: (11/02/2014 02:55:09 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (2428) Asapi: (14:55:09:3530)(2428) CSPinvoke - Error -- 461 Exception in C# layer (asapicsharp_wrap.cxx, line 41121; threadid = 1848): License authentication result = FAIL; reasons = SIGNATURE_CHECK
Stack Trace:
!!! Stack Trace exceptions not supported in 64-bit. !!!
(end stack trace)
***** NOTE *****: Use stacktraceparser.exe to translate the instruction offsets into function names.

Error: (11/02/2014 02:54:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/02/2014 02:42:06 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (500) Asapi: (14:42:06:3300)(500) CSPinvoke - Error -- 461 Exception in C# layer (asapicsharp_wrap.cxx, line 41121; threadid = 3944): License authentication result = FAIL; reasons = SIGNATURE_CHECK
Stack Trace:
!!! Stack Trace exceptions not supported in 64-bit. !!!
(end stack trace)
***** NOTE *****: Use stacktraceparser.exe to translate the instruction offsets into function names.

Error: (11/02/2014 02:29:04 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (2440) Asapi: (14:29:04:5410)(2440) CSPinvoke - Error -- 461 Exception in C# layer (asapicsharp_wrap.cxx, line 41121; threadid = 776): License authentication result = FAIL; reasons = SIGNATURE_CHECK
Stack Trace:
!!! Stack Trace exceptions not supported in 64-bit. !!!
(end stack trace)
***** NOTE *****: Use stacktraceparser.exe to translate the instruction offsets into function names.

Error: (11/02/2014 02:18:03 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: The keyfile contains no valid license. The service will be stopped!

Error: (11/02/2014 02:17:47 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: The keyfile contains no valid license. The service will be stopped!

Error: (11/02/2014 02:17:18 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: The keyfile contains no valid license. The service will be stopped!

Error: (11/02/2014 02:16:15 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: The keyfile contains no valid license. The service will be stopped!

Error: (11/02/2014 02:16:07 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (3652) Asapi: (14:16:07:2900)(3652) CSPinvoke - Error -- 461 Exception in C# layer (asapicsharp_wrap.cxx, line 41121; threadid = 3176): License authentication result = FAIL; reasons = SIGNATURE_CHECK
Stack Trace:
!!! Stack Trace exceptions not supported in 64-bit. !!!
(end stack trace)
***** NOTE *****: Use stacktraceparser.exe to translate the instruction offsets into function names.


System errors:
=============
Error: (11/02/2014 02:52:17 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.1.1192.168.137.0255.255.255.0

Error: (11/02/2014 02:04:05 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.1.1192.168.137.0255.255.255.0

Error: (11/02/2014 02:04:05 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (11/02/2014 02:03:31 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
TPkd

Error: (11/02/2014 02:02:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Nsynas32 service failed to start due to the following error:
%%1275

Error: (11/02/2014 02:02:31 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\Nsynas32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/02/2014 02:00:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Virtualization Client service terminated with the following error:
%%1114

Error: (11/02/2014 02:00:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Internet Connection Sharing (ICS) service terminated with the following error:
%%-2147467243

Error: (11/02/2014 02:00:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Network List Service service failed to start due to the following error:
%%1069

Error: (11/02/2014 02:00:48 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (11/02/2014 03:08:10 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (3140) Asapi: (15:08:10:1100)(3140) CSPinvoke - Error -- 461 Exception in C# layer (asapicsharp_wrap.cxx, line 41121; threadid = 3184): License authentication result = FAIL; reasons = SIGNATURE_CHECK
Stack Trace:
!!! Stack Trace exceptions not supported in 64-bit. !!!
(end stack trace)
***** NOTE *****: Use stacktraceparser.exe to translate the instruction offsets into function names.

Error: (11/02/2014 02:55:09 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (2428) Asapi: (14:55:09:3530)(2428) CSPinvoke - Error -- 461 Exception in C# layer (asapicsharp_wrap.cxx, line 41121; threadid = 1848): License authentication result = FAIL; reasons = SIGNATURE_CHECK
Stack Trace:
!!! Stack Trace exceptions not supported in 64-bit. !!!
(end stack trace)
***** NOTE *****: Use stacktraceparser.exe to translate the instruction offsets into function names.

Error: (11/02/2014 02:54:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Casey\Downloads\esetsmartinstaller_enu.exe

Error: (11/02/2014 02:42:06 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (500) Asapi: (14:42:06:3300)(500) CSPinvoke - Error -- 461 Exception in C# layer (asapicsharp_wrap.cxx, line 41121; threadid = 3944): License authentication result = FAIL; reasons = SIGNATURE_CHECK
Stack Trace:
!!! Stack Trace exceptions not supported in 64-bit. !!!
(end stack trace)
***** NOTE *****: Use stacktraceparser.exe to translate the instruction offsets into function names.

Error: (11/02/2014 02:29:04 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (2440) Asapi: (14:29:04:5410)(2440) CSPinvoke - Error -- 461 Exception in C# layer (asapicsharp_wrap.cxx, line 41121; threadid = 776): License authentication result = FAIL; reasons = SIGNATURE_CHECK
Stack Trace:
!!! Stack Trace exceptions not supported in 64-bit. !!!
(end stack trace)
***** NOTE *****: Use stacktraceparser.exe to translate the instruction offsets into function names.

Error: (11/02/2014 02:18:03 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: 0x0

Error: (11/02/2014 02:17:47 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: 0x0

Error: (11/02/2014 02:17:18 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: 0x0

Error: (11/02/2014 02:16:15 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: 0x0

Error: (11/02/2014 02:16:07 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (3652) Asapi: (14:16:07:2900)(3652) CSPinvoke - Error -- 461 Exception in C# layer (asapicsharp_wrap.cxx, line 41121; threadid = 3176): License authentication result = FAIL; reasons = SIGNATURE_CHECK
Stack Trace:
!!! Stack Trace exceptions not supported in 64-bit. !!!
(end stack trace)
***** NOTE *****: Use stacktraceparser.exe to translate the instruction offsets into function names.


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 45%
Total physical RAM: 4058.36 MB
Available physical RAM: 2228.06 MB
Total Pagefile: 8114.91 MB
Available Pagefile: 6209.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:94.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 22C51500)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:04 PM

Posted 04 November 2014 - 11:50 AM

Hi C088,
 
A reformat is best to be certain as these types of infections they can sometimes change system settings, though I will remove the infection if you do choose to continue with cleaning.
 

And if I do that then the computer should be able to be trusted and used for banking or anything like that in future right?
And if I make a list of the programs installed and settings and bookmarks and things and copy any files I want to keep onto an external hard drive then I should be able to transfer them back after and install the programs again and it would be basically the same as it is now, minus any virus's or malware right? Or would it be best not to copy files in case they're infected too?

Yes to both. The only files that you should not copy over are executables as these could be infected, personal files are fine.
 

If thats the case then it seems like reformatting and reinstalling the OS would be the best option for me but the only thing is I don't have a reinstall disc and there were no discs included when I bought my computer, but I guess thats not your problem and I should be able to sort that out myself.
There's not any other disadvantages to reformatting and reinstalling that I've missed is there? 
It seems like it will take a while but other then that I couldn't find any disadvantages to it and trying to remove all the virus's would take a while too anyway wouldn't it?

I can help by providing a link to an iso and instructions on how to make a disc which you can use to reinstall.
No, I believe you covered it pretty well. Reinstalling does not take as long as you may think, installing the programs again is probably the longest part. The process with removing malware also does take a little while too.
 
Let me know what you wish to do.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 C088

C088
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 04 November 2014 - 04:49 PM

I think I'm going to reformat and reinstall then sometime in the next few days once I've transferred my files and have enough time to devote to it.

It won't cost anything to reinstall will it? and should I have any serials or registration numbers or codes ready before I start?

Those links would be helpful.

Thanks.

 



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:04 PM

Posted 05 November 2014 - 11:36 AM

Hi C088,
 

It won't cost anything to reinstall will it? and should I have any serials or registration numbers or codes ready before I start?

No, it costs nothing at all. You will need your windows product key, it should be somewhere on a sticker on your computer. If not then you can use this program to find it.
 
Does this computer happen to be a dell one? I just remembered that using a recovery partition would be even quicker and cause less work.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 C088

C088
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 05 November 2014 - 03:09 PM

Yes it is a Dell.

Would doing it that way make it less secure?

I'd rather do whatever is needed to make sure its 100% clean from virus's even if it takes much longer..

 



#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:04 PM

Posted 06 November 2014 - 10:35 AM

Hi C088,
 

Would doing it that way make it less secure?
I'd rather do whatever is needed to make sure its 100% clean from virus's even if it takes much longer..

No, it's the same as reinstalling except it's just restoring the computer to how it was when you bought it. Means you do not have to make a disc or find the specific drivers.
 
Please follow the directions here, let me know if you have any problems or questions about it.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 C088

C088
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 11 November 2014 - 10:54 PM

I finally finished transferring my files and I started to do the restore using the instructions on the link you sent and it worked up until it says to "Click Dell Factory Image Restore."
The screen that I had where that option should have been was: Attached File  IMAG3697.jpg   124.87KB   0 downloads



#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:04 PM

Posted 12 November 2014 - 03:54 PM

Hi C088,

 

Click on the bottom option: Dell DataSafe Restore and Emergency Backup and tell me what you see.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 C088

C088
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 13 November 2014 - 10:46 PM

Thats it: Attached File  IMAG3702.jpg   135.89KB   0 downloads



#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:04 PM

Posted 14 November 2014 - 02:58 PM

Hi C088,

 

Click on the bottom option: Select other System Backup and other options and tell me what you see.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 C088

C088
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 15 November 2014 - 12:46 PM

Attached File  IMAG3708.jpg   119.38KB   0 downloads
 



#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:04 PM

Posted 18 November 2014 - 02:07 PM

Hi C088,
 
Sorry about the delay. I was looking into those options and it seems that they are different to what you have.
 
We can make a disc or bootable USB instead though. Click on the link here to download the ISO. Once that is done, you will then need to download the Windows 7 USB/DVD tool from here. Run the file once it has downloaded and then follow the prompts to install the program. Once you are done, please do this:


  • Click the Windows START button, and click WINDOWS 7 USB/DVD DOWNLOAD TOOL in the ALL PROGRAMS list to open the Windows 7 USB/DVD Download Tool.
  • In the SOURCE FILE box, type the name and path of your Windows 7 ISO file, or click BROWSE and select the file from the OPEN dialog box. Click NEXT.
  • Select USB DEVICE to create a copy on a USB flash drive or select DVD disk to create a copy on a DVD disk.
  • If you are copying the file to a USB flash drive, select your USB device in the drop-down list and click BEGIN COPYING. If you are copying the file up to a DVD, click BEGIN BURNING.

Let me know when you have made the disc/bootable USB
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 C088

C088
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 21 November 2014 - 10:42 PM

I burned it to a disc:)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users