Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zero Access rootkit


  • This topic is locked This topic is locked
17 replies to this topic

#1 Fredlo

Fredlo

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 02 November 2014 - 02:54 PM

Hello,

 

I was asked to make this forum post from another post I made here.

 

I have run Security Check, Farbar Service Scanner, MiniToolBox, Malwarebytes Anti-Malware, Malwarebytes Anti-Rootkit, and RKill.

 

I was then asked to run DDS. These are the results:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344
Run by Fred at 14:42:40 on 2014-11-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8191.992 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k NetworkService
c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
c:\Program Files (x86)\Dell\VideoStage\UserAgent.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
C:\Windows\splwow64.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uProxyServer = localhost:21320
mWinlogon: Userinit = userinit.exe
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1066\TmIEPlg32.dll
BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
BHO: ArcPluginIEBHO Class: {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [HP Photosmart 7520 series (NET)] "C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN33H490CR05YY:NW" -scfn "HP Photosmart 7520 series (NET)" -AutoStart 1
uRun: [GoogleChromeAutoLaunch_A4965B78819F71963FB87671E75564A3] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"                                                                                                                                                                                                      
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900                                                                                                                                                                                                                  
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [JunosPulse] C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe -tray
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\Fred\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Fred\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://viper.private.geico.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{51ABF2FF-E5A5-4CC5-9BDC-79C071D0152C} : NameServer = 8.8.8.8
TCP: Interfaces\{51ABF2FF-E5A5-4CC5-9BDC-79C071D0152C} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{51ABF2FF-E5A5-4CC5-9BDC-79C071D0152C}\348627F6D6563616374793937313 : DHCPNameServer = 192.168.255.249
TCP: Interfaces\{51ABF2FF-E5A5-4CC5-9BDC-79C071D0152C}\357514E4E40534F5E4564777F627B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{51ABF2FF-E5A5-4CC5-9BDC-79C071D0152C}\433333330233430313 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{51ABF2FF-E5A5-4CC5-9BDC-79C071D0152C}\7554354543739343 : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{51ABF2FF-E5A5-4CC5-9BDC-79C071D0152C}\C696E6B6379737 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{9F68D0DB-E686-46FF-81E8-D05635602215} : NameServer = 10.248.56.36,10.248.56.35
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1066\TmIEPlg32.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1066\TmIEPlg.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe64.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1066\TmIEPlg.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-17 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-17 224896]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-11-4 56208]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2012-9-13 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2012-9-13 427360]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [2014-7-10 93160]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [2014-7-10 102992]
R1 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-9-12 70928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-11-4 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-19 365568]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]
R2 AMDFusionSVC;AMD Fusion Utility Service;C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-9-8 383544]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-9-12 275912]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-6-12 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-9-13 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-25 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-12 50344]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-19 2369720]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-8-8 166400]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-8-8 128512]
R2 JuniperAccessService;Juniper Unified Network Service;C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2013-11-14 158040]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-2 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-2 968504]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-7-7 517632]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-11-15 137528]
R2 MySQL55;MySQL55;"C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.5\my.ini" MySQL55 --> C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld [?]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2014-4-9 4357488]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2012-9-7 132504]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [2012-1-20 126392]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-8-28 65657]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-6-18 1738200]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-6-18 2081752]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-6-18 171928]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-11-4 1692480]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2014-7-16 2145080]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-11-4 46136]
R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\System32\drivers\AmdLLD64.sys [2011-11-4 47672]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-11-4 115216]
R3 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2014-8-21 727592]
R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2014-8-21 261056]
R3 gzflt;gzflt;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [2014-7-10 150256]
R3 jnprna;Juniper Network Agent Miniport;C:\Windows\System32\drivers\jnprna6.sys [2014-4-17 522544]
R3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;C:\Windows\System32\drivers\jnprvamgr.sys [2012-2-7 45352]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-11-4 321064]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-11-2 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-11-2 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-11-2 63704]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [2014-6-23 14112]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe [2014-8-27 706864]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2014-5-14 67584]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2011-11-4 264856]
S3 ArcService;Arc Service;C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [2014-5-15 88400]
S3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2014-8-21 601360]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-10-28 107288]
S3 HtcUsbMdmV64;HTC Proprietary USB Driver;C:\Windows\System32\drivers\HtcUsbMdmV64.sys [2011-11-12 121800]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2011-11-12 121800]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-29 111616]
S3 jnprva;Juniper Networks Virtual Adapter Service;C:\Windows\System32\drivers\jnprva.sys [2013-10-28 30072]
S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-8-17 25584]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-10-28 204568]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-12 1255736]
S4 jnprTdi_801_41197;Juniper Networks TDI Filter Driver (jnprTdi_801_41197);C:\Windows\System32\drivers\jnprTdi_801_41197.sys [2014-4-17 108336]
.
=============== Created Last 30 ================
.
2014-11-02 17:16:19 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-02 15:14:43 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-02 15:12:22 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-02 15:12:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-02 15:12:22 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-02 15:12:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-02 00:24:14 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D1F80E4F-7B38-4674-9FBC-12510EB7CC56}\offreg.dll
2014-11-02 00:14:52 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D1F80E4F-7B38-4674-9FBC-12510EB7CC56}\mpengine.dll
2014-11-01 20:29:25 241248 ----a-w- C:\Windows\System32\drivers\50846567.sys
2014-10-29 23:28:55 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-10-29 23:25:51 -------- d-----w- C:\AdwCleaner
2014-10-29 23:08:43 -------- d-----w- C:\FRST
2014-10-23 20:05:24 40760 ----a-w- C:\Windows\System32\TURegOpt.exe
2014-10-23 20:05:22 29496 ----a-w- C:\Windows\System32\authuitu.dll
2014-10-23 20:05:22 25400 ----a-w- C:\Windows\SysWow64\authuitu.dll
2014-10-23 20:04:39 -------- d-----w- C:\Users\Fred\AppData\Local\TuneUp Software
2014-10-23 20:03:45 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2014
2014-10-23 20:01:26 -------- d-sh--w- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-10-23 20:01:24 -------- d-----w- C:\ProgramData\TuneUp Software
2014-10-23 13:20:38 -------- d-sh--w- C:\$RECYCLE.BIN
2014-10-23 13:02:13 256000 ----a-w- C:\Windows\PEV.exe
2014-10-23 13:02:13 208896 ----a-w- C:\Windows\MBR.exe
2014-10-23 13:02:12 98816 ----a-w- C:\Windows\sed.exe
2014-10-22 02:23:58 -------- d-----w- C:\Windows\System32\wbem\repository
2014-10-15 07:33:15 3722240 ----a-w- C:\Windows\System32\mstscax.dll
2014-10-15 06:47:15 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-15 06:47:13 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2014-10-15 06:47:13 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2014-10-15 06:47:13 156312 ----a-w- C:\Windows\System32\mscorier.dll
2014-10-15 06:47:13 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2014-10-15 06:47:12 73880 ----a-w- C:\Windows\System32\mscories.dll
2014-10-15 06:47:11 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2014-10-15 06:42:07 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-15 06:42:06 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-15 06:42:06 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-15 06:37:10 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-10-15 06:37:09 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-15 06:37:03 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-10-15 06:37:03 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-10-15 06:32:03 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-15 06:32:02 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-09 03:23:58 -------- d-----w- C:\Windows\System32\catroot2
2014-10-09 03:15:14 -------- d-----w- C:\Users\Fred\AppData\Local\Juniper Networks
2014-10-09 03:07:39 -------- d-----w- C:\Users\Fred\AppData\Local\LogMeIn Rescue Applet
2014-10-09 01:53:54 -------- d-----w- C:\Windows\System32\CatRoot2.old
.
==================== Find3M  ====================
.
2014-10-28 10:34:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-09 01:57:12 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-09 01:57:12 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-21 16:30:50 727592 ----a-w- C:\Windows\System32\drivers\avc3.sys
2014-08-21 16:30:50 601360 ----a-w- C:\Windows\System32\drivers\avckf.sys
2014-08-21 16:30:50 261056 ----a-w- C:\Windows\System32\drivers\avchv.sys
2014-08-21 16:30:50 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
.
============= FINISH: 14:45:50.28 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:41 PM

Posted 02 November 2014 - 04:13 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Fredlo

Fredlo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 02 November 2014 - 04:20 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Fred (administrator) on SWANNPC on 02-11-2014 16:16:54
Running from C:\Users\Fred\Desktop
Loaded Profile: Fred (Available profiles: Fred)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Advanced Micro Devices) C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
() C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Dell\VideoStage\UserAgent.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TUDefragBackend64.exe
(PC-Doctor, Inc.) C:\Program Files\Dell Support Center\uaclauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9608224 2009-11-17] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [204048 2012-09-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1300672 2012-09-12] (Trend Micro Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe [8886592 2014-08-27] ()
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [66872 2012-02-06] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2521432 2013-11-14] (Juniper Networks, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-04-15] (Power Software Ltd)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-693924070-473334787-738800383-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-693924070-473334787-738800383-1002\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-693924070-473334787-738800383-1002\...\Run: [GoogleChromeAutoLaunch_A4965B78819F71963FB87671E75564A3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-21] (Google Inc.)
HKU\S-1-5-21-693924070-473334787-738800383-1002\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-693924070-473334787-738800383-1002\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-693924070-473334787-738800383-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {6C4E566F-CB3A-4345-8ECB-9ABFF6C7EE42} URL = http://www.google.com/search?q={searchTerms}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg.dll (Trend Micro Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: HKLM-x32 {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://viper.private.geico.com/dana-cached/sc/JuniperSetupClient.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
Tcpip\..\Interfaces\{51ABF2FF-E5A5-4CC5-9BDC-79C071D0152C}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9F68D0DB-E686-46FF-81E8-D05635602215}: [NameServer] 10.248.56.36,10.248.56.35
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin-x32: @PackageTracer_69.com/Plugin -> C:\Program Files (x86)\PackageTracer_69\bar\1.bin\NP69Stub.dll No File
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @rsa.com/WebID -> C:\Program Files (x86)\RSA SecurID Software Token\npsdclnt4.dll (RSA Security Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @nsroblox.roblox.com/launcher -> C:\Users\Fred\AppData\Local\Roblox\Versions\version-2c1f992c1a264ecc\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @nsroblox.roblox.com/launcher64 -> C:\Users\Fred\AppData\Local\Roblox\Versions\version-2c1f992c1a264ecc\\NPRobloxProxy64.dll ( ROBLOX Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Fred\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Fred\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Fred\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension [2012-09-12]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: No Name - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2012-09-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-09-13]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-04]
CHR Extension: (Google Cast) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-07-04]
CHR Extension: (Avast Online Security) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-12]
CHR Extension: (Google Wallet) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-04]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Fred\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-03-16] (AMD) [File not signed]
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-05-15] (Perfect World Entertainment Inc)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-12] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-07-31] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe [706864 2014-08-27] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2009-08-14] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2009-08-14] (Alcatel-Lucent) [File not signed]
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 MySQL55; C:\ProgramData\MySQL\MySQL Server 5.5\my.ini [9177 2012-01-06] () [File not signed]
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-20] (Symantec Corporation)
S2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [126392 2011-09-29] (Symantec Corporation)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-12] ()
R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2014-08-21] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2014-08-21] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2014-08-21] (BitDefender)
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2014-07-10] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2014-07-10] (BitDefender LLC)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-07-10] (BitDefender LLC)
S3 HtcUsbMdmV64; C:\Windows\System32\DRIVERS\HtcUsbMdmV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 jnprna; C:\Windows\System32\DRIVERS\jnprna6.sys [522544 2013-10-28] (Juniper Networks)
S4 jnprTdi_801_41197; C:\Windows\system32\Drivers\jnprTdi_801_41197.sys [108336 2013-11-14] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [30072 2013-10-28] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2012-02-07] (Juniper Networks, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [91920 2012-09-12] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [167696 2012-09-12] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [70928 2012-09-12] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-09-12] (Trend Micro Inc.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-02 16:16 - 2014-11-02 16:17 - 00032733 _____ () C:\Users\Fred\Desktop\FRST.txt
2014-11-02 16:15 - 2014-11-02 16:15 - 00000000 ____D () C:\Users\Fred\Desktop\FRST-OlderVersion
2014-11-02 14:46 - 2014-11-02 14:47 - 00014077 _____ () C:\Users\Fred\Desktop\attach.txt
2014-11-02 14:46 - 2014-11-02 14:45 - 00034592 _____ () C:\Users\Fred\Desktop\dds.txt
2014-11-02 14:39 - 2014-11-02 14:40 - 00688992 ____R (Swearware) C:\Users\Fred\Downloads\dds.com
2014-11-02 14:16 - 2014-11-02 14:15 - 01754248 ____N () C:\Users\Fred\Desktop\Adaware_Installer.exe
2014-11-02 12:57 - 2014-11-02 13:06 - 00002694 _____ () C:\Users\Fred\Desktop\Rkill.txt
2014-11-02 12:46 - 2014-11-02 12:08 - 01944824 ____N (Bleeping Computer, LLC) C:\Users\Fred\Desktop\rkill.exe
2014-11-02 12:16 - 2014-11-02 12:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-02 12:06 - 2014-11-02 12:46 - 00000000 ____D () C:\Users\Fred\Desktop\mbar
2014-11-02 12:05 - 2014-11-02 11:22 - 14349744 ____N (Malwarebytes Corp.) C:\Users\Fred\Desktop\mbar-1.07.0.1012.exe
2014-11-02 10:14 - 2014-11-02 15:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 10:12 - 2014-11-02 12:06 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-02 10:12 - 2014-11-02 10:12 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-02 10:12 - 2014-11-02 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-02 10:12 - 2014-11-02 10:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-02 10:12 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-02 10:12 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-02 10:04 - 2014-11-02 10:05 - 00045469 _____ () C:\Users\Fred\Desktop\Result.txt
2014-11-02 09:57 - 2014-11-02 08:57 - 00401920 ____N (Farbar) C:\Users\Fred\Desktop\MiniToolBox.exe
2014-11-02 09:16 - 2014-11-02 09:51 - 00002356 _____ () C:\Users\Fred\Desktop\FSS.txt
2014-11-02 09:15 - 2014-11-02 08:55 - 00415232 ____N (Farbar) C:\Users\Fred\Desktop\FSS.exe
2014-11-02 09:08 - 2014-11-02 09:08 - 00001505 _____ () C:\Users\Fred\Desktop\checkup.txt
2014-11-02 08:50 - 2014-11-02 08:48 - 00854448 ____N () C:\Users\Fred\Desktop\SecurityCheck.exe
2014-11-01 15:34 - 2014-11-01 15:34 - 00001094 _____ () C:\Users\Fred\Desktop\AdwCleaner[S1].txt
2014-11-01 15:29 - 2014-11-01 15:29 - 00241248 _____ (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\50846567.sys
2014-10-29 19:53 - 2014-10-29 19:53 - 00023014 _____ () C:\swissarmy.ref
2014-10-29 19:53 - 2014-10-29 19:53 - 00000314 _____ () C:\actions.ref
2014-10-29 19:11 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-29 19:11 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-29 19:11 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-29 19:11 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-29 19:11 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-29 19:11 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-29 19:11 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-29 19:11 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-29 19:11 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-29 19:11 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-29 19:11 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-29 19:11 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-29 19:11 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-29 19:11 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-29 19:11 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-29 19:11 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-29 19:11 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-29 19:11 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-29 19:11 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-29 19:11 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-29 19:11 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-29 19:11 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-29 19:11 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-29 19:11 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-29 19:11 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-29 19:11 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-29 19:11 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-29 19:11 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-29 19:11 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-29 19:11 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-29 19:11 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-29 19:11 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-29 19:11 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-29 19:11 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-29 19:11 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-29 19:11 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-29 19:11 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-29 19:11 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-29 19:11 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-29 19:11 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-29 19:11 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-29 19:11 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-29 19:11 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-29 19:11 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-29 19:11 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-29 19:11 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-29 19:11 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-29 19:11 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-29 19:11 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-29 19:11 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-29 19:11 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-29 19:11 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-29 19:11 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-29 19:11 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-29 19:11 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-29 19:11 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-29 18:28 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-29 18:25 - 2014-11-01 15:31 - 00000000 ____D () C:\AdwCleaner
2014-10-29 18:18 - 2014-11-02 16:15 - 02114560 _____ (Farbar) C:\Users\Fred\Desktop\FRST64.exe
2014-10-29 18:08 - 2014-11-02 16:16 - 00000000 ____D () C:\FRST
2014-10-29 18:01 - 2014-10-29 18:01 - 01087888 _____ () C:\Users\Fred\Downloads\FRST.exe
2014-10-27 14:38 - 2014-10-27 14:38 - 00001632 _____ () C:\Users\Fred\Downloads\Ethical Issues and Other Tips.html.zip
2014-10-27 14:37 - 2014-10-27 14:37 - 00000980 _____ () C:\Users\Fred\Downloads\Demographic Questions.html.zip
2014-10-27 14:36 - 2014-10-27 14:36 - 00001522 _____ () C:\Users\Fred\Downloads\Creating Composite Measures.html.zip
2014-10-27 14:34 - 2014-10-27 14:34 - 00001033 _____ () C:\Users\Fred\Downloads\Filters & Skips.html.zip
2014-10-27 14:33 - 2014-10-27 14:33 - 00001119 _____ () C:\Users\Fred\Downloads\Likert Question Scales.html.zip
2014-10-27 14:25 - 2014-10-27 14:25 - 00134689 _____ () C:\Users\Fred\Downloads\Writing Survey Questions.html.zip
2014-10-27 14:23 - 2014-10-27 14:23 - 00185352 _____ () C:\Users\Fred\Downloads\Basic Development Tips.html.zip
2014-10-27 14:17 - 2014-10-27 14:17 - 00002305 _____ () C:\Users\Fred\Downloads\Purposes & Features of Survey Research.html.zip
2014-10-25 12:48 - 2014-10-25 12:48 - 01685576 _____ () C:\Users\Fred\Downloads\456091_intl_x64_zip (2).exe
2014-10-25 12:46 - 2014-10-25 12:46 - 01662216 _____ () C:\Users\Fred\Downloads\456091_intl_x64_zip (1).exe
2014-10-25 12:45 - 2014-10-25 12:45 - 01665136 _____ () C:\Users\Fred\Downloads\456091_intl_x64_zip.exe
2014-10-23 23:34 - 2014-10-23 23:34 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-10-23 22:54 - 2014-10-23 22:54 - 01466056 _____ () C:\Users\Fred\Desktop\memtest86-iso-6.0b1.zip
2014-10-23 15:14 - 2014-10-23 15:14 - 00003676 _____ () C:\Windows\System32\Tasks\HP online update program
2014-10-23 15:05 - 2014-10-23 15:05 - 00002207 _____ () C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
2014-10-23 15:05 - 2014-10-23 15:05 - 00002193 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk
2014-10-23 15:05 - 2014-10-23 15:05 - 00002181 _____ () C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk
2014-10-23 15:05 - 2014-10-23 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014
2014-10-23 15:05 - 2014-07-16 09:24 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2014-10-23 15:05 - 2014-07-16 09:24 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2014-10-23 15:05 - 2014-07-16 09:24 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2014-10-23 15:04 - 2014-10-23 15:04 - 00000000 ____D () C:\Users\Fred\AppData\Local\TuneUp Software
2014-10-23 15:03 - 2014-10-23 15:05 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014
2014-10-23 15:01 - 2014-10-23 15:13 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-10-23 15:01 - 2014-10-23 15:07 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-10-23 08:32 - 2014-10-23 08:32 - 00000000 _____ () C:\Users\Fred\Downloads\install_flashplayer15x32ax_chrd_dn_awa_aih.exe.izbp9hg.partial
2014-10-23 08:28 - 2014-10-23 08:28 - 00048413 _____ () C:\ComboFix.txt
2014-10-23 08:02 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-23 08:02 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-23 08:02 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-23 08:02 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-23 08:02 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-23 08:02 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-23 08:02 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-23 08:02 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-23 07:45 - 2014-10-23 08:28 - 00000000 ____D () C:\Qoobox
2014-10-23 07:45 - 2014-10-23 08:25 - 00000000 ____D () C:\Windows\erdnt
2014-10-23 07:18 - 2014-11-02 13:57 - 00475746 _____ () C:\Windows\PFRO.log
2014-10-23 06:59 - 2014-10-23 06:59 - 19828376 ____N (Malwarebytes Corporation ) C:\Users\Fred\Desktop\mbam-setup-2.0.3.1025.exe
2014-10-22 15:02 - 2014-11-02 13:58 - 00001592 _____ () C:\Windows\setupact.log
2014-10-22 15:02 - 2014-10-22 15:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-21 23:45 - 2014-10-21 23:45 - 00008028 _____ () C:\Users\Fred\Documents\startup.txt
2014-10-21 23:31 - 2014-10-21 07:23 - 00000000 _____ () C:\Windows\system32\Drivers\etc\hosts.20141022-003134.backup
2014-10-21 23:23 - 2014-10-21 23:45 - 00002966 _____ () C:\Windows\System32\Tasks\{291BE3C8-0828-4AA3-A998-904FF980789F}
2014-10-21 23:23 - 2014-10-21 23:23 - 00002964 _____ () C:\Windows\System32\Tasks\{CCEFC72D-4B77-4B8B-89A0-4B39441F57B7}
2014-10-21 23:23 - 2014-10-21 23:23 - 00002964 _____ () C:\Windows\System32\Tasks\{3A31DB3C-9F56-45CC-AD77-90E763AE6A55}
2014-10-21 23:22 - 2014-10-21 23:22 - 00002964 _____ () C:\Windows\System32\Tasks\{F0B8D192-823A-4D16-AB6A-14CB3D8E76BA}
2014-10-21 23:22 - 2014-10-21 23:22 - 00002964 _____ () C:\Windows\System32\Tasks\{C5E446D0-D18E-49CF-92BE-11E42D8C9001}
2014-10-21 23:22 - 2014-10-21 23:22 - 00002964 _____ () C:\Windows\System32\Tasks\{8C4E2CD9-DE95-46AD-B980-2DD886852CF4}
2014-10-21 23:20 - 2014-10-23 15:00 - 28369720 ____N (TuneUp Software) C:\Users\Fred\Desktop\TuneUpUtilities2014_en-US.exe
2014-10-21 21:22 - 2014-10-21 21:22 - 00003904 _____ () C:\Users\Fred\Desktop\reset.bat
2014-10-15 02:38 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 02:38 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 02:38 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 02:38 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 02:38 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 02:38 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 02:38 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 02:38 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 02:38 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 02:38 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 02:38 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 02:38 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 02:38 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 02:38 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 02:38 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 02:38 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 02:38 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 02:38 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 02:38 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 02:38 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 02:38 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 02:38 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 02:38 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 02:38 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 02:38 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 02:38 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 02:38 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 02:38 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 02:38 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 02:38 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 02:38 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 02:38 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 02:38 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 02:38 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 02:38 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 02:33 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 02:33 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 02:33 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 02:33 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 02:33 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 02:33 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 02:33 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 02:33 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 02:33 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 02:33 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 02:33 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 02:33 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 02:33 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 02:33 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 02:33 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 02:33 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 01:47 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 01:47 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 01:47 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 01:47 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 01:47 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 01:47 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 01:47 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 01:42 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 01:42 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 01:42 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 01:37 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 01:37 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 01:37 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 01:37 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 01:32 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 01:32 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 17:21 - 2014-10-14 17:21 - 06373976 _____ () C:\Users\Fred\Downloads\FitbitConnect_Win_20140519_1.0.3.5511 (2).exe
2014-10-14 17:18 - 2014-10-14 17:21 - 06353536 _____ () C:\Users\Fred\Downloads\FitbitConnect_Win_20140519_1.0.3.5511 (1).exe
2014-10-14 17:11 - 2014-10-14 17:11 - 00002992 _____ () C:\Windows\System32\Tasks\{DE64953D-43C2-4BB0-A5D0-AB14505B4169}
2014-10-14 17:11 - 2014-10-14 17:11 - 00002992 _____ () C:\Windows\System32\Tasks\{B607F179-5654-4494-9568-FFA12E537BBD}
2014-10-14 17:10 - 2014-10-14 17:10 - 00002992 _____ () C:\Windows\System32\Tasks\{A997AC0B-19AB-44CD-B0F8-B52746C1DBCB}
2014-10-14 17:10 - 2014-10-14 17:10 - 00002992 _____ () C:\Windows\System32\Tasks\{A547A810-D8A8-40D1-9FC0-C372AC29DE98}
2014-10-14 17:04 - 2014-10-14 17:06 - 06336016 _____ (Fitbit Inc.) C:\Users\Fred\Downloads\FitbitConnect_Win_20140519_1.0.3.5511.exe
2014-10-14 15:16 - 2014-10-14 15:16 - 00035898 _____ () C:\Users\Fred\Downloads\Criminology Mid-Term.odt
2014-10-08 22:34 - 2014-10-08 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-08 22:34 - 2014-10-08 22:34 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-10-08 22:34 - 2014-10-08 22:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-10-08 22:15 - 2014-10-08 22:15 - 00000000 ____D () C:\Users\Fred\AppData\Local\Juniper Networks
2014-10-08 22:07 - 2014-10-23 07:21 - 00000000 ____D () C:\Users\Fred\AppData\Local\LogMeIn Rescue Applet
2014-10-08 20:53 - 2014-10-08 21:03 - 00000000 ____D () C:\Windows\system32\CatRoot2.old
2014-10-07 18:00 - 2014-10-07 18:00 - 00003164 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry
2014-10-05 22:15 - 2014-10-05 22:15 - 00001029 _____ () C:\Users\Fred\Desktop\Free Window Registry Repair.lnk
2014-10-05 22:14 - 2014-10-05 22:14 - 00000000 _____ () C:\Users\Fred\Downloads\ccsetup418.exe.tr4c49m.partial
2014-10-05 22:13 - 2014-10-05 22:13 - 00000000 _____ () C:\Users\Fred\Downloads\spsetup126.exe.jgv141a.partial
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-02 16:12 - 2012-05-20 10:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-02 15:54 - 2011-11-27 17:11 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-02 15:51 - 2011-11-04 14:55 - 01085506 _____ () C:\Windows\WindowsUpdate.log
2014-11-02 15:34 - 2014-10-01 19:40 - 00004966 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for SwannPC-Fred SwannPC
2014-11-02 15:29 - 2014-03-23 11:55 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-693924070-473334787-738800383-1002UA.job
2014-11-02 14:13 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 14:13 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 14:09 - 2009-07-14 00:13 - 00798342 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 14:06 - 2013-10-24 16:26 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-11-02 14:04 - 2012-02-22 23:29 - 00000000 ___RD () C:\Users\Fred\Dropbox
2014-11-02 14:04 - 2012-02-22 23:24 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\Dropbox
2014-11-02 14:02 - 2011-11-04 13:54 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-11-02 14:02 - 2011-11-04 13:54 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-11-02 14:02 - 2011-11-04 13:21 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-11-02 14:01 - 2012-12-20 09:24 - 00000000 ___RD () C:\Users\Fred\Google Drive
2014-11-02 14:01 - 2012-09-13 18:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-02 14:00 - 2011-11-04 13:22 - 00000000 ____D () C:\Temp
2014-11-02 13:59 - 2011-11-27 17:11 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-02 13:58 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 12:49 - 2012-06-20 09:53 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E87F7EB1-13F8-49F6-9245-8EC980D00492}
2014-11-02 02:00 - 2014-08-20 16:36 - 00000000 ____D () C:\Users\Fred\AppData\Local\Adobe
2014-11-01 21:11 - 2012-09-13 09:41 - 00000000 ____D () C:\Users\Fred\AppData\Local\CrashDumps
2014-11-01 20:30 - 2014-03-23 11:55 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-693924070-473334787-738800383-1002Core.job
2014-11-01 17:12 - 2011-11-28 16:26 - 00002068 ____H () C:\Users\Fred\Documents\Default.rdp
2014-11-01 17:09 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-31 18:00 - 2012-08-23 10:06 - 00003488 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-10-30 17:17 - 2013-10-17 14:27 - 00000000 ____D () C:\Users\Fred\Desktop\Desktop Icons
2014-10-30 17:17 - 2013-06-23 10:09 - 00000000 ____D () C:\Users\Fred\Desktop\Apps & Icons
2014-10-29 23:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-29 20:12 - 2014-05-02 23:20 - 00000000 ___RD () C:\Users\Fred\Desktop\Camera Uploads
2014-10-29 20:05 - 2012-03-03 18:30 - 00000000 ____D () C:\Users\Fred\AppData\Local\Unity
2014-10-28 05:34 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-25 13:24 - 2014-07-04 12:56 - 00000000 ____D () C:\Warcraft III
2014-10-23 15:14 - 2013-01-02 23:35 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-10-23 15:14 - 2013-01-02 23:35 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe online update program
2014-10-23 15:14 - 2013-01-02 19:20 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon
2014-10-23 15:14 - 2012-12-25 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTech
2014-10-23 15:13 - 2013-05-06 16:07 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\HpUpdate
2014-10-23 15:13 - 2013-01-02 23:30 - 00000000 __SHD () C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2014-10-23 15:13 - 2012-12-25 09:16 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Polaroid Instant Memories
2014-10-23 15:13 - 2012-09-12 15:44 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium 2012
2014-10-23 15:13 - 2012-08-13 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor 7
2014-10-23 15:13 - 2012-02-06 20:08 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2014-10-23 15:11 - 2014-07-29 10:35 - 00001463 _____ () C:\Users\Fred\Desktop\Swann-Birth Certificate GC&SU - Shortcut.lnk
2014-10-23 15:04 - 2013-01-02 10:53 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\TuneUp Software
2014-10-23 08:28 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-10-23 08:20 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-23 07:18 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\addins
2014-10-23 07:16 - 2013-09-04 07:06 - 00000000 ____D () C:\Users\Fred\AppData\Local\CRE
2014-10-23 07:00 - 2013-09-10 17:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-21 23:44 - 2013-12-27 22:01 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-21 22:38 - 2012-10-22 16:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-21 21:52 - 2014-06-18 19:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-21 20:41 - 2013-07-28 08:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-21 20:36 - 2011-11-12 01:09 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-19 07:49 - 2011-11-27 17:11 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 07:49 - 2011-11-27 17:11 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 20:23 - 2014-03-23 11:55 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-693924070-473334787-738800383-1002UA
2014-10-17 20:23 - 2014-03-23 11:55 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-693924070-473334787-738800383-1002Core
2014-10-16 02:27 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-16 02:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 02:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-16 02:02 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-15 02:24 - 2009-07-13 23:45 - 05110464 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 02:18 - 2014-04-30 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-14 07:31 - 2011-11-09 14:40 - 00000000 ____D () C:\Users\Fred\AppData\Local\Nero
2014-10-12 11:59 - 2012-02-22 23:29 - 00000000 ____D () C:\Users\Fred\Desktop\Photos
2014-10-10 19:21 - 2011-11-09 14:26 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\Adobe
2014-10-08 22:45 - 2012-12-18 18:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-08 20:57 - 2012-05-20 10:09 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-08 20:57 - 2012-05-20 10:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-08 20:57 - 2011-11-04 13:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-08 20:26 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\CatRoot2_2014108214951
2014-10-08 13:42 - 2011-11-11 02:10 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-10-05 22:34 - 2014-05-12 13:46 - 00000000 ____D () C:\Users\TEMP
2014-10-05 22:32 - 2011-11-09 14:32 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\uTorrent
2014-10-05 22:15 - 2013-02-04 08:54 - 00000000 ____D () C:\Program Files (x86)\Free Window Registry Repair
2014-10-05 22:03 - 2012-09-07 14:48 - 00000000 ____D () C:\Program Files (x86)\Norton PC Checkup 3.0
 
ZeroAccess:
C:\Users\Fred\AppData\Local\{756e6507-b2e7-ea72-16d5-a2b920c9e36d}
 
Some content of TEMP:
====================
C:\Users\Fred\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi7ulq_.dll
C:\Users\Fred\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-25 23:57
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by Fred at 2014-11-02 16:17:42
Running from C:\Users\Fred\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Ad-Aware Antivirus (HKLM\...\{E39A80AE-0CC0-43EE-AB6B-BE11DC4F969F}_AdAwareUpdater) (Version: 11.3.6321.0 - Lavasoft)
AdAwareInstaller (Version: 11.3.6321.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.3.6321.0 - Lavasoft) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
AvcEngine (Version: 3.10.7820.0 - Lavasoft) Hidden
Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2012 ENU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.316.0 - Google Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{AFA4B0BF-3289-495A-B949-BA91F39B1A44}) (Version: 11.1.21009.00 - Microsoft Corporation)
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
Juniper Networks Host Checker (HKCU\...\Neoteris_Host_Checker) (Version: 7.0.0.17289 - Juniper Networks)
Juniper Networks Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 8.0.3.44471 - Juniper Networks)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Professional 2012 (HKLM-x32\...\{20fc1ec7-3058-48d4-80f8-e1cfd52391c7}) (Version: 11.0.50727.26 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
ROBLOX Player for Fred (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio 2013 for Fred (HKCU\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 Update 2 (KB2707250) (HKLM-x32\...\{2fba7dd0-b8eb-4185-aea3-e6910d3f8102}) (Version: 11.0.60315 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Warcraft III: All Products (HKCU\...\Warcraft III) (Version:  - )
WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-693924070-473334787-738800383-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-693924070-473334787-738800383-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Fred\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-693924070-473334787-738800383-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Fred\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-693924070-473334787-738800383-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-693924070-473334787-738800383-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Fred\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-693924070-473334787-738800383-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Fred\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-693924070-473334787-738800383-1002_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Fred\AppData\Local\Roblox\Versions\version-2c1f992c1a264ecc\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-693924070-473334787-738800383-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Fred\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-693924070-473334787-738800383-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Fred\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-693924070-473334787-738800383-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Fred\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-693924070-473334787-738800383-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-693924070-473334787-738800383-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-693924070-473334787-738800383-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-693924070-473334787-738800383-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-693924070-473334787-738800383-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-693924070-473334787-738800383-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-693924070-473334787-738800383-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-693924070-473334787-738800383-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
01-11-2014 22:39:52 Scheduled Checkpoint
02-11-2014 00:14:26 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-10-09 06:06 - 2014-11-01 17:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {00858106-1A72-48F7-986C-764B9275126E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-08-19] (PC-Doctor, Inc.)
Task: {01DF0E7A-CAE1-495B-B58E-F0A1DD3067B7} - System32\Tasks\{A547A810-D8A8-40D1-9FC0-C372AC29DE98} => C:\Users\Fred\Downloads\FitbitConnect_Win_20140519_1.0.3.5511.exe [2014-10-14] (Fitbit Inc.)
Task: {02C9B43C-8EB7-4077-8A5F-C0425E2AD566} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {0C558046-A303-489E-A8D0-4D9E7F16F212} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {0FE7764B-A01B-476A-BA46-4104A426FC7C} - System32\Tasks\{CCEFC72D-4B77-4B8B-89A0-4B39441F57B7} => C:\Users\Fred\Desktop\TuneUpUtilities2014_en-US.exe [2014-10-23] (TuneUp Software)
Task: {12F1ADC3-3EAE-45A5-9E8B-1EDDAB924D5B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-12] (AVAST Software)
Task: {20616DC9-0C69-47AF-953D-C083DD3CB3C7} - System32\Tasks\{8C4E2CD9-DE95-46AD-B980-2DD886852CF4} => C:\Users\Fred\Desktop\TuneUpUtilities2014_en-US.exe [2014-10-23] (TuneUp Software)
Task: {26BA9E8A-14BA-41BE-BF3D-F987114FD383} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {28F3D8DD-3306-4D7F-85AA-214998F5DA5A} - System32\Tasks\{B607F179-5654-4494-9568-FFA12E537BBD} => C:\Users\Fred\Downloads\FitbitConnect_Win_20140519_1.0.3.5511.exe [2014-10-14] (Fitbit Inc.)
Task: {312FC81B-D8FE-4622-ABBC-2E77999C2556} - System32\Tasks\NCH Software\PixillionDowngrade => C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe
Task: {427503EC-AB47-41E3-AA7B-7CA544B2B987} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {43D22323-D819-4BCC-8809-CFA4FA7D0A9A} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {48418C75-0F2C-4E8D-B96E-F3006BE7F413} - System32\Tasks\{291BE3C8-0828-4AA3-A998-904FF980789F} => C:\Users\Fred\Desktop\TuneUpUtilities2014_en-US.exe [2014-10-23] (TuneUp Software)
Task: {5086F963-8DF4-4938-A74A-882C22CE891C} - System32\Tasks\{DE64953D-43C2-4BB0-A5D0-AB14505B4169} => C:\Users\Fred\Downloads\FitbitConnect_Win_20140519_1.0.3.5511.exe [2014-10-14] (Fitbit Inc.)
Task: {518B7C2D-D5B3-4675-BA8C-00FA288068A6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {51E67A1F-016E-4A49-AC2D-F96A8337B4B9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-693924070-473334787-738800383-1002UA => C:\Users\Fred\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-23] (Google Inc.)
Task: {57268812-CD17-4257-A8A5-44CD8BA6E068} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {5AD513E4-1493-483A-8CEE-4BA00EB000C5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-07-31] (Microsoft Corporation)
Task: {5D2B32B5-E96A-4F69-9B51-346690605F62} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {6408CB0D-0E0C-41C8-8031-0E44157892A6} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-08-19] (PC-Doctor, Inc.)
Task: {7090D0CE-5CFF-4ED5-9F50-BCED14EF5C10} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {7146E5EC-1E02-4F25-91D5-47817B8F457A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-08] (Adobe Systems Incorporated)
Task: {902D44F1-9EBC-4FAC-B767-8BFCF0F446FA} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {91DF3D6B-F597-40AF-8E57-94E263F39E53} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {96088936-9E56-40A9-8F62-BE6D6A9D60F2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-693924070-473334787-738800383-1002Core => C:\Users\Fred\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-23] (Google Inc.)
Task: {9A46D89C-7786-4D97-9AAF-0BA906E716CB} - System32\Tasks\{3A31DB3C-9F56-45CC-AD77-90E763AE6A55} => C:\Users\Fred\Desktop\TuneUpUtilities2014_en-US.exe [2014-10-23] (TuneUp Software)
Task: {9C3FCF88-DB5E-43A6-9684-B899E5AC3ED6} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {A2894A4D-1CEC-4704-9EFB-7E5B4EE92FB1} - System32\Tasks\Microsoft Office 15 Sync Maintenance for SwannPC-Fred SwannPC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-24] (Microsoft Corporation)
Task: {A472C61B-8D99-40F2-A2AD-1C10DE72DE74} - System32\Tasks\{C5E446D0-D18E-49CF-92BE-11E42D8C9001} => C:\Users\Fred\Desktop\TuneUpUtilities2014_en-US.exe [2014-10-23] (TuneUp Software)
Task: {B5369A1E-B868-45DB-A540-B17C69D8489D} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {D1035E8C-B123-4481-8EC6-84FC1F0C2F55} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-05-07] (Oracle Corporation)
Task: {E0B7CCAB-15B3-4F25-9183-F8067B2AD044} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-08-19] (PC-Doctor, Inc.)
Task: {E8FADA10-71B5-4E7D-9A3D-7580C5510174} - System32\Tasks\{A997AC0B-19AB-44CD-B0F8-B52746C1DBCB} => C:\Users\Fred\Downloads\FitbitConnect_Win_20140519_1.0.3.5511.exe [2014-10-14] (Fitbit Inc.)
Task: {EA3A7481-C9CB-4641-B089-4A50670D77BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {F0637C53-E28B-4955-A1E7-AAA856AF7A4B} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {F20D11D3-24E4-49CC-ABDA-DE1DEE89BB82} - System32\Tasks\{F0B8D192-823A-4D16-AB6A-14CB3D8E76BA} => C:\Users\Fred\Desktop\TuneUpUtilities2014_en-US.exe [2014-10-23] (TuneUp Software)
Task: {F507049A-CC37-4D2C-AF55-DD540E6F0924} - System32\Tasks\AdobeAAMUpdater-1.0-SwannPC-Fred => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-07-31] (Adobe Systems Incorporated)
Task: {F8300532-76D2-4053-9F09-3E171413CC94} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-08-24] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-693924070-473334787-738800383-1002Core.job => C:\Users\Fred\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-693924070-473334787-738800383-1002UA.job => C:\Users\Fred\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-08-07 17:37 - 2014-08-24 04:00 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-08-27 11:52 - 2014-08-27 11:52 - 02745168 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareShellExtension.dll
2014-08-27 11:53 - 2014-08-27 11:53 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\RCF.dll
2014-08-27 11:53 - 2014-08-27 11:53 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_filesystem-vc100-mt-1_55.dll
2014-08-27 11:53 - 2014-08-27 11:53 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_system-vc100-mt-1_55.dll
2012-09-12 15:43 - 2012-09-12 15:32 - 00047104 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
2012-09-12 15:43 - 2012-09-12 15:32 - 00042496 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
2012-09-12 15:43 - 2012-09-12 15:32 - 00731136 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2012-09-12 15:43 - 2012-09-12 15:32 - 01719808 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2012-09-12 15:43 - 2012-09-12 15:32 - 00016384 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc80-mt-1_36.dll
2011-04-19 22:18 - 2011-04-19 22:18 - 00073728 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2009-03-16 00:47 - 2009-03-16 00:47 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2014-03-19 11:17 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-11-23 16:37 - 2011-11-23 16:37 - 09688064 _____ () C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
2008-11-18 13:25 - 2008-11-18 13:25 - 00016384 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-11-04 13:15 - 2011-11-04 13:15 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-07-16 09:24 - 2014-07-16 09:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2011-11-04 13:21 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2009-03-16 00:47 - 2009-03-16 00:47 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
2009-03-16 00:47 - 2009-03-16 00:47 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
2014-07-12 09:39 - 2014-07-12 09:39 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-11-01 14:00 - 2014-11-01 14:00 - 02898944 _____ () C:\Program Files\AVAST Software\Avast\defs\14110101\algo.dll
2014-11-02 14:03 - 2014-11-02 14:03 - 02898944 _____ () C:\Program Files\AVAST Software\Avast\defs\14110201\algo.dll
2009-03-05 19:00 - 2009-03-05 19:00 - 00532480 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-02 14:04 - 2014-11-02 14:04 - 00043008 _____ () c:\users\fred\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi7ulq_.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Fred\AppData\Roaming\Dropbox\bin\libcef.dll
2014-06-19 12:09 - 2014-06-19 12:09 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-10-28 02:58 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-28 02:57 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-07-12 09:39 - 2014-07-12 09:39 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-18 19:26 - 2014-04-25 13:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-18 19:26 - 2014-04-25 13:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-18 19:26 - 2014-04-25 13:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-10-28 02:58 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 02:57 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2013-10-31 10:05 - 2013-10-31 10:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2014-11-02 13:59 - 2014-11-02 13:59 - 00098816 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\win32api.pyd
2014-11-02 13:59 - 2014-11-02 13:59 - 00110080 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\pywintypes27.dll
2014-11-02 13:59 - 2014-11-02 13:59 - 00364544 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\pythoncom27.dll
2014-11-02 13:59 - 2014-11-02 13:59 - 00045568 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\_socket.pyd
2014-11-02 13:59 - 2014-11-02 13:59 - 01160704 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\_ssl.pyd
2014-11-02 13:59 - 2014-11-02 13:59 - 00320512 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\win32com.shell.shell.pyd
2014-11-02 13:59 - 2014-11-02 13:59 - 00713216 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\_hashlib.pyd
2014-11-02 13:59 - 2014-11-02 13:59 - 01175040 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\wx._core_.pyd
2014-11-02 13:59 - 2014-11-02 13:59 - 00805888 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\wx._gdi_.pyd
2014-11-02 13:59 - 2014-11-02 13:59 - 00811008 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\wx._windows_.pyd
2014-11-02 13:59 - 2014-11-02 13:59 - 01062400 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\wx._controls_.pyd
2014-11-02 13:58 - 2014-11-02 13:58 - 00735232 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\wx._misc_.pyd
2014-11-02 13:59 - 2014-11-02 13:59 - 00128512 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\_elementtree.pyd
2014-11-02 13:59 - 2014-11-02 13:59 - 00127488 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\pyexpat.pyd
2014-11-02 13:59 - 2014-11-02 13:59 - 00557056 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\pysqlite2._sqlite.pyd
2014-11-02 13:59 - 2014-11-02 13:59 - 00007168 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\hashobjs_ext.pyd
2014-11-02 13:59 - 2014-11-02 13:59 - 00087552 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\_ctypes.pyd
2014-11-02 13:59 - 2014-11-02 13:59 - 00119808 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\win32file.pyd
2014-11-02 13:59 - 2014-11-02 13:59 - 00108544 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\win32security.pyd
2014-11-02 13:59 - 2014-11-02 13:59 - 00018432 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\win32event.pyd
2014-11-02 13:59 - 2014-11-02 13:59 - 00038912 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\win32inet.pyd
2014-11-02 13:59 - 2014-11-02 13:59 - 00070656 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\wx._html2.pyd
2014-11-02 13:59 - 2014-11-02 13:59 - 00167936 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\win32gui.pyd
2014-11-02 13:58 - 2014-11-02 13:58 - 00011264 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\win32crypt.pyd
2014-11-02 13:59 - 2014-11-02 13:59 - 00027136 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\_multiprocessing.pyd
2014-11-02 13:59 - 2014-11-02 13:59 - 00686080 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\unicodedata.pyd
2014-11-02 13:58 - 2014-11-02 13:58 - 00122368 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\wx._wizard.pyd
2014-11-02 13:59 - 2014-11-02 13:59 - 00010240 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\select.pyd
2014-11-02 13:59 - 2014-11-02 13:59 - 00024064 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\win32pipe.pyd
2014-11-02 13:59 - 2014-11-02 13:59 - 00025600 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\win32pdh.pyd
2014-11-02 13:59 - 2014-11-02 13:59 - 00525640 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\windows._lib_cacheinvalidation.pyd
2014-11-02 13:58 - 2014-11-02 13:58 - 00035840 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\win32process.pyd
2014-11-02 13:59 - 2014-11-02 13:59 - 00017408 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\win32profile.pyd
2014-11-02 13:59 - 2014-11-02 13:59 - 00022528 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\win32ts.pyd
2014-11-02 13:58 - 2014-11-02 13:58 - 00078336 _____ () C:\Users\Fred\AppData\Local\Temp\_MEI19242\wx._animate.pyd
2014-10-28 02:57 - 2014-10-21 23:04 - 00310088 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libexif.dll
2014-06-18 19:26 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-06-18 19:26 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-07-16 09:21 - 2014-07-16 09:21 - 00611128 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUKernel.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00152888 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUBasic.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00820024 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\MainControls.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00119096 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUTransl.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00161080 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\PerlRegEx.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00210744 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\XMLComponents.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00449848 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\GR32_D6.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00129336 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\SchedAgent_2007.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00335672 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUCompression.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00307000 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\DEC.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00493368 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\Html.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00307000 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\ntrtl60.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00458040 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\PowerManager.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00470328 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\SysInfo.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00656184 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\MSI_D6.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00144184 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUIcoEngineerDirTree.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00076600 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUShell.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00068408 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\SysControls.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00215864 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\ProgramRating.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00423224 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\VisControls.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00033080 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUBase.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 01145144 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxBarD12.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00044856 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxCoreD12.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00016184 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxComnD12.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00055608 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxThemeD12.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00852280 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\cxLibraryD12.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00069944 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxGDIPlusD12.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00154424 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\cefcomponent.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00278840 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\AppInitialization.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00107320 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUShredder.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00632632 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUDiskCleanerClass.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00092984 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUApps.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00042808 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TURar.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00489272 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\Traces.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00083256 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUOperaClass.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00047928 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUApplications.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00042808 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUSafariClass.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00140088 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\CommonForms.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00609080 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\VirtualTreesR.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00065848 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUIECacheClass.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00103224 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUDefragClient.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00962872 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TuningWizard.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00107320 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\Internet.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00207672 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxBarExtItemsD12.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00289080 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\RegCleaner.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00023864 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\IEControl.bpl
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:07BF512B
AlternateDataStreams: C:\ProgramData\Temp:373E1720
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-693924070-473334787-738800383-500 - Administrator - Disabled)
Fred (S-1-5-21-693924070-473334787-738800383-1002 - Administrator - Enabled) => C:\Users\Fred
Guest (S-1-5-21-693924070-473334787-738800383-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-693924070-473334787-738800383-1003 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/02/2014 02:20:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/02/2014 02:19:31 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.
 
Error: (11/02/2014 02:18:28 PM) (Source: MsiInstaller) (EventID: 1041) (User: NT AUTHORITY)
Description: Failed to begin a Windows Installer transaction AA11. Error 1618 occurred while beginning the transaction.
 
Error: (11/02/2014 02:18:15 PM) (Source: MsiInstaller) (EventID: 1041) (User: NT AUTHORITY)
Description: Failed to begin a Windows Installer transaction AA11. Error 1618 occurred while beginning the transaction.
 
Error: (11/02/2014 02:16:39 PM) (Source: MsiInstaller) (EventID: 1041) (User: NT AUTHORITY)
Description: Failed to begin a Windows Installer transaction AA11. Error 1618 occurred while beginning the transaction.
 
Error: (11/02/2014 02:16:26 PM) (Source: MsiInstaller) (EventID: 1041) (User: NT AUTHORITY)
Description: Failed to begin a Windows Installer transaction AA11. Error 1618 occurred while beginning the transaction.
 
Error: (11/02/2014 02:11:19 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.
 
Error: (11/01/2014 09:58:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdAwareService.exe, version: 11.3.6321.0, time stamp: 0x53fda5a8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000080000
Faulting process id: 0xa08
Faulting application start time: 0xAdAwareService.exe0
Faulting application path: AdAwareService.exe1
Faulting module path: AdAwareService.exe2
Report Id: AdAwareService.exe3
 
Error: (11/01/2014 09:11:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00095c91
Faulting process id: 0x75c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (11/01/2014 08:46:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00095c91
Faulting process id: 0x2564
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
 
System errors:
=============
Error: (11/02/2014 02:03:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (11/02/2014 02:02:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (11/02/2014 02:02:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (11/02/2014 02:01:08 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (11/02/2014 02:00:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PasswordBox service failed to start due to the following error: 
%%1053
 
Error: (11/02/2014 02:00:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the PasswordBox service to connect.
 
Error: (11/02/2014 02:00:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/02/2014 01:59:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error: 
%%1053
 
Error: (11/02/2014 01:59:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
 
Error: (11/02/2014 01:58:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (11/02/2014 02:20:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\SysWOW64\CoziScreensaver.scr
 
Error: (11/02/2014 02:19:31 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (11/02/2014 02:18:28 PM) (Source: MsiInstaller) (EventID: 1041) (User: NT AUTHORITY)
Description: AA111618(NULL)(NULL)(NULL)(NULL)
 
Error: (11/02/2014 02:18:15 PM) (Source: MsiInstaller) (EventID: 1041) (User: NT AUTHORITY)
Description: AA111618(NULL)(NULL)(NULL)(NULL)
 
Error: (11/02/2014 02:16:39 PM) (Source: MsiInstaller) (EventID: 1041) (User: NT AUTHORITY)
Description: AA111618(NULL)(NULL)(NULL)(NULL)
 
Error: (11/02/2014 02:16:26 PM) (Source: MsiInstaller) (EventID: 1041) (User: NT AUTHORITY)
Description: AA111618(NULL)(NULL)(NULL)(NULL)
 
Error: (11/02/2014 02:11:19 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (11/01/2014 09:58:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AdAwareService.exe11.3.6321.053fda5a8unknown0.0.0.000000000c00000050000000000080000a0801cff61311bb9d29C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exeunknown225978eb-623c-11e4-b4c3-782bcba5f436
 
Error: (11/01/2014 09:11:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00095c9175c01cff6423e39c948C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll92e988f4-6235-11e4-b4c3-782bcba5f436
 
Error: (11/01/2014 08:46:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00095c91256401cff63ebca7c81aC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll04264313-6232-11e4-b4c3-782bcba5f436
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-23 09:15:32.570
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-23 09:15:32.539
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X4 945 Processor
Percentage of memory in use: 39%
Total physical RAM: 8191.3 MB
Available physical RAM: 4931.52 MB
Total Pagefile: 16380.77 MB
Available Pagefile: 8460.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:918.22 GB) (Free:720.04 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 789B359E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=918.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:41 PM

Posted 02 November 2014 - 04:22 PM

Hi,

warning.gif Malware Warning

All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER.

Step 1

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Fredlo

Fredlo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 02 November 2014 - 05:26 PM

ComboFix 14-10-21.01 - Fred 11/02/2014  16:39:22.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8191.5190 [GMT -5:00]
Running from: c:\users\Fred\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Fred\AppData\Local\Temp\_MEI19242\_ctypes.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\_elementtree.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\_hashlib.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\_multiprocessing.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\_socket.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\_ssl.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\hashobjs_ext.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\pyexpat.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\pysqlite2._sqlite.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\python27.dll
c:\users\Fred\AppData\Local\Temp\_MEI19242\pythoncom27.dll
c:\users\Fred\AppData\Local\Temp\_MEI19242\PyWinTypes27.dll
c:\users\Fred\AppData\Local\Temp\_MEI19242\select.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\unicodedata.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\win32api.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\win32com.shell.shell.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\win32crypt.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\win32event.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\win32file.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\win32gui.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\win32inet.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\win32pdh.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\win32pipe.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\win32process.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\win32profile.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\win32security.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\win32ts.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\windows._lib_cacheinvalidation.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\wx._animate.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\wx._controls_.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\wx._core_.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\wx._gdi_.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\wx._html2.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\wx._misc_.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\wx._windows_.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\wx._wizard.pyd
c:\users\Fred\AppData\Local\Temp\_MEI19242\wxbase294u_net_vc90.dll
c:\users\Fred\AppData\Local\Temp\_MEI19242\wxbase294u_vc90.dll
c:\users\Fred\AppData\Local\Temp\_MEI19242\wxmsw294u_adv_vc90.dll
c:\users\Fred\AppData\Local\Temp\_MEI19242\wxmsw294u_core_vc90.dll
c:\users\Fred\AppData\Local\Temp\_MEI19242\wxmsw294u_html_vc90.dll
c:\users\Fred\AppData\Local\Temp\_MEI19242\wxmsw294u_webview_vc90.dll
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct: 
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
    (Default)    REG_SZ    Thumbnail Cache Class Factory for Out of Proc Server
    AppID    REG_SZ    {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32
    (Default)    REG_SZ    c:\windows\system32\thumbcache.dll
    ThreadingModel    REG_SZ    Apartment
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-02 to 2014-11-02  )))))))))))))))))))))))))))))))
.
.
2014-11-02 22:09 . 2014-11-02 22:09 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2014-11-02 22:09 . 2014-11-02 22:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-02 17:16 . 2014-11-02 17:45 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-11-02 15:14 . 2014-11-02 20:36 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-02 15:12 . 2014-11-02 17:06 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-02 15:12 . 2014-10-01 16:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-02 15:12 . 2014-10-01 16:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-02 15:12 . 2014-11-02 15:12 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-11-02 00:14 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D1F80E4F-7B38-4674-9FBC-12510EB7CC56}\mpengine.dll
2014-11-01 20:29 . 2014-11-01 20:29 241248 ----a-w- c:\windows\system32\drivers\50846567.sys
2014-10-29 23:28 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-10-29 23:25 . 2014-11-01 20:31 -------- d-----w- C:\AdwCleaner
2014-10-29 23:08 . 2014-11-02 21:18 -------- d-----w- C:\FRST
2014-10-23 20:05 . 2014-07-16 14:24 40760 ----a-w- c:\windows\system32\TURegOpt.exe
2014-10-23 20:05 . 2014-07-16 14:24 29496 ----a-w- c:\windows\system32\authuitu.dll
2014-10-23 20:05 . 2014-07-16 14:24 25400 ----a-w- c:\windows\SysWow64\authuitu.dll
2014-10-23 20:04 . 2014-10-23 20:04 -------- d-----w- c:\users\Fred\AppData\Local\TuneUp Software
2014-10-23 20:03 . 2014-10-23 20:05 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2014
2014-10-23 20:01 . 2014-10-23 20:13 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-10-23 20:01 . 2014-10-23 20:07 -------- d-----w- c:\programdata\TuneUp Software
2014-10-22 02:23 . 2014-11-02 22:13 -------- d-----w- c:\windows\system32\wbem\repository
2014-10-15 07:33 . 2014-07-17 02:07 3722240 ----a-w- c:\windows\system32\mstscax.dll
2014-10-15 06:47 . 2014-09-29 00:58 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-10-15 06:47 . 2014-06-18 22:23 1943696 ----a-w- c:\windows\system32\dfshim.dll
2014-10-15 06:47 . 2014-06-18 22:23 156312 ----a-w- c:\windows\system32\mscorier.dll
2014-10-15 06:47 . 2014-06-18 22:23 156824 ----a-w- c:\windows\SysWow64\mscorier.dll
2014-10-15 06:47 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll
2014-10-15 06:47 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll
2014-10-15 06:47 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll
2014-10-15 06:42 . 2014-10-10 02:05 276480 ----a-w- c:\windows\system32\generaltel.dll
2014-10-15 06:42 . 2014-10-10 02:05 507392 ----a-w- c:\windows\system32\aepdu.dll
2014-10-15 06:42 . 2014-10-10 02:00 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-10-15 06:37 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll
2014-10-15 06:37 . 2014-09-18 01:32 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-15 06:37 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll
2014-10-15 06:37 . 2014-09-04 05:04 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2014-10-15 06:32 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll
2014-10-15 06:32 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-09 03:34 . 2014-10-09 03:34 -------- d-----w- c:\program files\Microsoft Silverlight
2014-10-09 03:34 . 2014-10-09 03:34 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-10-09 03:23 . 2014-10-22 01:43 -------- d-----w- c:\windows\system32\catroot2
2014-10-09 03:15 . 2014-10-09 03:15 -------- d-----w- c:\users\Fred\AppData\Local\Juniper Networks
2014-10-09 03:07 . 2014-10-23 12:21 -------- d-----w- c:\users\Fred\AppData\Local\LogMeIn Rescue Applet
2014-10-09 01:53 . 2014-10-09 02:03 -------- d-----w- c:\windows\system32\CatRoot2.old
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-28 10:34 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-22 01:36 . 2011-11-12 06:09 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-10-09 01:57 . 2012-05-20 15:09 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-09 01:57 . 2011-11-04 18:01 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-25 02:08 . 2014-09-30 17:50 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-09-30 17:50 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-09 22:11 . 2014-09-24 11:29 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 11:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-24 08:59 . 2013-10-31 01:41 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-08-23 02:07 . 2014-08-27 19:59 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-27 19:59 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-22 07:07 . 2014-08-22 00:36 2514656 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2014-08-21 16:30 . 2014-08-21 16:30 727592 ----a-w- c:\windows\system32\drivers\avc3.sys
2014-08-21 16:30 . 2014-08-21 16:30 601360 ----a-w- c:\windows\system32\drivers\avckf.sys
2014-08-21 16:30 . 2014-08-21 16:30 261056 ----a-w- c:\windows\system32\drivers\avchv.sys
2014-08-21 16:30 . 2014-08-21 16:30 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-31 01:45 222712 ----a-w- c:\users\Fred\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-31 01:45 222712 ----a-w- c:\users\Fred\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-31 01:45 222712 ----a-w- c:\users\Fred\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-08-08 22734160]
"HP Photosmart 7520 series (NET)"="c:\program files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"GoogleChromeAutoLaunch_A4965B78819F71963FB87671E75564A3"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-10-22 854344]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2014-04-25 4566984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"JunosPulse"="c:\program files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe" [2013-11-14 2521432]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2013-04-15 337432]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-04-25 4101584]
.
c:\users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-12 36414624]
Send to OneNote.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2014-8-7 195240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
.
3;2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 PasswordBox;PasswordBox;c:\program files (x86)\PasswordBox\pbbtnService.exe;c:\program files (x86)\PasswordBox\pbbtnService.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys;c:\windows\SYSNATIVE\drivers\ahcix64s.sys [x]
R3 ArcService;Arc Service;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 HtcUsbMdmV64;HTC Proprietary USB Driver;c:\windows\system32\DRIVERS\HtcUsbMdmV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcUsbMdmV64.sys [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 jnprva;Juniper Networks Virtual Adapter Service;c:\windows\system32\DRIVERS\jnprva.sys;c:\windows\SYSNATIVE\DRIVERS\jnprva.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 jnprTdi_801_41197;Juniper Networks TDI Filter Driver (jnprTdi_801_41197);c:\windows\system32\Drivers\jnprTdi_801_41197.sys;c:\windows\SYSNATIVE\Drivers\jnprTdi_801_41197.sys [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys;c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys;c:\program files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [x]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [x]
S2 AMDFusionSVC;AMD Fusion Utility Service;c:\program files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe;c:\program files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 JuniperAccessService;Juniper Unified Network Service;c:\program files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe;c:\program files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [x]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 MySQL55;MySQL55;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL55;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL55 [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys;c:\windows\SYSNATIVE\DRIVERS\AmdLLD64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
S3 gzflt;gzflt;c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys;c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [x]
S3 jnprna;Juniper Network Agent Miniport;c:\windows\system32\DRIVERS\jnprna6.sys;c:\windows\SYSNATIVE\DRIVERS\jnprna6.sys [x]
S3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;c:\windows\system32\DRIVERS\jnprvamgr.sys;c:\windows\SYSNATIVE\DRIVERS\jnprvamgr.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-28 07:56 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 01:57]
.
2014-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-27 12:49]
.
2014-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-27 12:49]
.
2014-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-693924070-473334787-738800383-1002Core.job
- c:\users\Fred\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-23 16:55]
.
2014-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-693924070-473334787-738800383-1002UA.job
- c:\users\Fred\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-23 16:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-31 01:45 261624 ----a-w- c:\users\Fred\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-31 01:45 261624 ----a-w- c:\users\Fred\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-31 01:45 261624 ----a-w- c:\users\Fred\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-02 19:47 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-02 19:47 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-02 19:47 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-12 14:39 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-18 9608224]
"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-07-31 446392]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-09-12 204048]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-09-12 1300672]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe" [2014-08-27 8886592]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uInternet Settings,ProxyServer = localhost:21320
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{51ABF2FF-E5A5-4CC5-9BDC-79C071D0152C}: NameServer = 8.8.8.8
TCP: Interfaces\{9F68D0DB-E686-46FF-81E8-D05635602215}: NameServer = 10.248.56.36,10.248.56.35
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.91\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL55]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL55"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f5,b4,ca,19,bb,16,ca,fb,3e,ac,99,d3,8c,6b,fa,0d,1e,f0,49,ea,07,
   22,99,c8,3e,48,7c,c7,31,04,2a,88,89,ac,f1,33,27,37,be,61,67,67,09,be,30,17,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f5,b4,ca,19,bb,16,ca,fb,3e,ac,99,d3,8c,6b,fa,0d,1e,f0,49,ea,07,
   22,99,c8,3e,48,7c,c7,31,04,2a,88,89,ac,f1,33,27,37,be,61,67,67,09,be,30,17,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
c:\program files\Microsoft Office 15\Root\Office15\MsoSync.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
.
**************************************************************************
.
Completion time: 2014-11-02  17:22:38 - machine was rebooted
ComboFix-quarantined-files.txt  2014-11-02 22:22
ComboFix2.txt  2014-10-23 13:28
.
Pre-Run: 773,292,662,784 bytes free
Post-Run: 792,423,145,472 bytes free
.
- - End Of File - - E3B6C808005B3403A6F56A368ED22EBB


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:41 PM

Posted 02 November 2014 - 05:29 PM

OK,

Step 1

Don't remove on your own anything that Hitman Pro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Fredlo

Fredlo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 02 November 2014 - 05:49 PM

HitmanPro 3.7.9.232
www.hitmanpro.com
 
   Computer name . . . . : SWANNPC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : SwannPC\Fred
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-11-02 17:38:41
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 58s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 9
   Traces  . . . . . . . : 77
 
   Objects scanned . . . : 3,546,997
   Files scanned . . . . : 75,628
   Remnants scanned  . . : 1,575,061 files / 1,896,308 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\Fred\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HMV45FUE\FRST64[1].exe
      Size . . . . . . . : 2,114,560 bytes
      Age  . . . . . . . : 0.1 days (2014-11-02 16:15:49)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : C3D38BE8C0CEE5862472EC7449D3457C46591C186BC1B1426DE3A41F3B8BDDAE
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.1s C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Cookies\RHE45NJ8.txt
         -0.1s C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Cookies\RHE45NJ8.txt
         -0.1s C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Cookies\RHE45NJ8.txt
         -0.1s C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Cookies\RHE45NJ8.txt
         -0.1s C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Cookies\3H7FN6O7.txt
         -0.1s C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Cookies\3H7FN6O7.txt
         -0.1s C:\Users\Fred\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H969PMGF\82[1].htm
         -0.1s C:\Users\Fred\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H969PMGF\82[1].htm
          0.0s C:\Users\Fred\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HMV45FUE\FRST64[1].exe
          0.0s C:\Users\Fred\Desktop\FRST64.exe
          0.0s C:\Users\Fred\Desktop\FRST64.exe
          0.0s C:\Users\Fred\Desktop\FRST64.exe
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
 
   C:\Users\Fred\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,113,536 bytes
      Age  . . . . . . . : 4.0 days (2014-10-29 18:18:20)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 7758534274AC29A1D166891B3BE3233C0DE70D991A14EF02C9F7A0AF46CC15B3
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Fred\Desktop\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\Fred\Desktop\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\Fred\Desktop\FRST-OlderVersion\FRST64.exe
 
   C:\Users\Fred\Desktop\FRST64.exe
      Size . . . . . . . : 2,114,560 bytes
      Age  . . . . . . . : 0.1 days (2014-11-02 16:15:49)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : C3D38BE8C0CEE5862472EC7449D3457C46591C186BC1B1426DE3A41F3B8BDDAE
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.1s C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Cookies\RHE45NJ8.txt
         -0.1s C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Cookies\RHE45NJ8.txt
         -0.1s C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Cookies\RHE45NJ8.txt
         -0.1s C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Cookies\RHE45NJ8.txt
         -0.1s C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Cookies\3H7FN6O7.txt
         -0.1s C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Cookies\3H7FN6O7.txt
         -0.1s C:\Users\Fred\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H969PMGF\82[1].htm
         -0.1s C:\Users\Fred\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H969PMGF\82[1].htm
         -0.0s C:\Users\Fred\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HMV45FUE\FRST64[1].exe
          0.0s C:\Users\Fred\Desktop\FRST64.exe
          0.0s C:\Users\Fred\Desktop\FRST64.exe
          0.0s C:\Users\Fred\Desktop\FRST64.exe
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
          2.5s C:\Users\Fred\Desktop\FRST-OlderVersion\
 
   C:\Users\Fred\Desktop\FSS.exe
      Size . . . . . . . : 415,232 bytes
      Age  . . . . . . . : 0.3 days (2014-11-02 09:15:47)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 149759CADFDF8C19A4104C7DB08BA490D33CFBD29785640385239087B79E1FD2
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
   C:\Users\Fred\Desktop\MiniToolBox.exe
      Size . . . . . . . : 401,920 bytes
      Age  . . . . . . . : 0.3 days (2014-11-02 09:57:32)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 55ADA329F40AC0E0F13EC464E56D09C12078ADEF021A934F059BCD3E962EC46E
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
          0.0s C:\Users\Fred\Desktop\MiniToolBox.exe
 
   C:\Users\Fred\Downloads\456091_intl_x64_zip (2).exe
      Size . . . . . . . : 1,685,576 bytes
      Age  . . . . . . . : 8.2 days (2014-10-25 12:48:04)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 4508A8B0462FF8A63F2AD857B65100E7483521D96B10329B997648F2B978EB9C
      Description
      Version  . . . . . : 1.3.2.6557
      RSA Key Size . . . : 2048
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 32.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Time indicates that the file appeared recently on this computer.
 
   C:\Users\Fred\Downloads\FitbitConnect_Win_20140519_1.0.3.5511 (2).exe
      Size . . . . . . . : 6,373,976 bytes
      Age  . . . . . . . : 19.0 days (2014-10-14 17:21:52)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 2657B3E508CFBB1913F29318FA700B18A8E54601F02BD852BBD0FD766E293F74
      RSA Key Size . . . : 2048
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 31.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         Program contains PE structure anomalies. This is not typical for most programs.
 
 
Malware remnants ____________________________________________________________
 
   C:\Users\Fred\AppData\Local\{756e6507-b2e7-ea72-16d5-a2b920c9e36d}\ (ZeroAccess)
   C:\Users\Fred\AppData\Local\{756e6507-b2e7-ea72-16d5-a2b920c9e36d}\L\ (ZeroAccess)
   C:\Users\Fred\AppData\Local\{756e6507-b2e7-ea72-16d5-a2b920c9e36d}\U\ (ZeroAccess)
   HKLM\SOFTWARE\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch)
   HKLM\SOFTWARE\Classes\Interface\{AAA9C380-E19A-4436-88F6-02942C31CC9E}\ (Adware.MyWebSearch)
   HKLM\SOFTWARE\Classes\Interface\{AAA9C381-E19A-4436-88F6-02942C31CC9E}\ (Adware.MyWebSearch)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{AAA9C380-E19A-4436-88F6-02942C31CC9E}\ (Adware.MyWebSearch)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{AAA9C381-E19A-4436-88F6-02942C31CC9E}\ (Adware.MyWebSearch)
 
Potential Unwanted Programs _________________________________________________
 
   HKLM\SOFTWARE\Classes\Interface\{34A117AD-7F43-4859-BF97-ADC46488953F}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{AA8714C4-294D-47FB-BCE0-BC12445CFBD4}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{34A117AD-7F43-4859-BF97-ADC46488953F}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{AA8714C4-294D-47FB-BCE0-BC12445CFBD4}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{f5827716-9540-492e-9e9a-9f18bb2e7912}\ (AskBar)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2ff49ed5-a3ef-410b-918e-97deceb5996d}\ (TelevisionFanatic)
   HKU\S-1-5-21-693924070-473334787-738800383-1002\Software\Microsoft\Internet Explorer\SearchScopes\{DE478A19-3A44-4637-B00A-E53F38CE0B8A}\ (Conduit)
   HKU\S-1-5-21-693924070-473334787-738800383-1002\Software\Microsoft\Internet Explorer\SearchScopes\{f5827716-9540-492e-9e9a-9f18bb2e7912}\ (AskBar)
 
Repairs _____________________________________________________________________
 
   Proxy server on this computer (User)
   localhost:21320
 
 
Cookies _____________________________________________________________________
 
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.al.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cleveland.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cpserve.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.masslive.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mlive.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.nj.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.nola.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.oregonlive.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pennlive.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.syracuse.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:asurioninsuranceservices.122.2o7.net
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:atlanticmedia.122.2o7.net
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:marketlive.122.2o7.net
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:marykay.122.2o7.net
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:network.realmedia.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:spencergifts.112.2o7.net
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.burstnet.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Fred (administrator) on SWANNPC on 02-11-2014 17:47:22
Running from C:\Users\Fred\Desktop
Loaded Profiles: Fred &  (Available profiles: Fred)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Advanced Micro Devices) C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe.bak
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
() C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9608224 2009-11-17] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [204048 2012-09-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1300672 2012-09-12] (Trend Micro Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe [8886592 2014-08-27] ()
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [66872 2012-02-06] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2521432 2013-11-14] (Juniper Networks, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-04-15] (Power Software Ltd)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-693924070-473334787-738800383-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-693924070-473334787-738800383-1002\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-693924070-473334787-738800383-1002\...\Run: [GoogleChromeAutoLaunch_A4965B78819F71963FB87671E75564A3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-21] (Google Inc.)
HKU\S-1-5-21-693924070-473334787-738800383-1002\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
Startup: C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-693924070-473334787-738800383-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {6C4E566F-CB3A-4345-8ECB-9ABFF6C7EE42} URL = http://www.google.com/search?q={searchTerms}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg.dll (Trend Micro Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: HKLM-x32 {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://viper.private.geico.com/dana-cached/sc/JuniperSetupClient.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
Tcpip\..\Interfaces\{51ABF2FF-E5A5-4CC5-9BDC-79C071D0152C}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9F68D0DB-E686-46FF-81E8-D05635602215}: [NameServer] 10.248.56.36,10.248.56.35
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin-x32: @PackageTracer_69.com/Plugin -> C:\Program Files (x86)\PackageTracer_69\bar\1.bin\NP69Stub.dll No File
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @rsa.com/WebID -> C:\Program Files (x86)\RSA SecurID Software Token\npsdclnt4.dll (RSA Security Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @nsroblox.roblox.com/launcher -> C:\Users\Fred\AppData\Local\Roblox\Versions\version-2c1f992c1a264ecc\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @nsroblox.roblox.com/launcher64 -> C:\Users\Fred\AppData\Local\Roblox\Versions\version-2c1f992c1a264ecc\\NPRobloxProxy64.dll ( ROBLOX Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Fred\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Fred\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Fred\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension [2012-09-12]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: No Name - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2012-09-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-09-13]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-04]
CHR Extension: (Google Cast) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-07-04]
CHR Extension: (Avast Online Security) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-12]
CHR Extension: (Google Wallet) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-04]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Fred\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-03-16] (AMD) [File not signed]
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-05-15] (Perfect World Entertainment Inc)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-12] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe [706864 2014-08-27] ()
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2009-08-14] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2009-08-14] (Alcatel-Lucent) [File not signed]
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 MySQL55; C:\ProgramData\MySQL\MySQL Server 5.5\my.ini [9177 2012-01-06] () [File not signed]
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-20] (Symantec Corporation)
S2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [126392 2011-09-29] (Symantec Corporation)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-12] ()
R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2014-08-21] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2014-08-21] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2014-08-21] (BitDefender)
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2014-07-10] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2014-07-10] (BitDefender LLC)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-07-10] (BitDefender LLC)
S3 HtcUsbMdmV64; C:\Windows\System32\DRIVERS\HtcUsbMdmV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 jnprna; C:\Windows\System32\DRIVERS\jnprna6.sys [522544 2013-10-28] (Juniper Networks)
S4 jnprTdi_801_41197; C:\Windows\system32\Drivers\jnprTdi_801_41197.sys [108336 2013-11-14] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [30072 2013-10-28] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2012-02-07] (Juniper Networks, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-02] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [91920 2012-09-12] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [167696 2012-09-12] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [70928 2012-09-12] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-09-12] (Trend Micro Inc.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-02 17:46 - 2014-11-02 17:46 - 00053606 _____ () C:\Users\Fred\Desktop\HitmanPro_20141102_1746.log
2014-11-02 17:37 - 2014-11-02 17:37 - 11222744 ____N (SurfRight B.V.) C:\Users\Fred\Desktop\HitmanPro_x64.exe
2014-11-02 17:36 - 2014-11-02 17:46 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-02 17:22 - 2014-11-02 17:22 - 00044556 _____ () C:\ComboFix.txt
2014-11-02 16:31 - 2014-10-23 07:38 - 05584933 ____R (Swearware) C:\Users\Fred\Desktop\ComboFix.exe
2014-11-02 16:17 - 2014-11-02 16:18 - 00051426 _____ () C:\Users\Fred\Desktop\Addition.txt
2014-11-02 16:16 - 2014-11-02 17:47 - 00030097 _____ () C:\Users\Fred\Desktop\FRST.txt
2014-11-02 16:15 - 2014-11-02 16:15 - 00000000 ____D () C:\Users\Fred\Desktop\FRST-OlderVersion
2014-11-02 14:46 - 2014-11-02 14:47 - 00014077 _____ () C:\Users\Fred\Desktop\attach.txt
2014-11-02 14:46 - 2014-11-02 14:45 - 00034592 _____ () C:\Users\Fred\Desktop\dds.txt
2014-11-02 14:39 - 2014-11-02 14:40 - 00688992 ____R (Swearware) C:\Users\Fred\Downloads\dds.com
2014-11-02 14:16 - 2014-11-02 14:15 - 01754248 ____N () C:\Users\Fred\Desktop\Adaware_Installer.exe
2014-11-02 12:57 - 2014-11-02 13:06 - 00002694 _____ () C:\Users\Fred\Desktop\Rkill.txt
2014-11-02 12:46 - 2014-11-02 12:08 - 01944824 ____N (Bleeping Computer, LLC) C:\Users\Fred\Desktop\rkill.exe
2014-11-02 12:16 - 2014-11-02 12:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-02 12:06 - 2014-11-02 12:46 - 00000000 ____D () C:\Users\Fred\Desktop\mbar
2014-11-02 12:05 - 2014-11-02 11:22 - 14349744 ____N (Malwarebytes Corp.) C:\Users\Fred\Desktop\mbar-1.07.0.1012.exe
2014-11-02 10:14 - 2014-11-02 15:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 10:12 - 2014-11-02 12:06 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-02 10:12 - 2014-11-02 10:12 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-02 10:12 - 2014-11-02 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-02 10:12 - 2014-11-02 10:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-02 10:12 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-02 10:12 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-02 10:04 - 2014-11-02 10:05 - 00045469 _____ () C:\Users\Fred\Desktop\Result.txt
2014-11-02 09:57 - 2014-11-02 08:57 - 00401920 ____N (Farbar) C:\Users\Fred\Desktop\MiniToolBox.exe
2014-11-02 09:16 - 2014-11-02 09:51 - 00002356 _____ () C:\Users\Fred\Desktop\FSS.txt
2014-11-02 09:15 - 2014-11-02 08:55 - 00415232 ____N (Farbar) C:\Users\Fred\Desktop\FSS.exe
2014-11-02 09:08 - 2014-11-02 09:08 - 00001505 _____ () C:\Users\Fred\Desktop\checkup.txt
2014-11-02 08:50 - 2014-11-02 08:48 - 00854448 ____N () C:\Users\Fred\Desktop\SecurityCheck.exe
2014-11-01 15:34 - 2014-11-01 15:34 - 00001094 _____ () C:\Users\Fred\Desktop\AdwCleaner[S1].txt
2014-11-01 15:29 - 2014-11-01 15:29 - 00241248 _____ (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\50846567.sys
2014-10-29 19:53 - 2014-10-29 19:53 - 00023014 _____ () C:\swissarmy.ref
2014-10-29 19:53 - 2014-10-29 19:53 - 00000314 _____ () C:\actions.ref
2014-10-29 19:11 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-29 19:11 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-29 19:11 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-29 19:11 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-29 19:11 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-29 19:11 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-29 19:11 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-29 19:11 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-29 19:11 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-29 19:11 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-29 19:11 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-29 19:11 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-29 19:11 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-29 19:11 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-29 19:11 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-29 19:11 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-29 19:11 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-29 19:11 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-29 19:11 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-29 19:11 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-29 19:11 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-29 19:11 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-29 19:11 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-29 19:11 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-29 19:11 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-29 19:11 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-29 19:11 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-29 19:11 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-29 19:11 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-29 19:11 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-29 19:11 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-29 19:11 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-29 19:11 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-29 19:11 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-29 19:11 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-29 19:11 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-29 19:11 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-29 19:11 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-29 19:11 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-29 19:11 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-29 19:11 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-29 19:11 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-29 19:11 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-29 19:11 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-29 19:11 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-29 19:11 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-29 19:11 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-29 19:11 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-29 19:11 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-29 19:11 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-29 19:11 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-29 19:11 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-29 19:11 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-29 19:11 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-29 19:11 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-29 19:11 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-29 18:28 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-29 18:25 - 2014-11-01 15:31 - 00000000 ____D () C:\AdwCleaner
2014-10-29 18:18 - 2014-11-02 16:15 - 02114560 _____ (Farbar) C:\Users\Fred\Desktop\FRST64.exe
2014-10-29 18:08 - 2014-11-02 17:47 - 00000000 ____D () C:\FRST
2014-10-29 18:01 - 2014-10-29 18:01 - 01087888 _____ () C:\Users\Fred\Downloads\FRST.exe
2014-10-27 14:38 - 2014-10-27 14:38 - 00001632 _____ () C:\Users\Fred\Downloads\Ethical Issues and Other Tips.html.zip
2014-10-27 14:37 - 2014-10-27 14:37 - 00000980 _____ () C:\Users\Fred\Downloads\Demographic Questions.html.zip
2014-10-27 14:36 - 2014-10-27 14:36 - 00001522 _____ () C:\Users\Fred\Downloads\Creating Composite Measures.html.zip
2014-10-27 14:34 - 2014-10-27 14:34 - 00001033 _____ () C:\Users\Fred\Downloads\Filters & Skips.html.zip
2014-10-27 14:33 - 2014-10-27 14:33 - 00001119 _____ () C:\Users\Fred\Downloads\Likert Question Scales.html.zip
2014-10-27 14:25 - 2014-10-27 14:25 - 00134689 _____ () C:\Users\Fred\Downloads\Writing Survey Questions.html.zip
2014-10-27 14:23 - 2014-10-27 14:23 - 00185352 _____ () C:\Users\Fred\Downloads\Basic Development Tips.html.zip
2014-10-27 14:17 - 2014-10-27 14:17 - 00002305 _____ () C:\Users\Fred\Downloads\Purposes & Features of Survey Research.html.zip
2014-10-25 12:48 - 2014-10-25 12:48 - 01685576 _____ () C:\Users\Fred\Downloads\456091_intl_x64_zip (2).exe
2014-10-25 12:46 - 2014-10-25 12:46 - 01662216 _____ () C:\Users\Fred\Downloads\456091_intl_x64_zip (1).exe
2014-10-25 12:45 - 2014-10-25 12:45 - 01665136 _____ () C:\Users\Fred\Downloads\456091_intl_x64_zip.exe
2014-10-23 23:34 - 2014-10-23 23:34 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-10-23 22:54 - 2014-10-23 22:54 - 01466056 _____ () C:\Users\Fred\Desktop\memtest86-iso-6.0b1.zip
2014-10-23 15:14 - 2014-10-23 15:14 - 00003676 _____ () C:\Windows\System32\Tasks\HP online update program
2014-10-23 15:05 - 2014-10-23 15:05 - 00002207 _____ () C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
2014-10-23 15:05 - 2014-10-23 15:05 - 00002193 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk
2014-10-23 15:05 - 2014-10-23 15:05 - 00002181 _____ () C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk
2014-10-23 15:05 - 2014-10-23 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014
2014-10-23 15:05 - 2014-07-16 09:24 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2014-10-23 15:05 - 2014-07-16 09:24 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2014-10-23 15:05 - 2014-07-16 09:24 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2014-10-23 15:04 - 2014-10-23 15:04 - 00000000 ____D () C:\Users\Fred\AppData\Local\TuneUp Software
2014-10-23 15:03 - 2014-10-23 15:05 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014
2014-10-23 15:01 - 2014-10-23 15:13 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-10-23 15:01 - 2014-10-23 15:07 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-10-23 08:32 - 2014-10-23 08:32 - 00000000 _____ () C:\Users\Fred\Downloads\install_flashplayer15x32ax_chrd_dn_awa_aih.exe.izbp9hg.partial
2014-10-23 08:02 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-23 08:02 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-23 08:02 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-23 08:02 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-23 08:02 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-23 08:02 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-23 08:02 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-23 08:02 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-23 07:45 - 2014-11-02 17:22 - 00000000 ____D () C:\Qoobox
2014-10-23 07:45 - 2014-10-23 08:25 - 00000000 ____D () C:\Windows\erdnt
2014-10-23 07:18 - 2014-11-02 17:10 - 00476542 _____ () C:\Windows\PFRO.log
2014-10-23 06:59 - 2014-10-23 06:59 - 19828376 ____N (Malwarebytes Corporation ) C:\Users\Fred\Desktop\mbam-setup-2.0.3.1025.exe
2014-10-22 15:02 - 2014-11-02 17:11 - 00001648 _____ () C:\Windows\setupact.log
2014-10-22 15:02 - 2014-10-22 15:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-21 23:45 - 2014-10-21 23:45 - 00008028 _____ () C:\Users\Fred\Documents\startup.txt
2014-10-21 23:31 - 2014-10-21 07:23 - 00000000 _____ () C:\Windows\system32\Drivers\etc\hosts.20141022-003134.backup
2014-10-21 23:23 - 2014-10-21 23:45 - 00002966 _____ () C:\Windows\System32\Tasks\{291BE3C8-0828-4AA3-A998-904FF980789F}
2014-10-21 23:23 - 2014-10-21 23:23 - 00002964 _____ () C:\Windows\System32\Tasks\{CCEFC72D-4B77-4B8B-89A0-4B39441F57B7}
2014-10-21 23:23 - 2014-10-21 23:23 - 00002964 _____ () C:\Windows\System32\Tasks\{3A31DB3C-9F56-45CC-AD77-90E763AE6A55}
2014-10-21 23:22 - 2014-10-21 23:22 - 00002964 _____ () C:\Windows\System32\Tasks\{F0B8D192-823A-4D16-AB6A-14CB3D8E76BA}
2014-10-21 23:22 - 2014-10-21 23:22 - 00002964 _____ () C:\Windows\System32\Tasks\{C5E446D0-D18E-49CF-92BE-11E42D8C9001}
2014-10-21 23:22 - 2014-10-21 23:22 - 00002964 _____ () C:\Windows\System32\Tasks\{8C4E2CD9-DE95-46AD-B980-2DD886852CF4}
2014-10-21 23:20 - 2014-10-23 15:00 - 28369720 ____N (TuneUp Software) C:\Users\Fred\Desktop\TuneUpUtilities2014_en-US.exe
2014-10-21 21:22 - 2014-10-21 21:22 - 00003904 _____ () C:\Users\Fred\Desktop\reset.bat
2014-10-15 02:38 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 02:38 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 02:38 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 02:38 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 02:38 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 02:38 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 02:38 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 02:38 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 02:38 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 02:38 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 02:38 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 02:38 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 02:38 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 02:38 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 02:38 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 02:38 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 02:38 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 02:38 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 02:38 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 02:38 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 02:38 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 02:38 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 02:38 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 02:38 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 02:38 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 02:38 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 02:38 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 02:38 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 02:38 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 02:38 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 02:38 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 02:38 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 02:38 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 02:38 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 02:38 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 02:33 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 02:33 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 02:33 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 02:33 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 02:33 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 02:33 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 02:33 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 02:33 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 02:33 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 02:33 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 02:33 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 02:33 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 02:33 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 02:33 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 02:33 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 02:33 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 01:47 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 01:47 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 01:47 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 01:47 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 01:47 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 01:47 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 01:47 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 01:42 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 01:42 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 01:42 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 01:37 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 01:37 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 01:37 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 01:37 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 01:32 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 01:32 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 17:21 - 2014-10-14 17:21 - 06373976 _____ () C:\Users\Fred\Downloads\FitbitConnect_Win_20140519_1.0.3.5511 (2).exe
2014-10-14 17:18 - 2014-10-14 17:21 - 06353536 _____ () C:\Users\Fred\Downloads\FitbitConnect_Win_20140519_1.0.3.5511 (1).exe
2014-10-14 17:11 - 2014-10-14 17:11 - 00002992 _____ () C:\Windows\System32\Tasks\{DE64953D-43C2-4BB0-A5D0-AB14505B4169}
2014-10-14 17:11 - 2014-10-14 17:11 - 00002992 _____ () C:\Windows\System32\Tasks\{B607F179-5654-4494-9568-FFA12E537BBD}
2014-10-14 17:10 - 2014-10-14 17:10 - 00002992 _____ () C:\Windows\System32\Tasks\{A997AC0B-19AB-44CD-B0F8-B52746C1DBCB}
2014-10-14 17:10 - 2014-10-14 17:10 - 00002992 _____ () C:\Windows\System32\Tasks\{A547A810-D8A8-40D1-9FC0-C372AC29DE98}
2014-10-14 17:04 - 2014-10-14 17:06 - 06336016 _____ (Fitbit Inc.) C:\Users\Fred\Downloads\FitbitConnect_Win_20140519_1.0.3.5511.exe
2014-10-14 15:16 - 2014-10-14 15:16 - 00035898 _____ () C:\Users\Fred\Downloads\Criminology Mid-Term.odt
2014-10-08 22:34 - 2014-10-08 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-08 22:34 - 2014-10-08 22:34 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-10-08 22:34 - 2014-10-08 22:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-10-08 22:15 - 2014-10-08 22:15 - 00000000 ____D () C:\Users\Fred\AppData\Local\Juniper Networks
2014-10-08 22:07 - 2014-10-23 07:21 - 00000000 ____D () C:\Users\Fred\AppData\Local\LogMeIn Rescue Applet
2014-10-08 20:53 - 2014-10-08 21:03 - 00000000 ____D () C:\Windows\system32\CatRoot2.old
2014-10-07 18:00 - 2014-10-07 18:00 - 00003164 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry
2014-10-05 22:15 - 2014-10-05 22:15 - 00001029 _____ () C:\Users\Fred\Desktop\Free Window Registry Repair.lnk
2014-10-05 22:14 - 2014-10-05 22:14 - 00000000 _____ () C:\Users\Fred\Downloads\ccsetup418.exe.tr4c49m.partial
2014-10-05 22:13 - 2014-10-05 22:13 - 00000000 _____ () C:\Users\Fred\Downloads\spsetup126.exe.jgv141a.partial
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-02 17:28 - 2014-03-23 11:55 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-693924070-473334787-738800383-1002UA.job
2014-11-02 17:27 - 2014-10-01 19:40 - 00004966 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for SwannPC-Fred SwannPC
2014-11-02 17:23 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 17:23 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 17:20 - 2009-07-14 00:13 - 00798342 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 17:16 - 2013-10-24 16:26 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-11-02 17:15 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-02 17:13 - 2013-10-30 20:36 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-02 17:13 - 2012-05-20 10:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-02 17:13 - 2011-11-04 13:54 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-11-02 17:13 - 2011-11-04 13:54 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-11-02 17:13 - 2011-11-04 13:21 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-11-02 17:12 - 2011-11-04 13:22 - 00000000 ____D () C:\Temp
2014-11-02 17:11 - 2011-11-27 17:11 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-02 17:11 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 17:10 - 2011-11-04 14:55 - 01092393 _____ () C:\Windows\WindowsUpdate.log
2014-11-02 16:54 - 2011-11-27 17:11 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-02 14:04 - 2012-02-22 23:29 - 00000000 ___RD () C:\Users\Fred\Dropbox
2014-11-02 14:04 - 2012-02-22 23:24 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\Dropbox
2014-11-02 14:01 - 2012-12-20 09:24 - 00000000 ___RD () C:\Users\Fred\Google Drive
2014-11-02 14:01 - 2012-09-13 18:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-02 12:49 - 2012-06-20 09:53 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E87F7EB1-13F8-49F6-9245-8EC980D00492}
2014-11-02 02:00 - 2014-08-20 16:36 - 00000000 ____D () C:\Users\Fred\AppData\Local\Adobe
2014-11-01 21:11 - 2012-09-13 09:41 - 00000000 ____D () C:\Users\Fred\AppData\Local\CrashDumps
2014-11-01 20:30 - 2014-03-23 11:55 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-693924070-473334787-738800383-1002Core.job
2014-11-01 17:12 - 2011-11-28 16:26 - 00002068 ____H () C:\Users\Fred\Documents\Default.rdp
2014-11-01 17:09 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-31 18:00 - 2012-08-23 10:06 - 00003488 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-10-30 17:17 - 2013-10-17 14:27 - 00000000 ____D () C:\Users\Fred\Desktop\Desktop Icons
2014-10-30 17:17 - 2013-06-23 10:09 - 00000000 ____D () C:\Users\Fred\Desktop\Apps & Icons
2014-10-29 23:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-29 20:12 - 2014-05-02 23:20 - 00000000 ___RD () C:\Users\Fred\Desktop\Camera Uploads
2014-10-29 20:05 - 2012-03-03 18:30 - 00000000 ____D () C:\Users\Fred\AppData\Local\Unity
2014-10-28 05:34 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-25 13:24 - 2014-07-04 12:56 - 00000000 ____D () C:\Warcraft III
2014-10-23 15:14 - 2013-01-02 23:35 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-10-23 15:14 - 2013-01-02 23:35 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe online update program
2014-10-23 15:14 - 2013-01-02 19:20 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon
2014-10-23 15:14 - 2012-12-25 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTech
2014-10-23 15:13 - 2013-05-06 16:07 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\HpUpdate
2014-10-23 15:13 - 2013-01-02 23:30 - 00000000 __SHD () C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2014-10-23 15:13 - 2012-12-25 09:16 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Polaroid Instant Memories
2014-10-23 15:13 - 2012-09-12 15:44 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium 2012
2014-10-23 15:13 - 2012-08-13 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor 7
2014-10-23 15:13 - 2012-02-06 20:08 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2014-10-23 15:11 - 2014-07-29 10:35 - 00001463 _____ () C:\Users\Fred\Desktop\Swann-Birth Certificate GC&SU - Shortcut.lnk
2014-10-23 15:04 - 2013-01-02 10:53 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\TuneUp Software
2014-10-23 08:28 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-10-23 07:18 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\addins
2014-10-23 07:16 - 2013-09-04 07:06 - 00000000 ____D () C:\Users\Fred\AppData\Local\CRE
2014-10-23 07:00 - 2013-09-10 17:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-21 23:44 - 2013-12-27 22:01 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-21 22:38 - 2012-10-22 16:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-21 21:52 - 2014-06-18 19:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-21 20:41 - 2013-07-28 08:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-21 20:36 - 2011-11-12 01:09 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-19 07:49 - 2011-11-27 17:11 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 07:49 - 2011-11-27 17:11 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 20:23 - 2014-03-23 11:55 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-693924070-473334787-738800383-1002UA
2014-10-17 20:23 - 2014-03-23 11:55 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-693924070-473334787-738800383-1002Core
2014-10-16 02:27 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-16 02:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 02:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-16 02:02 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-15 02:24 - 2009-07-13 23:45 - 05110464 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 02:18 - 2014-04-30 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-14 07:31 - 2011-11-09 14:40 - 00000000 ____D () C:\Users\Fred\AppData\Local\Nero
2014-10-12 11:59 - 2012-02-22 23:29 - 00000000 ____D () C:\Users\Fred\Desktop\Photos
2014-10-10 19:21 - 2011-11-09 14:26 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\Adobe
2014-10-08 22:45 - 2012-12-18 18:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-08 20:57 - 2012-05-20 10:09 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-08 20:57 - 2012-05-20 10:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-08 20:57 - 2011-11-04 13:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-08 20:26 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\CatRoot2_2014108214951
2014-10-08 13:42 - 2011-11-11 02:10 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-10-05 22:34 - 2014-05-12 13:46 - 00000000 ____D () C:\Users\TEMP
2014-10-05 22:32 - 2011-11-09 14:32 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\uTorrent
2014-10-05 22:15 - 2013-02-04 08:54 - 00000000 ____D () C:\Program Files (x86)\Free Window Registry Repair
2014-10-05 22:03 - 2012-09-07 14:48 - 00000000 ____D () C:\Program Files (x86)\Norton PC Checkup 3.0
 
ZeroAccess:
C:\Users\Fred\AppData\Local\{756e6507-b2e7-ea72-16d5-a2b920c9e36d}
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-25 23:57
 
==================== End Of Log ============================


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:41 PM

Posted 03 November 2014 - 04:02 AM

Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   1.82KB   5 downloads


Step 2

emsisoft_emergency_kit.pnglogo.png
  • Download EEK and extract the contents to C:\
  • Double-click the desktop-shortcut to start the tool.
  • Click in the following update-screen "Yes" to obtain the latest malware definitions.
  • Once the update is complete click "Scan".
  • Enable "PUPs" detection (1) and click on "Full Scan" (2).
  • If adware/malware was detected, make sure to check all the items and click "Quarantine selected" (1) and afterwards "view report" (2).
  • Please paste the content of the report in your next reply.
EKK.gif


Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 Fredlo

Fredlo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 03 November 2014 - 04:00 PM

I accidentally ran the fixlist for FRST without admin privileges. I then ran it again as an admin, so the log will look strange. Sorry is that messes up the repair process.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Fred at 2014-11-03 06:54:23 Run:2
Running from C:\Users\Fred\Desktop
Loaded Profiles: Fred &  (Available profiles: Fred)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-693924070-473334787-738800383-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @PackageTracer_69.com/Plugin -> C:\Program Files (x86)\PackageTracer_69\bar\1.bin\NP69Stub.dll No File
C:\Users\Fred\AppData\Local\{756e6507-b2e7-ea72-16d5-a2b920c9e36d}
 
*****************
 
"HKCU\SOFTWARE\Policies\Google" => Key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key not found.
"HKU\S-1-5-21-693924070-473334787-738800383-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{f5827716-9540-492e-9e9a-9f18bb2e7912}" => Key not found.
"HKCR\Wow6432Node\CLSID\{f5827716-9540-492e-9e9a-9f18bb2e7912}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD292841-3B1A-4ACF-8E83-6E3C87EB8519}" => Key not found.
"HKCR\CLSID\{AD292841-3B1A-4ACF-8E83-6E3C87EB8519}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DE478A19-3A44-4637-B00A-E53F38CE0B8A}" => Key not found.
"HKCR\CLSID\{DE478A19-3A44-4637-B00A-E53F38CE0B8A}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{f5827716-9540-492e-9e9a-9f18bb2e7912}" => Key not found.
"HKCR\CLSID\{f5827716-9540-492e-9e9a-9f18bb2e7912}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Value not found.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Value not found.
"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
"HKCR\PROTOCOLS\Handler\cozi" => Key not found.
"HKCR\CLSID\{5356518D-FE9C-4E08-9C1F-1E872ECD367F}" => Key not found.
"HKCR\PROTOCOLS\Handler\skype-ie-addon-data" => Key not found.
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@PackageTracer_69.com/Plugin" => Key not found.
"C:\Users\Fred\AppData\Local\{756e6507-b2e7-ea72-16d5-a2b920c9e36d}" => File/Directory not found.
 
==== End of Fixlog ====
 
Emsisoft Emergency Kit - Version 9.0
Last update: 11/3/2014 7:00:00 AM
User account: SwannPC\Fred
 
Scan settings:
 
Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 11/3/2014 7:00:34 AM
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free window registry repair detected: Application.AdStart (A)
C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\free window registry repair detected: Application.AdStart (A)
C:\Users\Fred\AppData\Local\cre detected: Application.AppInstall (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
C:\Users\Fred\Downloads\cbsidlm-tr1_10a-Free_Window_Registry_Repair-SEO-10606555.exe detected: Application.InstallAd (A)
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Fred (administrator) on SWANNPC on 03-11-2014 15:58:41
Running from C:\Users\Fred\Desktop
Loaded Profile: Fred (Available profiles: Fred)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Advanced Micro Devices) C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe.bak
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
() C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Emsisoft GmbH) C:\EEK\bin\a2emergencykit.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe
(Juniper Networks, Inc.) C:\Users\Fred\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9608224 2009-11-17] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [204048 2012-09-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1300672 2012-09-12] (Trend Micro Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe [8886592 2014-08-27] ()
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [66872 2012-02-06] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2521432 2013-11-14] (Juniper Networks, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-04-15] (Power Software Ltd)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-693924070-473334787-738800383-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-693924070-473334787-738800383-1002\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-693924070-473334787-738800383-1002\...\Run: [GoogleChromeAutoLaunch_A4965B78819F71963FB87671E75564A3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-21] (Google Inc.)
HKU\S-1-5-21-693924070-473334787-738800383-1002\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
Startup: C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {6C4E566F-CB3A-4345-8ECB-9ABFF6C7EE42} URL = http://www.google.com/search?q={searchTerms}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg.dll (Trend Micro Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: HKLM-x32 {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://viper.private.geico.com/dana-cached/sc/JuniperSetupClient.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
Tcpip\..\Interfaces\{51ABF2FF-E5A5-4CC5-9BDC-79C071D0152C}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9F68D0DB-E686-46FF-81E8-D05635602215}: [NameServer] 10.248.56.36,10.248.56.35
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @rsa.com/WebID -> C:\Program Files (x86)\RSA SecurID Software Token\npsdclnt4.dll (RSA Security Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @nsroblox.roblox.com/launcher -> C:\Users\Fred\AppData\Local\Roblox\Versions\version-2c1f992c1a264ecc\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @nsroblox.roblox.com/launcher64 -> C:\Users\Fred\AppData\Local\Roblox\Versions\version-2c1f992c1a264ecc\\NPRobloxProxy64.dll ( ROBLOX Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Fred\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Fred\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Fred\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension [2012-09-12]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: No Name - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2012-09-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-09-13]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-04]
CHR Extension: (Google Cast) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-07-04]
CHR Extension: (Avast Online Security) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-12]
CHR Extension: (Google Wallet) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-04]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Fred\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-03-16] (AMD) [File not signed]
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-05-15] (Perfect World Entertainment Inc)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-12] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe [706864 2014-08-27] ()
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2009-08-14] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2009-08-14] (Alcatel-Lucent) [File not signed]
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 MySQL55; C:\ProgramData\MySQL\MySQL Server 5.5\my.ini [9177 2012-01-06] () [File not signed]
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-20] (Symantec Corporation)
S2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [126392 2011-09-29] (Symantec Corporation)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-11-03] (Emsisoft GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-12] ()
R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2014-08-21] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2014-08-21] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2014-08-21] (BitDefender)
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2014-07-10] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2014-07-10] (BitDefender LLC)
R3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-11-03] (Emsisoft GmbH)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-07-10] (BitDefender LLC)
S3 HtcUsbMdmV64; C:\Windows\System32\DRIVERS\HtcUsbMdmV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 jnprna; C:\Windows\System32\DRIVERS\jnprna6.sys [522544 2013-10-28] (Juniper Networks)
S4 jnprTdi_801_41197; C:\Windows\system32\Drivers\jnprTdi_801_41197.sys [108336 2013-11-14] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [30072 2013-10-28] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2012-02-07] (Juniper Networks, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-02] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [91920 2012-09-12] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [167696 2012-09-12] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [70928 2012-09-12] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-09-12] (Trend Micro Inc.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-03 06:58 - 2014-11-03 06:58 - 00000745 _____ () C:\Users\Fred\Desktop\Start Emsisoft Emergency Kit.lnk
2014-11-03 06:58 - 2014-11-03 06:58 - 00000000 ____D () C:\EEK
2014-11-03 06:57 - 2014-11-03 06:57 - 154930968 _____ () C:\EmsisoftEmergencyKit.exe
2014-11-02 17:46 - 2014-11-02 17:46 - 00053606 _____ () C:\Users\Fred\Desktop\HitmanPro_20141102_1746.log
2014-11-02 17:37 - 2014-11-02 17:37 - 11222744 ____N (SurfRight B.V.) C:\Users\Fred\Desktop\HitmanPro_x64.exe
2014-11-02 17:36 - 2014-11-02 17:46 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-02 17:22 - 2014-11-02 17:22 - 00044556 _____ () C:\ComboFix.txt
2014-11-02 16:31 - 2014-10-23 07:38 - 05584933 ____R (Swearware) C:\Users\Fred\Desktop\ComboFix.exe
2014-11-02 16:17 - 2014-11-02 16:18 - 00051426 _____ () C:\Users\Fred\Desktop\Addition.txt
2014-11-02 16:16 - 2014-11-03 15:58 - 00028648 _____ () C:\Users\Fred\Desktop\FRST.txt
2014-11-02 16:15 - 2014-11-02 16:15 - 00000000 ____D () C:\Users\Fred\Desktop\FRST-OlderVersion
2014-11-02 14:46 - 2014-11-02 14:47 - 00014077 _____ () C:\Users\Fred\Desktop\attach.txt
2014-11-02 14:46 - 2014-11-02 14:45 - 00034592 _____ () C:\Users\Fred\Desktop\dds.txt
2014-11-02 14:39 - 2014-11-02 14:40 - 00688992 ____R (Swearware) C:\Users\Fred\Downloads\dds.com
2014-11-02 14:16 - 2014-11-02 14:15 - 01754248 ____N () C:\Users\Fred\Desktop\Adaware_Installer.exe
2014-11-02 12:57 - 2014-11-02 13:06 - 00002694 _____ () C:\Users\Fred\Desktop\Rkill.txt
2014-11-02 12:46 - 2014-11-02 12:08 - 01944824 ____N (Bleeping Computer, LLC) C:\Users\Fred\Desktop\rkill.exe
2014-11-02 12:16 - 2014-11-02 12:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-02 12:06 - 2014-11-02 12:46 - 00000000 ____D () C:\Users\Fred\Desktop\mbar
2014-11-02 12:05 - 2014-11-02 11:22 - 14349744 ____N (Malwarebytes Corp.) C:\Users\Fred\Desktop\mbar-1.07.0.1012.exe
2014-11-02 10:14 - 2014-11-02 15:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 10:12 - 2014-11-02 12:06 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-02 10:12 - 2014-11-02 10:12 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-02 10:12 - 2014-11-02 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-02 10:12 - 2014-11-02 10:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-02 10:12 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-02 10:12 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-02 10:04 - 2014-11-02 10:05 - 00045469 _____ () C:\Users\Fred\Desktop\Result.txt
2014-11-02 09:57 - 2014-11-02 08:57 - 00401920 ____N (Farbar) C:\Users\Fred\Desktop\MiniToolBox.exe
2014-11-02 09:16 - 2014-11-02 09:51 - 00002356 _____ () C:\Users\Fred\Desktop\FSS.txt
2014-11-02 09:15 - 2014-11-02 08:55 - 00415232 ____N (Farbar) C:\Users\Fred\Desktop\FSS.exe
2014-11-02 09:08 - 2014-11-02 09:08 - 00001505 _____ () C:\Users\Fred\Desktop\checkup.txt
2014-11-02 08:50 - 2014-11-02 08:48 - 00854448 ____N () C:\Users\Fred\Desktop\SecurityCheck.exe
2014-11-01 15:34 - 2014-11-01 15:34 - 00001094 _____ () C:\Users\Fred\Desktop\AdwCleaner[S1].txt
2014-11-01 15:29 - 2014-11-01 15:29 - 00241248 _____ (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\50846567.sys
2014-10-29 19:53 - 2014-10-29 19:53 - 00023014 _____ () C:\swissarmy.ref
2014-10-29 19:53 - 2014-10-29 19:53 - 00000314 _____ () C:\actions.ref
2014-10-29 19:11 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-29 19:11 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-29 19:11 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-29 19:11 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-29 19:11 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-29 19:11 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-29 19:11 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-29 19:11 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-29 19:11 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-29 19:11 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-29 19:11 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-29 19:11 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-29 19:11 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-29 19:11 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-29 19:11 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-29 19:11 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-29 19:11 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-29 19:11 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-29 19:11 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-29 19:11 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-29 19:11 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-29 19:11 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-29 19:11 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-29 19:11 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-29 19:11 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-29 19:11 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-29 19:11 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-29 19:11 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-29 19:11 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-29 19:11 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-29 19:11 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-29 19:11 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-29 19:11 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-29 19:11 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-29 19:11 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-29 19:11 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-29 19:11 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-29 19:11 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-29 19:11 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-29 19:11 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-29 19:11 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-29 19:11 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-29 19:11 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-29 19:11 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-29 19:11 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-29 19:11 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-29 19:11 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-29 19:11 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-29 19:11 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-29 19:11 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-29 19:11 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-29 19:11 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-29 19:11 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-29 19:11 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-29 19:11 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-29 19:11 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-29 18:28 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-29 18:25 - 2014-11-01 15:31 - 00000000 ____D () C:\AdwCleaner
2014-10-29 18:18 - 2014-11-02 16:15 - 02114560 _____ (Farbar) C:\Users\Fred\Desktop\FRST64.exe
2014-10-29 18:08 - 2014-11-03 15:58 - 00000000 ____D () C:\FRST
2014-10-29 18:01 - 2014-10-29 18:01 - 01087888 _____ () C:\Users\Fred\Downloads\FRST.exe
2014-10-27 14:38 - 2014-10-27 14:38 - 00001632 _____ () C:\Users\Fred\Downloads\Ethical Issues and Other Tips.html.zip
2014-10-27 14:37 - 2014-10-27 14:37 - 00000980 _____ () C:\Users\Fred\Downloads\Demographic Questions.html.zip
2014-10-27 14:36 - 2014-10-27 14:36 - 00001522 _____ () C:\Users\Fred\Downloads\Creating Composite Measures.html.zip
2014-10-27 14:34 - 2014-10-27 14:34 - 00001033 _____ () C:\Users\Fred\Downloads\Filters & Skips.html.zip
2014-10-27 14:33 - 2014-10-27 14:33 - 00001119 _____ () C:\Users\Fred\Downloads\Likert Question Scales.html.zip
2014-10-27 14:25 - 2014-10-27 14:25 - 00134689 _____ () C:\Users\Fred\Downloads\Writing Survey Questions.html.zip
2014-10-27 14:23 - 2014-10-27 14:23 - 00185352 _____ () C:\Users\Fred\Downloads\Basic Development Tips.html.zip
2014-10-27 14:17 - 2014-10-27 14:17 - 00002305 _____ () C:\Users\Fred\Downloads\Purposes & Features of Survey Research.html.zip
2014-10-25 12:48 - 2014-10-25 12:48 - 01685576 _____ () C:\Users\Fred\Downloads\456091_intl_x64_zip (2).exe
2014-10-25 12:46 - 2014-10-25 12:46 - 01662216 _____ () C:\Users\Fred\Downloads\456091_intl_x64_zip (1).exe
2014-10-25 12:45 - 2014-10-25 12:45 - 01665136 _____ () C:\Users\Fred\Downloads\456091_intl_x64_zip.exe
2014-10-23 23:34 - 2014-10-23 23:34 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-10-23 22:54 - 2014-10-23 22:54 - 01466056 _____ () C:\Users\Fred\Desktop\memtest86-iso-6.0b1.zip
2014-10-23 15:14 - 2014-10-23 15:14 - 00003676 _____ () C:\Windows\System32\Tasks\HP online update program
2014-10-23 15:05 - 2014-10-23 15:05 - 00002207 _____ () C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
2014-10-23 15:05 - 2014-10-23 15:05 - 00002193 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk
2014-10-23 15:05 - 2014-10-23 15:05 - 00002181 _____ () C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk
2014-10-23 15:05 - 2014-10-23 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014
2014-10-23 15:05 - 2014-07-16 09:24 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2014-10-23 15:05 - 2014-07-16 09:24 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2014-10-23 15:05 - 2014-07-16 09:24 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2014-10-23 15:04 - 2014-10-23 15:04 - 00000000 ____D () C:\Users\Fred\AppData\Local\TuneUp Software
2014-10-23 15:03 - 2014-10-23 15:05 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014
2014-10-23 15:01 - 2014-10-23 15:13 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-10-23 15:01 - 2014-10-23 15:07 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-10-23 08:32 - 2014-10-23 08:32 - 00000000 _____ () C:\Users\Fred\Downloads\install_flashplayer15x32ax_chrd_dn_awa_aih.exe.izbp9hg.partial
2014-10-23 08:02 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-23 08:02 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-23 08:02 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-23 08:02 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-23 08:02 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-23 08:02 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-23 08:02 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-23 08:02 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-23 07:45 - 2014-11-02 17:22 - 00000000 ____D () C:\Qoobox
2014-10-23 07:45 - 2014-10-23 08:25 - 00000000 ____D () C:\Windows\erdnt
2014-10-23 07:18 - 2014-11-02 17:10 - 00476542 _____ () C:\Windows\PFRO.log
2014-10-23 06:59 - 2014-10-23 06:59 - 19828376 ____N (Malwarebytes Corporation ) C:\Users\Fred\Desktop\mbam-setup-2.0.3.1025.exe
2014-10-22 15:02 - 2014-11-02 17:11 - 00001648 _____ () C:\Windows\setupact.log
2014-10-22 15:02 - 2014-10-22 15:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-21 23:45 - 2014-10-21 23:45 - 00008028 _____ () C:\Users\Fred\Documents\startup.txt
2014-10-21 23:31 - 2014-10-21 07:23 - 00000000 _____ () C:\Windows\system32\Drivers\etc\hosts.20141022-003134.backup
2014-10-21 23:23 - 2014-10-21 23:45 - 00002966 _____ () C:\Windows\System32\Tasks\{291BE3C8-0828-4AA3-A998-904FF980789F}
2014-10-21 23:23 - 2014-10-21 23:23 - 00002964 _____ () C:\Windows\System32\Tasks\{CCEFC72D-4B77-4B8B-89A0-4B39441F57B7}
2014-10-21 23:23 - 2014-10-21 23:23 - 00002964 _____ () C:\Windows\System32\Tasks\{3A31DB3C-9F56-45CC-AD77-90E763AE6A55}
2014-10-21 23:22 - 2014-10-21 23:22 - 00002964 _____ () C:\Windows\System32\Tasks\{F0B8D192-823A-4D16-AB6A-14CB3D8E76BA}
2014-10-21 23:22 - 2014-10-21 23:22 - 00002964 _____ () C:\Windows\System32\Tasks\{C5E446D0-D18E-49CF-92BE-11E42D8C9001}
2014-10-21 23:22 - 2014-10-21 23:22 - 00002964 _____ () C:\Windows\System32\Tasks\{8C4E2CD9-DE95-46AD-B980-2DD886852CF4}
2014-10-21 23:20 - 2014-10-23 15:00 - 28369720 ____N (TuneUp Software) C:\Users\Fred\Desktop\TuneUpUtilities2014_en-US.exe
2014-10-21 21:22 - 2014-10-21 21:22 - 00003904 _____ () C:\Users\Fred\Desktop\reset.bat
2014-10-15 02:38 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 02:38 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 02:38 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 02:38 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 02:38 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 02:38 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 02:38 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 02:38 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 02:38 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 02:38 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 02:38 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 02:38 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 02:38 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 02:38 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 02:38 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 02:38 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 02:38 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 02:38 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 02:38 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 02:38 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 02:38 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 02:38 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 02:38 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 02:38 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 02:38 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 02:38 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 02:38 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 02:38 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 02:38 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 02:38 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 02:38 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 02:38 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 02:38 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 02:38 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 02:38 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 02:38 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 02:38 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 02:33 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 02:33 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 02:33 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 02:33 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 02:33 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 02:33 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 02:33 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 02:33 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 02:33 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 02:33 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 02:33 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 02:33 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 02:33 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 02:33 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 02:33 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 02:33 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 01:47 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 01:47 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 01:47 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 01:47 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 01:47 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 01:47 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 01:47 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 01:42 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 01:42 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 01:42 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 01:37 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 01:37 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 01:37 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 01:37 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 01:32 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 01:32 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 17:21 - 2014-10-14 17:21 - 06373976 _____ () C:\Users\Fred\Downloads\FitbitConnect_Win_20140519_1.0.3.5511 (2).exe
2014-10-14 17:18 - 2014-10-14 17:21 - 06353536 _____ () C:\Users\Fred\Downloads\FitbitConnect_Win_20140519_1.0.3.5511 (1).exe
2014-10-14 17:11 - 2014-10-14 17:11 - 00002992 _____ () C:\Windows\System32\Tasks\{DE64953D-43C2-4BB0-A5D0-AB14505B4169}
2014-10-14 17:11 - 2014-10-14 17:11 - 00002992 _____ () C:\Windows\System32\Tasks\{B607F179-5654-4494-9568-FFA12E537BBD}
2014-10-14 17:10 - 2014-10-14 17:10 - 00002992 _____ () C:\Windows\System32\Tasks\{A997AC0B-19AB-44CD-B0F8-B52746C1DBCB}
2014-10-14 17:10 - 2014-10-14 17:10 - 00002992 _____ () C:\Windows\System32\Tasks\{A547A810-D8A8-40D1-9FC0-C372AC29DE98}
2014-10-14 17:04 - 2014-10-14 17:06 - 06336016 _____ (Fitbit Inc.) C:\Users\Fred\Downloads\FitbitConnect_Win_20140519_1.0.3.5511.exe
2014-10-14 15:16 - 2014-10-14 15:16 - 00035898 _____ () C:\Users\Fred\Downloads\Criminology Mid-Term.odt
2014-10-08 22:34 - 2014-10-08 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-08 22:34 - 2014-10-08 22:34 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-10-08 22:34 - 2014-10-08 22:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-10-08 22:15 - 2014-10-08 22:15 - 00000000 ____D () C:\Users\Fred\AppData\Local\Juniper Networks
2014-10-08 22:07 - 2014-10-23 07:21 - 00000000 ____D () C:\Users\Fred\AppData\Local\LogMeIn Rescue Applet
2014-10-08 20:53 - 2014-10-08 21:03 - 00000000 ____D () C:\Windows\system32\CatRoot2.old
2014-10-07 18:00 - 2014-10-07 18:00 - 00003164 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry
2014-10-05 22:15 - 2014-10-05 22:15 - 00001029 _____ () C:\Users\Fred\Desktop\Free Window Registry Repair.lnk
2014-10-05 22:14 - 2014-10-05 22:14 - 00000000 _____ () C:\Users\Fred\Downloads\ccsetup418.exe.tr4c49m.partial
2014-10-05 22:13 - 2014-10-05 22:13 - 00000000 _____ () C:\Users\Fred\Downloads\spsetup126.exe.jgv141a.partial
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-03 15:54 - 2014-10-01 19:40 - 00004966 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for SwannPC-Fred SwannPC
2014-11-03 15:54 - 2011-11-27 17:11 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-03 15:53 - 2012-06-20 09:53 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E87F7EB1-13F8-49F6-9245-8EC980D00492}
2014-11-03 15:28 - 2014-03-23 11:55 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-693924070-473334787-738800383-1002UA.job
2014-11-03 15:12 - 2012-05-20 10:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-03 10:05 - 2013-05-06 16:07 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\HpUpdate
2014-11-03 08:54 - 2011-11-27 17:11 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-03 03:00 - 2011-11-04 14:55 - 01107603 _____ () C:\Windows\WindowsUpdate.log
2014-11-03 02:00 - 2014-08-20 16:36 - 00000000 ____D () C:\Users\Fred\AppData\Local\Adobe
2014-11-02 21:28 - 2014-03-23 11:55 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-693924070-473334787-738800383-1002Core.job
2014-11-02 17:23 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 17:23 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 17:20 - 2009-07-14 00:13 - 00798342 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 17:16 - 2013-10-24 16:26 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-11-02 17:15 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-02 17:13 - 2013-10-30 20:36 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-02 17:13 - 2011-11-04 13:54 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-11-02 17:13 - 2011-11-04 13:54 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-11-02 17:13 - 2011-11-04 13:21 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-11-02 17:12 - 2011-11-04 13:22 - 00000000 ____D () C:\Temp
2014-11-02 17:11 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 14:04 - 2012-02-22 23:29 - 00000000 ___RD () C:\Users\Fred\Dropbox
2014-11-02 14:04 - 2012-02-22 23:24 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\Dropbox
2014-11-02 14:01 - 2012-12-20 09:24 - 00000000 ___RD () C:\Users\Fred\Google Drive
2014-11-02 14:01 - 2012-09-13 18:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-01 21:11 - 2012-09-13 09:41 - 00000000 ____D () C:\Users\Fred\AppData\Local\CrashDumps
2014-11-01 17:12 - 2011-11-28 16:26 - 00002068 ____H () C:\Users\Fred\Documents\Default.rdp
2014-11-01 17:09 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-31 18:00 - 2012-08-23 10:06 - 00003488 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-10-30 17:17 - 2013-10-17 14:27 - 00000000 ____D () C:\Users\Fred\Desktop\Desktop Icons
2014-10-30 17:17 - 2013-06-23 10:09 - 00000000 ____D () C:\Users\Fred\Desktop\Apps & Icons
2014-10-29 23:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-29 20:12 - 2014-05-02 23:20 - 00000000 ___RD () C:\Users\Fred\Desktop\Camera Uploads
2014-10-29 20:05 - 2012-03-03 18:30 - 00000000 ____D () C:\Users\Fred\AppData\Local\Unity
2014-10-28 05:34 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-25 13:24 - 2014-07-04 12:56 - 00000000 ____D () C:\Warcraft III
2014-10-23 15:14 - 2013-01-02 23:35 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-10-23 15:14 - 2013-01-02 23:35 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe online update program
2014-10-23 15:14 - 2013-01-02 19:20 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon
2014-10-23 15:14 - 2012-12-25 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTech
2014-10-23 15:13 - 2013-01-02 23:30 - 00000000 __SHD () C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2014-10-23 15:13 - 2012-12-25 09:16 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Polaroid Instant Memories
2014-10-23 15:13 - 2012-09-12 15:44 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium 2012
2014-10-23 15:13 - 2012-08-13 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor 7
2014-10-23 15:13 - 2012-02-06 20:08 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2014-10-23 15:11 - 2014-07-29 10:35 - 00001463 _____ () C:\Users\Fred\Desktop\Swann-Birth Certificate GC&SU - Shortcut.lnk
2014-10-23 15:04 - 2013-01-02 10:53 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\TuneUp Software
2014-10-23 08:28 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-10-23 07:18 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\addins
2014-10-23 07:16 - 2013-09-04 07:06 - 00000000 ____D () C:\Users\Fred\AppData\Local\CRE
2014-10-23 07:00 - 2013-09-10 17:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-21 23:44 - 2013-12-27 22:01 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-21 22:38 - 2012-10-22 16:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-21 21:52 - 2014-06-18 19:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-21 20:41 - 2013-07-28 08:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-21 20:36 - 2011-11-12 01:09 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-19 07:49 - 2011-11-27 17:11 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 07:49 - 2011-11-27 17:11 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 20:23 - 2014-03-23 11:55 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-693924070-473334787-738800383-1002UA
2014-10-17 20:23 - 2014-03-23 11:55 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-693924070-473334787-738800383-1002Core
2014-10-16 02:27 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-16 02:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 02:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-16 02:02 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-15 02:24 - 2009-07-13 23:45 - 05110464 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 02:18 - 2014-04-30 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-14 07:31 - 2011-11-09 14:40 - 00000000 ____D () C:\Users\Fred\AppData\Local\Nero
2014-10-12 11:59 - 2012-02-22 23:29 - 00000000 ____D () C:\Users\Fred\Desktop\Photos
2014-10-10 19:21 - 2011-11-09 14:26 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\Adobe
2014-10-08 22:45 - 2012-12-18 18:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-08 20:57 - 2012-05-20 10:09 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-08 20:57 - 2012-05-20 10:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-08 20:57 - 2011-11-04 13:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-08 20:26 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\CatRoot2_2014108214951
2014-10-08 13:42 - 2011-11-11 02:10 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-10-05 22:34 - 2014-05-12 13:46 - 00000000 ____D () C:\Users\TEMP
2014-10-05 22:32 - 2011-11-09 14:32 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\uTorrent
2014-10-05 22:15 - 2013-02-04 08:54 - 00000000 ____D () C:\Program Files (x86)\Free Window Registry Repair
2014-10-05 22:03 - 2012-09-07 14:48 - 00000000 ____D () C:\Program Files (x86)\Norton PC Checkup 3.0
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-25 23:57
 
==================== End Of Log ============================
 
Scanned 376206
Found 5
 
Scan end: 11/3/2014 10:33:39 AM
Scan time: 3:33:05
 


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:41 PM

Posted 03 November 2014 - 04:13 PM

xgoGMWSt.gif.pagespeed.ic.T3xMEQZT0d.png Multiple Anti-Virus-Software warning!

It is inadvisable to have more than one Anti-Virus installed on your computer at the same time. Doing so may:
  • Cause conflicts, negatively impacting the effectiveness of each Anti-Virus installed.
  • Trigger false-positives.
  • Trigger false-negatives, where neither programme detects malware.
  • Cause system instability/performance issues. Your system may lock up or slow down due to both software attempting to access the same file at the same time.
warning.gif SpyBot S&D Warning

MVPS.org is no longer recommending SpyBot S&D due to very poor testing results (scroll down and read under Freeware Antispyware Products).
My advice is to get rid of this program. To do so:
  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for SpyBot, right-click the entry and click Uninstall.
This is optional, but please consider it.

Let's do a final check up:

Step 1


Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 Fredlo

Fredlo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 03 November 2014 - 04:44 PM

I am having a problem. Like all files, when I download this via my PC, regardless of browser (tried IE and Chrome), I get an error that the file is not a WIn32 file. This is confusing, since I have a Win 64 system. When I use my smartphone to download the file, I am able to do so. However, if I try to move the .exe file to the desktop, I get the error "Error Copying File or Folder: The requested resource is in use."

 

I have been having problems downloading files. Also, my mouse is not working properly. The mouse double clicks when I do not intend, and when I attempt to drag and drop, the mouse releases when I do not intend for it to.

 

Could these be related to the Zero Access infection?



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:41 PM

Posted 03 November 2014 - 05:03 PM

Could these be related to the Zero Access infection?

 

It is tricky... :)

ZA should be deleted now.

 

Please try to perform the steps as instructed.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 Fredlo

Fredlo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 03 November 2014 - 09:54 PM

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3294791\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressBurn\expressburnsetup_v4.65.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\PhotoStage\photostage.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\PhotoStage\photostagesetup_v2.17.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Pixillion\pixillion.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Pixillion\pixillionsetup_v2.59.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Prism\prism.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Prism\prismsetup_v1.92.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\videopad.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\videopadsetup_v3.02.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\WavePad\wavepad.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\WavePad\wavepadsetup_v5.40.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Qoobox\Quarantine\C\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\64EIPlug.dll.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\Qoobox\Quarantine\Registry_backups\CLSID_{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}.reg.dat Win32/Poweliks.C trojan
C:\Users\Fred\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\3db83733-6eee634a a variant of Java/JShrink.A potentially unsafe application
C:\Users\Fred\Downloads\cbsidlm-tr1_10a-Free_Window_Registry_Repair-SEO-10606555.exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Fred\Downloads\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Fred\Downloads\ccsetup405.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Fred\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Fred\Downloads\Sacred Citadel Complete-PROPHET\ppt-scic.iso a variant of Win32/HackTool.Crack.CS potentially unsafe application
C:\Windows\Installer\4981021.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application


#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:41 PM

Posted 04 November 2014 - 03:25 AM

Hi,

can you please post the complete ESET-Log?

 

 

A log filelog.pngis created at logpath.png
Copy and paste the content of this log file in your next reply.

lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 Fredlo

Fredlo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 04 November 2014 - 07:32 AM

That folder wasn't created for me. I do not have that file.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users