Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Go For Files" -- will NOT remove! I need Combox Fix help please..


  • This topic is locked This topic is locked
16 replies to this topic

#1 IdesofMarc

IdesofMarc

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 21 November 2014 - 07:42 PM

As directed here are the files from my dds scan:

 

Attach.txt:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/10/2014 9:36:09 PM
System Uptime: 11/21/2014 3:49:12 PM (1 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | RAMPAGE IV EXTREME
Processor: Intel® Core™ i7-4930K CPU @ 3.40GHz | LGA2011 | 3094/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 465 GiB total, 336.382 GiB free.
D: is FIXED (NTFS) - 1863 GiB total, 1581.642 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP73: 11/4/2014 4:31:14 AM - Windows Update
RP74: 11/7/2014 7:57:37 AM - Windows Update
RP75: 11/10/2014 9:46:18 AM - Installed DirectX
RP76: 11/11/2014 9:13:04 AM - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
RP77: 11/11/2014 9:13:10 AM - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
RP78: 11/11/2014 9:14:02 AM - Windows Update
RP79: 11/13/2014 3:00:25 AM - Windows Update
RP80: 11/13/2014 9:12:26 AM - Windows Update
RP81: 11/15/2014 3:59:19 PM - Installed DxO OpticsPro 10
RP82: 11/15/2014 4:02:11 PM - Removed DxO OpticsPro 10 plug-in for Adobe Lightroom
RP83: 11/15/2014 4:02:17 PM - Installed DxO OpticsPro 10 plug-in for Adobe Lightroom
RP84: 11/19/2014 9:39:23 PM - Removed Citrix Online Launcher
RP85: 11/19/2014 9:40:02 PM - Removed DxO Optics Pro 9
RP86: 11/19/2014 9:40:11 PM - Removed DxO Optics Pro 9 plug-in for Adobe Lightroom
RP87: 11/19/2014 9:42:53 PM - 11/19/2014  - prior to registry cleaning
RP88: 11/21/2014 11:02:20 AM - Checkpoint by HitmanPro
RP89: 11/21/2014 11:02:54 AM - Checkpoint by HitmanPro
RP90: 11/21/2014 3:47:03 PM - Restore Operation
.
==== Installed Programs ======================
.
Acrok MTS Converter Ver 2.5.15.416
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Creative Cloud
Adobe Flash Player 15 Plugin
Adobe Help Manager
Adobe Photoshop Lightroom 5.6 64-bit
Adobe Widget Browser
Adobe® Content Viewer
Alien Skin Eye Candy 6
Alien Skin Xenofex 2
Apple Application Support
Asmedia ASM104x USB 3.0 Host Controller Driver
Asmedia ASM106x SATA Host Controller Driver
ASUS Product Register Program
Bitdefender Antivirus Free Edition
bl
Bluetooth Win7 Suite (64)
Canon PRO-100 series Printer Driver
CCleaner
D3DX10
Data Import Utility
Definition Update for Microsoft Office 2010 (KB2899521) 32-Bit Edition
Defraggler
Dell Display Manager
DxO OpticsPro 10
DxO OpticsPro 10 plug-in for Adobe Lightroom
DxO ViewPoint 2
FileMind QuickFix
FileZilla Client 3.9.0.6
Free Hide Folder
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HitmanPro 3.7
Intel® Management Engine Components
Intel® Network Connections 17.2.154.0
Intel® Trusted Connect Service Client
Junk Mail filter update
Malwarebytes Anti-Malware version 2.0.3.1025
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 4 Runtime
Microsoft Camera Codec Pack
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Movie Maker
Mozilla Firefox 33.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
Network Activity Indicator for Windows 7
Nik Collection
NVIDIA 3D Vision Controller Driver 344.65
NVIDIA 3D Vision Driver 344.65
NVIDIA Control Panel 344.65
NVIDIA GeForce Experience 2.1.4
NVIDIA GeForce Experience Service
NVIDIA Graphics Driver 344.65
NVIDIA HD Audio Driver 1.3.32.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.14.0702
NVIDIA ShadowPlay 16.13.65
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 16.13.65
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.26
PDF Settings CS6
ph
Photo Common
Photo Gallery
Private Internet Access Support Files
QuickTime 7
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2883013) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SHIELD Streaming
SHIELD Wireless Controller Driver
Spyder4Elite
Topaz Adjust 4
Topaz Adjust 4 (64-bit)
Topaz DeNoise 5
Topaz DeNoise 5 (64-bit)
TransType Pro
Trapcode Suite 64-bit
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2889935) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2878251) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
VLC media player
Wacom Tablet
WebTablet FB Plugin 32 bit
WebTablet FB Plugin 64 bit
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 5.11 (64-bit)
.
==== End Of File ===========================
 

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420
Run by aworkofmarc2 at 16:39:47 on 2014-11-21
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32706.28217 [GMT -8:00]
.
AV: Bitdefender Antivirus Free Edition *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antivirus Free Edition *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\windows\system32\Dwm.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\NetworkIndicator\NetworkIndicator.exe
C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
C:\Program Files (x86)\Datacolor\Spyder4Elite\Utility\SpyderUtility.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\WacomHost.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Program Files\pia_manager\pia_manager.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\AWORKO~1\AppData\Local\Temp\ocr8075.tmp\bin\rubyw.exe
C:\Program Files\pia_manager\pia_manager.exe
C:\Users\AWORKO~1\AppData\Local\Temp\ocr8999.tmp\bin\rubyw.exe
C:\Program Files\pia_manager\pia_tray\pia_tray.exe
C:\Program Files\pia_manager\openvpn.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\wuauclt.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
C:\Program Files (x86)\Common Files\Adobe\dynamiclink\CS6\dynamiclinkmanager.exe
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [AdobeBridge] <no file>
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDI~1.LNK - C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYDER~1.LNK - C:\Program Files (x86)\Datacolor\Spyder4Elite\Utility\SpyderUtility.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 209.222.18.222 209.222.18.218
TCP: Interfaces\{B98DB7B9-58DA-4EF2-8D98-327F5151E3E7} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D4AE4FB8-2100-454A-85D3-BD6D4978E5AA} : DHCPNameServer = 209.222.18.222 209.222.18.218
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\windows\System32\rundll32.exe C:\windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\aworkofmarc2\AppData\Roaming\Mozilla\Firefox\Profiles\lnxhir2b.default\
FF - prefs.js: browser.startup.homepage - www.drudgereport.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\aworkofmarc2\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\windows\System32\drivers\asahci64.sys [2012-1-6 49760]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2014-9-11 56208]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [2014-9-10 121928]
R1 gzflt;gzflt;C:\windows\System32\drivers\gzflt.sys [2014-9-10 148696]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-9-19 1148744]
R2 gzserv;Bitdefender Antivirus Free Edition;C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [2014-9-10 69368]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-11-21 127752]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\windows\System32\IPROSetMonitor.exe [2012-6-5 190824]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2014-9-3 169432]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-9-10 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-10 968504]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2014-9-11 70768]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-9-3 1795912]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-9-3 19819848]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-11-10 410952]
R2 WTabletServicePro;Wacom Professional Service;C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2014-9-14 648472]
R3 asmthub3;ASMedia USB3 Hub Service;C:\windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2011-3-13 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2011-3-13 298656]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2011-3-13 28832]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2011-3-13 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2011-3-13 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2011-3-13 154272]
R3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2011-3-13 280224]
R3 hidkmdf;KMDF Driver;C:\windows\System32\drivers\hidkmdf.sys [2014-9-14 14136]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-9-10 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-9-10 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-9-10 63704]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-9-3 19784]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\windows\System32\drivers\nvvad64v.sys [2014-11-10 38216]
R3 Spyder4;Datacolor Spyder4;C:\windows\System32\drivers\dccmtr.sys [2011-7-12 15360]
R3 WacHidRouter;Wacom Hid Router;C:\windows\System32\drivers\wachidrouter.sys [2014-9-14 102200]
R3 wacomrouterfilter;Wacom Router Filter Driver;C:\windows\System32\drivers\wacomrouterfilter.sys [2014-9-14 15160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\windows\System32\drivers\AthDfu.sys [2011-3-13 51872]
S3 avckf;avckf;C:\windows\System32\drivers\avckf.sys [2014-9-10 593144]
S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 IAMTVE;Driver for Intel® Active Management Technology - KCS;C:\windows\System32\drivers\IAMTVE.sys [2014-9-3 43416]
S3 IAMTXPE;Driver for Intel® Active Management Technology - KCS;C:\windows\System32\drivers\IAMTXPE.sys [2014-9-3 51096]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-8-26 171632]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-11-12 114688]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 ioatdma1;ioatdma1;C:\windows\System32\drivers\qd162x64.sys [2014-9-3 40144]
S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\windows\System32\drivers\qd262x64.sys [2014-9-3 42192]
S3 ISCT;Intel® Smart Connect Technology Device Driver;C:\windows\System32\drivers\ISCTD64.sys [2013-1-18 46568]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\windows\System32\drivers\nvstusb.sys [2014-9-3 452056]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2014-3-13 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2013-8-26 805088]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\windows\System32\drivers\terminpt.sys [2014-3-13 29696]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-3-13 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2014-3-13 29696]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-8-26 1255736]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-11-21 19:03:00    12872    ----a-w-    C:\windows\System32\bootdelete.exe
2014-11-21 19:00:21    --------    d-----w-    C:\Program Files\HitmanPro
2014-11-21 18:57:55    --------    d-----w-    C:\ProgramData\HitmanPro
2014-11-21 18:44:16    --------    d-----w-    C:\windows\ERUNT
2014-11-21 18:38:00    --------    d-----w-    C:\AdwCleaner
2014-11-20 00:12:45    --------    d-----w-    C:\Users\aworkofmarc2\AppData\Local\Citrix
2014-11-17 17:53:25    --------    d-sh--w-    C:\Users\aworkofmarc2\AppData\Local\EmieBrowserModeList
2014-11-16 00:00:42    2475352    ----a-w-    C:\windows\System32\D3DX9_42.dll
2014-11-12 17:06:30    2048    ----a-w-    C:\windows\SysWow64\msxml3r.dll
2014-11-11 17:14:10    11627712    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{885ECA00-1F44-4B7A-9F44-57EA5E136CAB}\mpengine.dll
2014-11-10 18:05:14    615568    ----a-w-    C:\windows\SysWow64\nvStreaming.exe
2014-11-10 18:05:06    2558792    ----a-w-    C:\windows\System32\nvsvcr.dll
2014-11-10 17:46:25    511328    ----a-w-    C:\windows\System32\d3dx10_43.dll
2014-11-10 17:46:25    470880    ----a-w-    C:\windows\SysWow64\d3dx10_43.dll
2014-11-10 17:46:25    276832    ----a-w-    C:\windows\System32\d3dx11_43.dll
2014-11-10 17:46:25    248672    ----a-w-    C:\windows\SysWow64\d3dx11_43.dll
2014-11-10 17:46:24    2401112    ----a-w-    C:\windows\System32\D3DX9_43.dll
2014-11-10 17:46:24    1998168    ----a-w-    C:\windows\SysWow64\D3DX9_43.dll
2014-11-10 17:46:10    38216    ----a-w-    C:\windows\System32\drivers\nvvad64v.sys
2014-11-10 17:46:10    32584    ----a-w-    C:\windows\SysWow64\nvaudcap32v.dll
2014-11-09 04:03:13    --------    d-----w-    C:\Users\aworkofmarc2\AppData\Local\Metability_Software
2014-11-09 04:02:08    --------    d-----w-    C:\Program Files (x86)\Metability Software
2014-11-05 22:01:13    --------    d-----w-    C:\ProgramData\Alien Skin
2014-11-05 22:00:46    --------    d-----w-    C:\Users\aworkofmarc2\AppData\Local\Alien Skin
.
==================== Find3M  ====================
.
2014-11-22 00:08:33    129752    ----a-w-    C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-11-06 17:06:52    2197680    ----a-w-    C:\windows\SysWow64\nvspcap.dll
2014-11-06 17:06:52    1291280    ----a-w-    C:\windows\SysWow64\nvspbridge.dll
2014-11-06 17:06:33    2800296    ----a-w-    C:\windows\System32\nvspcap64.dll
2014-11-06 17:06:33    1715224    ----a-w-    C:\windows\System32\nvspbridge64.dll
2014-11-06 04:04:03    2724864    ----a-w-    C:\windows\System32\mshtml.tlb
2014-11-06 04:03:50    4096    ----a-w-    C:\windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03    66560    ----a-w-    C:\windows\System32\iesetup.dll
2014-11-06 03:46:12    580096    ----a-w-    C:\windows\System32\vbscript.dll
2014-11-06 03:46:12    48640    ----a-w-    C:\windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28    88064    ----a-w-    C:\windows\System32\MshtmlDac.dll
2014-11-06 03:30:22    144384    ----a-w-    C:\windows\System32\ieUnatt.exe
2014-11-06 03:30:08    114688    ----a-w-    C:\windows\System32\ieetwcollector.exe
2014-11-06 03:29:18    814080    ----a-w-    C:\windows\System32\jscript9diag.dll
2014-11-06 03:28:20    2724864    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57    6040064    ----a-w-    C:\windows\System32\jscript9.dll
2014-11-06 03:20:18    968704    ----a-w-    C:\windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43    501248    ----a-w-    C:\windows\SysWow64\vbscript.dll
2014-11-06 03:13:36    62464    ----a-w-    C:\windows\SysWow64\iesetup.dll
2014-11-06 03:12:44    47616    ----a-w-    C:\windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58    64000    ----a-w-    C:\windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29    77824    ----a-w-    C:\windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36    115712    ----a-w-    C:\windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38    620032    ----a-w-    C:\windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36    60416    ----a-w-    C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39    1359360    ----a-w-    C:\windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25    2124288    ----a-w-    C:\windows\System32\inetcpl.cpl
2014-11-06 02:21:49    4298240    ----a-w-    C:\windows\SysWow64\jscript9.dll
2014-11-06 02:21:25    2051072    ----a-w-    C:\windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37    1155072    ----a-w-    C:\windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24    2365440    ----a-w-    C:\windows\System32\wininet.dll
2014-11-06 01:52:35    1892864    ----a-w-    C:\windows\SysWow64\wininet.dll
2014-11-03 22:02:42    6882448    ----a-w-    C:\windows\System32\nvcpl.dll
2014-11-03 22:02:41    3531464    ----a-w-    C:\windows\System32\nvsvc64.dll
2014-11-03 22:02:38    935232    ----a-w-    C:\windows\System32\nvvsvc.exe
2014-11-03 22:02:38    61640    ----a-w-    C:\windows\System32\nvshext.dll
2014-11-03 22:02:38    385352    ----a-w-    C:\windows\System32\nvmctray.dll
2014-11-03 11:58:36    4099264    ----a-w-    C:\windows\System32\nvcoproc.bin
2014-11-01 15:49:06    71344    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-01 15:49:06    701104    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2014-10-28 13:34:58    275080    ------w-    C:\windows\System32\MpSigStub.exe
2014-10-25 01:57:59    77824    ----a-w-    C:\windows\System32\packager.dll
2014-10-25 01:32:37    67584    ----a-w-    C:\windows\SysWow64\packager.dll
2014-10-18 02:05:23    861696    ----a-w-    C:\windows\System32\oleaut32.dll
2014-10-18 01:33:18    571904    ----a-w-    C:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37    155064    ----a-w-    C:\windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06    683520    ----a-w-    C:\windows\System32\termsrv.dll
2014-10-14 02:13:00    3241984    ----a-w-    C:\windows\System32\msi.dll
2014-10-14 02:12:57    1460736    ----a-w-    C:\windows\System32\lsasrv.dll
2014-10-14 02:09:31    146432    ----a-w-    C:\windows\System32\msaudite.dll
2014-10-14 02:07:31    681984    ----a-w-    C:\windows\System32\adtschema.dll
2014-10-14 01:50:47    22016    ----a-w-    C:\windows\SysWow64\secur32.dll
2014-10-14 01:50:41    2363904    ----a-w-    C:\windows\SysWow64\msi.dll
2014-10-14 01:49:38    96768    ----a-w-    C:\windows\SysWow64\sspicli.dll
2014-10-14 01:47:30    146432    ----a-w-    C:\windows\SysWow64\msaudite.dll
2014-10-14 01:46:02    681984    ----a-w-    C:\windows\SysWow64\adtschema.dll
2014-10-11 17:08:58    718840    ----a-w-    C:\windows\System32\drivers\avc3.sys
2014-10-11 17:03:13    176920    ----a-w-    C:\ProgramData\1413046643.bdinstall.bin
2014-10-11 16:58:16    261056    ----a-w-    C:\windows\System32\drivers\avchv.sys
2014-10-11 16:57:23    37628    ----a-w-    C:\ProgramData\1413046642.bdinstall.bin
2014-10-10 00:57:42    3198976    ----a-w-    C:\windows\System32\win32k.sys
2014-10-03 19:23:02    35144    ----a-w-    C:\windows\System32\nvaudcap64v.dll
2014-10-03 02:12:00    500224    ----a-w-    C:\windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54    284672    ----a-w-    C:\windows\System32\EncDump.dll
2014-10-03 02:11:51    680960    ----a-w-    C:\windows\System32\audiosrv.dll
2014-10-03 02:11:51    440832    ----a-w-    C:\windows\System32\AudioEng.dll
2014-10-03 02:11:51    296448    ----a-w-    C:\windows\System32\AudioSes.dll
2014-10-03 01:44:42    442880    ----a-w-    C:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26    374784    ----a-w-    C:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26    195584    ----a-w-    C:\windows\SysWow64\AudioSes.dll
2014-10-01 18:11:26    63704    ----a-w-    C:\windows\System32\drivers\mwac.sys
2014-10-01 18:11:16    93400    ----a-w-    C:\windows\System32\drivers\mbamchameleon.sys
2014-10-01 18:11:12    25816    ----a-w-    C:\windows\System32\drivers\mbam.sys
2014-09-25 02:08:38    371712    ----a-w-    C:\windows\System32\qdvd.dll
2014-09-25 01:40:50    519680    ----a-w-    C:\windows\SysWow64\qdvd.dll
2014-09-20 19:47:18    31232    ----a-w-    C:\windows\System32\drivers\tap0901.sys
2014-09-19 09:42:52    210944    ----a-w-    C:\windows\System32\wdigest.dll
2014-09-19 09:42:51    86528    ----a-w-    C:\windows\System32\TSpkg.dll
2014-09-19 09:42:49    342016    ----a-w-    C:\windows\System32\schannel.dll
2014-09-19 09:42:47    314880    ----a-w-    C:\windows\System32\msv1_0.dll
2014-09-19 09:42:47    309760    ----a-w-    C:\windows\System32\ncrypt.dll
2014-09-19 09:42:44    728064    ----a-w-    C:\windows\System32\kerberos.dll
2014-09-19 09:42:41    22016    ----a-w-    C:\windows\System32\credssp.dll
2014-09-19 09:23:55    172032    ----a-w-    C:\windows\SysWow64\wdigest.dll
2014-09-19 09:23:52    65536    ----a-w-    C:\windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49    248832    ----a-w-    C:\windows\SysWow64\schannel.dll
2014-09-19 09:23:46    221184    ----a-w-    C:\windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45    259584    ----a-w-    C:\windows\SysWow64\msv1_0.dll
2014-09-19 09:23:42    550912    ----a-w-    C:\windows\SysWow64\kerberos.dll
2014-09-19 09:23:36    17408    ----a-w-    C:\windows\SysWow64\credssp.dll
2014-09-17 04:51:20    31520    ----a-w-    C:\windows\System32\nvhdap64.dll
2014-09-17 04:51:20    197408    ----a-w-    C:\windows\System32\drivers\nvhda64v.sys
2014-09-17 04:51:20    1538880    ----a-w-    C:\windows\System32\nvhdagenco6420103.dll
2014-09-13 23:48:03    1876296    ----a-w-    C:\windows\System32\nvdispco6434411.dll
2014-09-13 23:48:03    1539272    ----a-w-    C:\windows\System32\nvdispgenco6434411.dll
2014-09-11 05:45:37    200009    ----a-w-    C:\ProgramData\1410413629.bdinstall.bin
2014-09-11 05:34:09    34665    ----a-w-    C:\ProgramData\1410413644.bdinstall.bin
2014-09-09 22:11:04    2048    ----a-w-    C:\windows\System32\tzres.dll
2014-09-09 21:47:10    2048    ----a-w-    C:\windows\SysWow64\tzres.dll
2014-09-05 02:11:09    6584320    ----a-w-    C:\windows\System32\mstscax.dll
.
============= FINISH: 16:39:59.11 ===============
 

 

thank you!!

 

 

 

Attached Files


Edited by IdesofMarc, 21 November 2014 - 08:17 PM.


BC AdBot (Login to Remove)

 


#2 IdesofMarc

IdesofMarc
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 22 November 2014 - 01:08 AM

Here's the lil bastard that keeps loading when I start Windows.. but doing a search to try and delete it of course gets me no where

 

I will be patient.. and await your reply

 

taskmgr_gorforfiles.jpg


Edited by IdesofMarc, 22 November 2014 - 01:09 AM.


#3 IdesofMarc

IdesofMarc
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 23 November 2014 - 09:08 PM

I know you're very busy and I respect that --so please don't take this wrong...  but is there any way you can give me some indication of when it might be?  If it's not this week before Thanksgiving then maybe I should just format Drive C.

 

 

 

Also -- has anyone heard of this new software?

DETEKT
RESIST SURVEILLANCE

https://resistsurveillance.org/

 

It's getting a lot of press. But then again.. it could also be the NSA's latest crafty attempt to install their worms in computers worldwide. Not that under any delusion that they don't already have a back door into any computer they want.  Used to be a time when I trusted people. LOL.. now I don't even trust the ones I trust.


Edited by IdesofMarc, 24 November 2014 - 12:00 AM.


#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 PM

Posted 26 November 2014 - 07:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/557156 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 IdesofMarc

IdesofMarc
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 27 November 2014 - 03:12 AM

Issue: Go For Files infected my computer. I ran several different anti-virus / malware programs Some related files seemed to be quarantined / deleted. However EVERYTIME, without fail, I restart the computer it STILL loads immediately with windows. Then, when I click THAT window close it next automatically starts my browser and loads some music to purchase page.

 

I did every step here hxxp://malwaretips.com/blogs/pup-optional-goforfiles-a-removal/ and STILL everytime I restart -- there it is again. I tried a system restore but it apparently has disable system restore too because I get the error that (paraphrasing here:) 'system restore could not implemented' on reentering Windows.

 

It appears this is the file as seen in my task manager but search as I have I can not find it.

 

I do have the Windows DVD.

 

Please tell me where to send the ATTACH FILE...

The DDS is pasted below

 

 

DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420
Run by aworkofmarc2 at 23:59:48 on 2014-11-26
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32706.29346 [GMT -8:00]
.
AV: Bitdefender Antivirus Free Edition *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antivirus Free Edition *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\NetworkIndicator\NetworkIndicator.exe
C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
C:\Program Files (x86)\Datacolor\Spyder4Elite\Utility\SpyderUtility.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\WacomHost.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\windows\system32\taskeng.exe
C:\Program Files\pia_manager\pia_manager.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\AWORKO~1\AppData\Local\Temp\ocr9F4A.tmp\bin\rubyw.exe
C:\Program Files\pia_manager\pia_manager.exe
C:\Users\AWORKO~1\AppData\Local\Temp\ocrA87E.tmp\bin\rubyw.exe
C:\Program Files\pia_manager\pia_tray\pia_tray.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared

\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe

\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office

\Office14\URLREDIR.DLL
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll
uRun: [AdobeBridge] <no file>
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --

onOSstartup=true
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDI~1.LNK - C:\Program Files (x86)\Dell\Dell Display

Manager\ddm.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYDER~1.LNK - C:\Program Files (x86)\Datacolor\Spyder4Elite

\Utility\SpyderUtility.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office

\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite

\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office

\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{B98DB7B9-58DA-4EF2-8D98-327F5151E3E7} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D4AE4FB8-2100-454A-85D3-BD6D4978E5AA} : DHCPNameServer = 209.222.18.222 209.222.18.218
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared

\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery

\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared

\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office

\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\windows\System32\rundll32.exe C:\windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office

\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office

\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared

\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\aworkofmarc2\AppData\Roaming\Mozilla\Firefox\Profiles\lnxhir2b.default\
FF - prefs.js: browser.startup.homepage - www.drudgereport.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\aworkofmarc2\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\windows\System32\drivers\asahci64.sys [2012-1-6 49760]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2014-9-11 56208]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [2014-9-10 121928]
R1 gzflt;gzflt;C:\windows\System32\drivers\gzflt.sys [2014-9-10 148696]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service

\GfExperienceService.exe [2014-9-19 1148744]
R2 gzserv;Bitdefender Antivirus Free Edition;C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [2014-9-10 69368]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-11-21 127752]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS

Client\HeciServer.exe [2013-2-13 731648]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\windows\System32\IPROSetMonitor.exe [2012-6-5 190824]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine

Components\DAL\Jhi_service.exe [2014-9-3 169432]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-9-10 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-10 968504]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2014-9-11 70768]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-9-3

1795912]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-9-3 19819848]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-

11-10 410952]
R2 WTabletServicePro;Wacom Professional Service;C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2014-9-14 648472]
R3 asmthub3;ASMedia USB3 Hub Service;C:\windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2011-3-13 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2011-3-13 298656]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2011-3-13 28832]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2011-3-13 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2011-3-13 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2011-3-13 154272]
R3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2011-3-13 280224]
R3 hidkmdf;KMDF Driver;C:\windows\System32\drivers\hidkmdf.sys [2014-9-14 14136]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-9-10 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-9-10 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-9-10 63704]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-9-3 19784]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\windows\System32\drivers\nvvad64v.sys [2014-11-10

38216]
R3 Spyder4;Datacolor Spyder4;C:\windows\System32\drivers\dccmtr.sys [2011-7-12 15360]
R3 WacHidRouter;Wacom Hid Router;C:\windows\System32\drivers\wachidrouter.sys [2014-9-14 102200]
R3 wacomrouterfilter;Wacom Router Filter Driver;C:\windows\System32\drivers\wacomrouterfilter.sys [2014-9-14 15160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\windows\System32\drivers\AthDfu.sys [2011-3-13 51872]
S3 avckf;avckf;C:\windows\System32\drivers\avckf.sys [2014-9-10 593144]
S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 IAMTVE;Driver for Intel® Active Management Technology - KCS;C:\windows\System32\drivers\IAMTVE.sys [2014-9-3 43416]
S3 IAMTXPE;Driver for Intel® Active Management Technology - KCS;C:\windows\System32\drivers\IAMTXPE.sys [2014-9-3 51096]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock

Controller Service\ICCProxy.exe [2013-8-26 171632]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-11-12 114688]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files

\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 ioatdma1;ioatdma1;C:\windows\System32\drivers\qd162x64.sys [2014-9-3 40144]
S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\windows\System32\drivers\qd262x64.sys [2014-9-3 42192]
S3 ISCT;Intel® Smart Connect Technology Device Driver;C:\windows\System32\drivers\ISCTD64.sys [2013-1-18 46568]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\windows\System32\drivers\nvstusb.sys [2014-9-3 452056]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2014-3-13 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2013-8-26 805088]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\windows\System32\drivers\terminpt.sys [2014-3-13 29696]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-3-13 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2014-3-13 29696]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-8-26 1255736]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-11-24 07:03:38    11632448    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5A7F9CBC-

67C4-4DED-A4ED-2EF71D2B1841}\mpengine.dll
2014-11-24 07:03:14    728064    ----a-w-    C:\windows\System32\kerberos.dll
2014-11-24 07:03:14    550912    ----a-w-    C:\windows\SysWow64\kerberos.dll
2014-11-24 07:03:14    241152    ----a-w-    C:\windows\System32\pku2u.dll
2014-11-24 07:03:14    186880    ----a-w-    C:\windows\SysWow64\pku2u.dll
2014-11-21 19:03:00    12872    ----a-w-    C:\windows\System32\bootdelete.exe
2014-11-21 19:00:21    --------    d-----w-    C:\Program Files\HitmanPro
2014-11-21 18:57:55    --------    d-----w-    C:\ProgramData\HitmanPro
2014-11-21 18:44:16    --------    d-----w-    C:\windows\ERUNT
2014-11-21 18:38:00    --------    d-----w-    C:\AdwCleaner
2014-11-20 00:12:45    --------    d-----w-    C:\Users\aworkofmarc2\AppData\Local\Citrix
2014-11-17 17:53:25    --------    d-sh--w-    C:\Users\aworkofmarc2\AppData\Local\EmieBrowserModeList
2014-11-16 00:00:42    2475352    ----a-w-    C:\windows\System32\D3DX9_42.dll
2014-11-12 17:06:30    2048    ----a-w-    C:\windows\SysWow64\msxml3r.dll
2014-11-11 06:51:22    93808    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2014-11-10 18:05:14    615568    ----a-w-    C:\windows\SysWow64\nvStreaming.exe
2014-11-10 18:05:06    2558792    ----a-w-    C:\windows\System32\nvsvcr.dll
2014-11-10 17:46:25    511328    ----a-w-    C:\windows\System32\d3dx10_43.dll
2014-11-10 17:46:25    470880    ----a-w-    C:\windows\SysWow64\d3dx10_43.dll
2014-11-10 17:46:25    276832    ----a-w-    C:\windows\System32\d3dx11_43.dll
2014-11-10 17:46:25    248672    ----a-w-    C:\windows\SysWow64\d3dx11_43.dll
2014-11-10 17:46:24    2401112    ----a-w-    C:\windows\System32\D3DX9_43.dll
2014-11-10 17:46:24    1998168    ----a-w-    C:\windows\SysWow64\D3DX9_43.dll
2014-11-10 17:46:10    38216    ----a-w-    C:\windows\System32\drivers\nvvad64v.sys
2014-11-10 17:46:10    32584    ----a-w-    C:\windows\SysWow64\nvaudcap32v.dll
2014-11-09 04:03:13    --------    d-----w-    C:\Users\aworkofmarc2\AppData\Local\Metability_Software
2014-11-09 04:02:08    --------    d-----w-    C:\Program Files (x86)\Metability Software
2014-11-05 22:01:13    --------    d-----w-    C:\ProgramData\Alien Skin
2014-11-05 22:00:46    --------    d-----w-    C:\Users\aworkofmarc2\AppData\Local\Alien Skin
.
==================== Find3M  ====================
.
2014-11-27 04:47:19    129752    ----a-w-    C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-11-06 17:06:52    2197680    ----a-w-    C:\windows\SysWow64\nvspcap.dll
2014-11-06 17:06:52    1291280    ----a-w-    C:\windows\SysWow64\nvspbridge.dll
2014-11-06 17:06:33    2800296    ----a-w-    C:\windows\System32\nvspcap64.dll
2014-11-06 17:06:33    1715224    ----a-w-    C:\windows\System32\nvspbridge64.dll
2014-11-06 04:04:03    2724864    ----a-w-    C:\windows\System32\mshtml.tlb
2014-11-06 04:03:50    4096    ----a-w-    C:\windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03    66560    ----a-w-    C:\windows\System32\iesetup.dll
2014-11-06 03:46:12    580096    ----a-w-    C:\windows\System32\vbscript.dll
2014-11-06 03:46:12    48640    ----a-w-    C:\windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28    88064    ----a-w-    C:\windows\System32\MshtmlDac.dll
2014-11-06 03:30:22    144384    ----a-w-    C:\windows\System32\ieUnatt.exe
2014-11-06 03:30:08    114688    ----a-w-    C:\windows\System32\ieetwcollector.exe
2014-11-06 03:29:18    814080    ----a-w-    C:\windows\System32\jscript9diag.dll
2014-11-06 03:28:20    2724864    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57    6040064    ----a-w-    C:\windows\System32\jscript9.dll
2014-11-06 03:20:18    968704    ----a-w-    C:\windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43    501248    ----a-w-    C:\windows\SysWow64\vbscript.dll
2014-11-06 03:13:36    62464    ----a-w-    C:\windows\SysWow64\iesetup.dll
2014-11-06 03:12:44    47616    ----a-w-    C:\windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58    64000    ----a-w-    C:\windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29    77824    ----a-w-    C:\windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36    115712    ----a-w-    C:\windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38    620032    ----a-w-    C:\windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36    60416    ----a-w-    C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39    1359360    ----a-w-    C:\windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25    2124288    ----a-w-    C:\windows\System32\inetcpl.cpl
2014-11-06 02:21:49    4298240    ----a-w-    C:\windows\SysWow64\jscript9.dll
2014-11-06 02:21:25    2051072    ----a-w-    C:\windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37    1155072    ----a-w-    C:\windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24    2365440    ----a-w-    C:\windows\System32\wininet.dll
2014-11-06 01:52:35    1892864    ----a-w-    C:\windows\SysWow64\wininet.dll
2014-11-04 22:30:58    275080    ------w-    C:\windows\System32\MpSigStub.exe
2014-11-03 22:02:42    6882448    ----a-w-    C:\windows\System32\nvcpl.dll
2014-11-03 22:02:41    3531464    ----a-w-    C:\windows\System32\nvsvc64.dll
2014-11-03 22:02:38    935232    ----a-w-    C:\windows\System32\nvvsvc.exe
2014-11-03 22:02:38    61640    ----a-w-    C:\windows\System32\nvshext.dll
2014-11-03 22:02:38    385352    ----a-w-    C:\windows\System32\nvmctray.dll
2014-11-03 11:58:36    4099264    ----a-w-    C:\windows\System32\nvcoproc.bin
2014-11-01 15:49:06    71344    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-01 15:49:06    701104    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2014-10-25 01:57:59    77824    ----a-w-    C:\windows\System32\packager.dll
2014-10-25 01:32:37    67584    ----a-w-    C:\windows\SysWow64\packager.dll
2014-10-18 02:05:23    861696    ----a-w-    C:\windows\System32\oleaut32.dll
2014-10-18 01:33:18    571904    ----a-w-    C:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37    155064    ----a-w-    C:\windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06    683520    ----a-w-    C:\windows\System32\termsrv.dll
2014-10-14 02:13:00    3241984    ----a-w-    C:\windows\System32\msi.dll
2014-10-14 02:12:57    1460736    ----a-w-    C:\windows\System32\lsasrv.dll
2014-10-14 02:09:31    146432    ----a-w-    C:\windows\System32\msaudite.dll
2014-10-14 02:07:31    681984    ----a-w-    C:\windows\System32\adtschema.dll
2014-10-14 01:50:47    22016    ----a-w-    C:\windows\SysWow64\secur32.dll
2014-10-14 01:50:41    2363904    ----a-w-    C:\windows\SysWow64\msi.dll
2014-10-14 01:49:38    96768    ----a-w-    C:\windows\SysWow64\sspicli.dll
2014-10-14 01:47:30    146432    ----a-w-    C:\windows\SysWow64\msaudite.dll
2014-10-14 01:46:02    681984    ----a-w-    C:\windows\SysWow64\adtschema.dll
2014-10-11 17:08:58    718840    ----a-w-    C:\windows\System32\drivers\avc3.sys
2014-10-11 17:03:13    176920    ----a-w-    C:\ProgramData\1413046643.bdinstall.bin
2014-10-11 16:58:16    261056    ----a-w-    C:\windows\System32\drivers\avchv.sys
2014-10-11 16:57:23    37628    ----a-w-    C:\ProgramData\1413046642.bdinstall.bin
2014-10-10 00:57:42    3198976    ----a-w-    C:\windows\System32\win32k.sys
2014-10-03 19:23:02    35144    ----a-w-    C:\windows\System32\nvaudcap64v.dll
2014-10-03 02:12:00    500224    ----a-w-    C:\windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54    284672    ----a-w-    C:\windows\System32\EncDump.dll
2014-10-03 02:11:51    680960    ----a-w-    C:\windows\System32\audiosrv.dll
2014-10-03 02:11:51    440832    ----a-w-    C:\windows\System32\AudioEng.dll
2014-10-03 02:11:51    296448    ----a-w-    C:\windows\System32\AudioSes.dll
2014-10-03 01:44:42    442880    ----a-w-    C:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26    374784    ----a-w-    C:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26    195584    ----a-w-    C:\windows\SysWow64\AudioSes.dll
2014-10-01 18:11:26    63704    ----a-w-    C:\windows\System32\drivers\mwac.sys
2014-10-01 18:11:16    93400    ----a-w-    C:\windows\System32\drivers\mbamchameleon.sys
2014-10-01 18:11:12    25816    ----a-w-    C:\windows\System32\drivers\mbam.sys
2014-09-25 02:08:38    371712    ----a-w-    C:\windows\System32\qdvd.dll
2014-09-25 01:40:50    519680    ----a-w-    C:\windows\SysWow64\qdvd.dll
2014-09-20 19:47:18    31232    ----a-w-    C:\windows\System32\drivers\tap0901.sys
2014-09-19 09:42:52    210944    ----a-w-    C:\windows\System32\wdigest.dll
2014-09-19 09:42:51    86528    ----a-w-    C:\windows\System32\TSpkg.dll
2014-09-19 09:42:49    342016    ----a-w-    C:\windows\System32\schannel.dll
2014-09-19 09:42:47    314880    ----a-w-    C:\windows\System32\msv1_0.dll
2014-09-19 09:42:47    309760    ----a-w-    C:\windows\System32\ncrypt.dll
2014-09-19 09:42:41    22016    ----a-w-    C:\windows\System32\credssp.dll
2014-09-19 09:23:55    172032    ----a-w-    C:\windows\SysWow64\wdigest.dll
2014-09-19 09:23:52    65536    ----a-w-    C:\windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49    248832    ----a-w-    C:\windows\SysWow64\schannel.dll
2014-09-19 09:23:46    221184    ----a-w-    C:\windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45    259584    ----a-w-    C:\windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36    17408    ----a-w-    C:\windows\SysWow64\credssp.dll
2014-09-17 04:51:20    31520    ----a-w-    C:\windows\System32\nvhdap64.dll
2014-09-17 04:51:20    197408    ----a-w-    C:\windows\System32\drivers\nvhda64v.sys
2014-09-17 04:51:20    1538880    ----a-w-    C:\windows\System32\nvhdagenco6420103.dll
2014-09-13 23:48:03    1876296    ----a-w-    C:\windows\System32\nvdispco6434411.dll
2014-09-13 23:48:03    1539272    ----a-w-    C:\windows\System32\nvdispgenco6434411.dll
2014-09-11 05:45:37    200009    ----a-w-    C:\ProgramData\1410413629.bdinstall.bin
2014-09-11 05:34:09    34665    ----a-w-    C:\ProgramData\1410413644.bdinstall.bin
2014-09-09 22:11:04    2048    ----a-w-    C:\windows\System32\tzres.dll
2014-09-09 21:47:10    2048    ----a-w-    C:\windows\SysWow64\tzres.dll
2014-09-05 02:11:09    6584320    ----a-w-    C:\windows\System32\mstscax.dll
2014-09-05 01:52:41    5703168    ----a-w-    C:\windows\SysWow64\mstscax.dll
2014-09-04 05:23:20    424448    ----a-w-    C:\windows\System32\rastls.dll
.
============= FINISH: 23:59:59.29 ===============

 

Please see a screen shot of my Task Manage -- displaying what I believe to be the offending file

taskmgr_gorforfiles.jpg
 


Edited by IdesofMarc, 27 November 2014 - 03:18 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:39 PM

Posted 27 November 2014 - 10:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
  • If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
  • ===
     
    Download the version of this tool for your operating system.
    and save it to a folder on your computer's Desktop.
    Double-click to run it. When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
    ===
     
    Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
    To attach a file select the "More Reply Option" and follow the instructions.
     
    Wait for further instructions.


    #7 IdesofMarc

    IdesofMarc
    • Topic Starter

    • Members
    • 23 posts
    • OFFLINE
    •  
    • Local time:10:39 PM

    Posted 28 November 2014 - 01:26 AM

    As requersted.. please note I had run the Adaware scan a few days before this and so I include BOTH -- my initial scan as well as the last one per THIS SPECIFIC request:

     

     

    1ST ADAWARE SCAN BELOW:

     

    # AdwCleaner v4.101 - Report created 21/11/2014 at 10:40:24
    # Updated 09/11/2014 by Xplode
    # Database : 2014-11-07.1 [Local]
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
    # Username : aworkofmarc2 - AWORKOFMARC2-PC
    # Running from : D:\Downloads\adwcleaner_4.101.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Found : C:\Users\aworkofmarc2\AppData\Local\PackageAware

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKLM\SOFTWARE\GoforFiles
    Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17420


    -\\ Mozilla Firefox v33.1 (x86 en-US)


    -\\ Google Chrome v

    [C:\Users\aworkofmarc2\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\aworkofmarc2\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [1164 octets] - [21/11/2014 10:40:24]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1224 octets] ##########

     

    6TH ADAWARE SCAN

     

    # AdwCleaner v4.102 - Report created 27/11/2014 at 22:10:48
    # Updated 23/11/2014 by Xplode
    # Database : 2014-11-23.7 [Local]
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
    # Username : aworkofmarc2 - AWORKOFMARC2-PC
    # Running from : D:\Downloads\adwcleaner_4.102.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17420


    -\\ Mozilla Firefox v33.1 (x86 en-US)


    -\\ Google Chrome v


    *************************

    AdwCleaner[R0].txt - [1304 octets] - [21/11/2014 10:40:24]
    AdwCleaner[R1].txt - [938 octets] - [21/11/2014 14:57:39]
    AdwCleaner[R2].txt - [997 octets] - [21/11/2014 15:00:15]
    AdwCleaner[R3].txt - [1024 octets] - [21/11/2014 15:13:54]
    AdwCleaner[R4].txt - [1085 octets] - [27/11/2014 22:07:30]
    AdwCleaner[S0].txt - [1375 octets] - [21/11/2014 10:41:37]
    AdwCleaner[S1].txt - [1007 octets] - [27/11/2014 22:10:48]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1067 octets] ##########

    FRST.TXT SCAN BELOW (64 BIT):

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
    Ran by aworkofmarc2 (administrator) on AWORKOFMARC2-PC on 27-11-2014 22:19:08
    Running from D:\Downloads
    Loaded Profile: aworkofmarc2 (Available profiles: aworkofmarc2)
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
    (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (ITSamples.com) C:\Program Files (x86)\NetworkIndicator\NetworkIndicator.exe
    (EnTech Taiwan) C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
    ( ) C:\Program Files (x86)\Datacolor\Spyder4Elite\Utility\SpyderUtility.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
    (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    () C:\Program Files\pia_manager\pia_manager.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    (http://www.ruby-lang.org/) C:\Users\aworkofmarc2\AppData\Local\Temp\ocrDF65.tmp\bin\rubyw.exe
    () C:\Program Files\pia_manager\pia_manager.exe
    (http://www.ruby-lang.org/) C:\Users\aworkofmarc2\AppData\Local\Temp\ocrE906.tmp\bin\rubyw.exe
    () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
    () C:\Program Files\pia_manager\openvpn.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
    (Adobe Systems Incorporated ) C:\Program Files (x86)\Common Files\Adobe\dynamiclink\CS6\dynamiclinkmanager.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-11] (Realtek Semiconductor)
    HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations)
    HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-09-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-09-04] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-01] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKU\S-1-5-21-3057180045-2085749164-1676399383-1000\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-3057180045-2085749164-1676399383-1000\...\Run: [NetworkIndicator] => C:\Program Files (x86)\NetworkIndicator\NetworkIndicator.exe [192512 2010-06-30] (ITSamples.com)
    HKU\S-1-5-21-3057180045-2085749164-1676399383-1000\...\Run: [Boxpn_VPN_Startup] => C:\Program Files\BOXPN Client Win7\BOXPN_Client.exe [614592 2014-09-19] (Boxpn)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk
    ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpyderUtility.lnk
    ShortcutTarget: SpyderUtility.lnk -> C:\Program Files (x86)\Datacolor\Spyder4Elite\Utility\SpyderUtility.exe ( )
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-3057180045-2085749164-1676399383-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218

    FireFox:
    ========
    FF ProfilePath: C:\Users\aworkofmarc2\AppData\Roaming\Mozilla\Firefox\Profiles\lnxhir2b.default
    FF Homepage: www.drudgereport.com
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
    FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
    FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
    FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
    FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
    FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
    FF Plugin HKU\S-1-5-21-3057180045-2085749164-1676399383-1000: @citrixonline.com/appdetectorplugin -> C:\Users\aworkofmarc2\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF SearchPlugin: C:\Users\aworkofmarc2\AppData\Roaming\Mozilla\Firefox\Profiles\lnxhir2b.default\searchplugins\duckduckgo.xml
    FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\aworkofmarc2\AppData\Roaming\Mozilla\Firefox\Profiles\lnxhir2b.default\Extensions\donottrackplus@abine.com [2014-11-21]
    FF Extension: Ghostery - C:\Users\aworkofmarc2\AppData\Roaming\Mozilla\Firefox\Profiles\lnxhir2b.default\Extensions\firefox@ghostery.com.xpi [2014-10-07]
    FF Extension: Remove Google Tracking - C:\Users\aworkofmarc2\AppData\Roaming\Mozilla\Firefox\Profiles\lnxhir2b.default\Extensions\jid0-DpogclPgnN9OvqNntEBbPZxBinY@jetpack.xpi [2014-10-07]
    FF Extension: Remove Google Tracking for Copy - C:\Users\aworkofmarc2\AppData\Roaming\Mozilla\Firefox\Profiles\lnxhir2b.default\Extensions\jid1-9GSm3Xm1Wr6yyg@jetpack.xpi [2014-10-07]
    FF Extension: NO Google Analytics - C:\Users\aworkofmarc2\AppData\Roaming\Mozilla\Firefox\Profiles\lnxhir2b.default\Extensions\jid1-JcGokIiQyjoBAQ@jetpack.xpi [2014-10-07]
    FF Extension: DuckDuckGo Plus - C:\Users\aworkofmarc2\AppData\Roaming\Mozilla\Firefox\Profiles\lnxhir2b.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-10-07]
    FF Extension: Adblock Plus - C:\Users\aworkofmarc2\AppData\Roaming\Mozilla\Firefox\Profiles\lnxhir2b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-07]
    FF Extension: DownThemAll! - C:\Users\aworkofmarc2\AppData\Roaming\Mozilla\Firefox\Profiles\lnxhir2b.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-10-07]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-09-11]

    Chrome:
    =======
    CHR Profile: C:\Users\aworkofmarc2\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\aworkofmarc2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-12]
    CHR Extension: (Google Docs) - C:\Users\aworkofmarc2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-12]
    CHR Extension: (Google Drive) - C:\Users\aworkofmarc2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-12]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\aworkofmarc2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-12]
    CHR Extension: (YouTube) - C:\Users\aworkofmarc2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-12]
    CHR Extension: (Google Search) - C:\Users\aworkofmarc2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-12]
    CHR Extension: (Google Sheets) - C:\Users\aworkofmarc2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-12]
    CHR Extension: (Google Wallet) - C:\Users\aworkofmarc2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-12]
    CHR Extension: (Gmail) - C:\Users\aworkofmarc2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-12]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
    R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
    R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-11-21] (SurfRight B.V.)
    R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
    S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [648472 2014-08-14] (Wacom Technology, Corp.)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
    S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
    R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
    R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
    S3 IAMTVE; C:\Windows\system32\drivers\IAMTVE.sys [43416 2007-04-11] (Intel Corporation)
    S3 IAMTXPE; C:\Windows\system32\drivers\IAMTXPE.sys [51096 2007-04-11] (Intel Corporation)
    S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46568 2013-01-18] ()
    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-27] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
    S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
    R3 Spyder4; C:\Windows\System32\DRIVERS\dccmtr.sys [15360 2011-06-02] (Datacolor)
    R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
    S3 MSICDSetup; \??\D:\CDriver64.sys [X]
    S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-27 22:18 - 2014-11-27 22:19 - 00000000 ____D () C:\FRST
    2014-11-27 22:13 - 2014-11-27 22:13 - 00000000 ___RD () C:\Users\aworkofmarc2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2014-11-27 22:12 - 2014-11-27 22:12 - 10624776 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-11-27 22:12 - 2014-11-27 22:12 - 00000318 _____ () C:\windows\PFRO.log
    2014-11-27 22:12 - 2014-11-27 22:12 - 00000168 _____ () C:\windows\setupact.log
    2014-11-27 22:12 - 2014-11-27 22:12 - 00000000 _____ () C:\windows\setuperr.log
    2014-11-25 23:25 - 2014-11-25 23:25 - 00406376 _____ () C:\Users\aworkofmarc2\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-11-25 00:18 - 2014-11-25 00:18 - 00002081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.7 64-bit.lnk
    2014-11-23 23:03 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2014-11-23 23:03 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
    2014-11-23 23:03 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
    2014-11-23 23:03 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
    2014-11-21 21:50 - 2014-11-21 21:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
    2014-11-21 11:10 - 2014-11-21 11:10 - 00000000 _____ () C:\autoexec.bat
    2014-11-21 11:03 - 2014-11-21 11:03 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
    2014-11-21 11:00 - 2014-11-21 15:58 - 00000000 ____D () C:\Program Files\HitmanPro
    2014-11-21 11:00 - 2014-11-21 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
    2014-11-21 10:57 - 2014-11-21 15:48 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-11-21 10:44 - 2014-11-21 15:48 - 00000000 ____D () C:\windows\ERUNT
    2014-11-21 10:38 - 2014-11-27 22:10 - 00000000 ____D () C:\AdwCleaner
    2014-11-21 10:08 - 2014-11-27 22:15 - 00003208 _____ () C:\windows\System32\Tasks\GoForFiles Installer Starter
    2014-11-19 21:48 - 2014-11-19 21:48 - 00003530 _____ () C:\windows\System32\Tasks\AdobeAAMUpdater-1.0-aworkofmarc2-PC-aworkofmarc2
    2014-11-19 16:12 - 2014-11-19 16:13 - 00000000 ____D () C:\Users\aworkofmarc2\AppData\Local\Citrix
    2014-11-17 22:10 - 2014-11-17 22:11 - 00000000 ____D () C:\Users\aworkofmarc2\Documents\Outlook Files
    2014-11-17 09:53 - 2014-11-17 09:53 - 00000000 __SHD () C:\Users\aworkofmarc2\AppData\Local\EmieBrowserModeList
    2014-11-15 16:00 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_42.dll
    2014-11-12 19:34 - 2014-11-12 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    2014-11-12 19:31 - 2014-11-27 22:13 - 00000906 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1cffef23f5f01bc.job
    2014-11-12 19:31 - 2014-11-24 08:36 - 00000910 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cffef2401fbc7e.job
    2014-11-12 19:31 - 2014-11-12 19:31 - 00003906 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1cffef2401fbc7e
    2014-11-12 19:31 - 2014-11-12 19:31 - 00003654 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1cffef23f5f01bc
    2014-11-12 09:07 - 2014-11-07 11:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-11-12 09:07 - 2014-11-07 11:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-11-12 09:07 - 2014-11-05 20:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-11-12 09:07 - 2014-11-05 20:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-11-12 09:07 - 2014-11-05 20:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-11-12 09:07 - 2014-11-05 19:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-11-12 09:07 - 2014-11-05 19:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-11-12 09:07 - 2014-11-05 19:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-11-12 09:07 - 2014-11-05 19:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-11-12 09:07 - 2014-11-05 19:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-11-12 09:07 - 2014-11-05 19:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-11-12 09:07 - 2014-11-05 19:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-11-12 09:07 - 2014-11-05 19:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-11-12 09:07 - 2014-11-05 19:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-11-12 09:07 - 2014-11-05 19:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-11-12 09:07 - 2014-11-05 19:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-11-12 09:07 - 2014-11-05 19:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-11-12 09:07 - 2014-11-05 19:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-11-12 09:07 - 2014-11-05 19:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-11-12 09:07 - 2014-11-05 19:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-11-12 09:07 - 2014-11-05 19:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-11-12 09:07 - 2014-11-05 19:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-11-12 09:07 - 2014-11-05 19:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-11-12 09:07 - 2014-11-05 19:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-11-12 09:07 - 2014-11-05 19:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2014-11-12 09:07 - 2014-11-05 19:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-11-12 09:07 - 2014-11-05 19:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-11-12 09:07 - 2014-11-05 19:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-11-12 09:07 - 2014-11-05 19:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-11-12 09:07 - 2014-11-05 19:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-11-12 09:07 - 2014-11-05 19:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-11-12 09:07 - 2014-11-05 19:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-11-12 09:07 - 2014-11-05 18:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-11-12 09:07 - 2014-11-05 18:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-11-12 09:07 - 2014-11-05 18:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-11-12 09:07 - 2014-11-05 18:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-11-12 09:07 - 2014-11-05 18:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-11-12 09:07 - 2014-11-05 18:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-11-12 09:07 - 2014-11-05 18:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-11-12 09:07 - 2014-11-05 18:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2014-11-12 09:07 - 2014-11-05 18:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-11-12 09:07 - 2014-11-05 18:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-11-12 09:07 - 2014-11-05 18:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-11-12 09:07 - 2014-11-05 18:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-11-12 09:07 - 2014-11-05 18:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-11-12 09:07 - 2014-11-05 18:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-11-12 09:07 - 2014-11-05 18:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-11-12 09:07 - 2014-11-05 18:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-11-12 09:07 - 2014-11-05 18:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
    2014-11-12 09:07 - 2014-11-05 18:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-11-12 09:07 - 2014-11-05 18:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-11-12 09:07 - 2014-11-05 18:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-11-12 09:07 - 2014-11-05 17:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-11-12 09:07 - 2014-11-05 17:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-11-12 09:07 - 2014-11-05 17:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-11-12 09:07 - 2014-11-05 17:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-11-12 09:07 - 2014-10-13 18:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
    2014-11-12 09:07 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
    2014-11-12 09:07 - 2014-10-13 18:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2014-11-12 09:07 - 2014-10-13 18:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
    2014-11-12 09:07 - 2014-10-13 18:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
    2014-11-12 09:07 - 2014-10-13 17:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
    2014-11-12 09:07 - 2014-10-13 17:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
    2014-11-12 09:07 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
    2014-11-12 09:07 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
    2014-11-12 09:06 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
    2014-11-12 09:06 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
    2014-11-12 09:06 - 2014-10-17 18:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
    2014-11-12 09:06 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
    2014-11-12 09:06 - 2014-10-13 18:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
    2014-11-12 09:06 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
    2014-11-12 09:06 - 2014-10-09 16:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-11-12 09:06 - 2014-10-02 18:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
    2014-11-12 09:06 - 2014-10-02 18:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
    2014-11-12 09:06 - 2014-10-02 18:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
    2014-11-12 09:06 - 2014-10-02 18:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
    2014-11-12 09:06 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
    2014-11-12 09:06 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
    2014-11-12 09:06 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
    2014-11-12 09:06 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
    2014-11-12 09:06 - 2014-09-19 01:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2014-11-12 09:06 - 2014-09-19 01:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
    2014-11-12 09:06 - 2014-09-19 01:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
    2014-11-12 09:06 - 2014-09-19 01:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
    2014-11-12 09:06 - 2014-09-19 01:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
    2014-11-12 09:06 - 2014-09-19 01:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
    2014-11-12 09:06 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
    2014-11-12 09:06 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
    2014-11-12 09:06 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
    2014-11-12 09:06 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
    2014-11-12 09:06 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
    2014-11-12 09:06 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
    2014-11-12 09:06 - 2014-08-20 22:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
    2014-11-12 09:06 - 2014-08-20 22:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
    2014-11-12 09:06 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
    2014-11-12 09:06 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
    2014-11-12 09:06 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
    2014-11-12 09:06 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
    2014-11-10 22:51 - 2014-11-21 15:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-11-10 10:05 - 2014-11-03 14:02 - 02558792 _____ (NVIDIA Corporation) C:\windows\system32\nvsvcr.dll
    2014-11-10 10:05 - 2014-11-03 12:25 - 00615568 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvStreaming.exe
    2014-11-10 10:04 - 2014-11-03 16:04 - 31891784 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
    2014-11-10 10:04 - 2014-11-03 16:04 - 24555208 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
    2014-11-10 10:04 - 2014-11-03 16:04 - 20923712 _____ (NVIDIA Corporation) C:\windows\system32\nvcompiler.dll
    2014-11-10 10:04 - 2014-11-03 16:04 - 17259848 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcompiler.dll
    2014-11-10 10:04 - 2014-11-03 16:04 - 14031448 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
    2014-11-10 10:04 - 2014-11-03 16:04 - 13943904 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
    2014-11-10 10:04 - 2014-11-03 16:04 - 13207184 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
    2014-11-10 10:04 - 2014-11-03 16:04 - 11397208 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
    2014-11-10 10:04 - 2014-11-03 16:04 - 11335408 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
    2014-11-10 10:04 - 2014-11-03 16:04 - 04289168 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
    2014-11-10 10:04 - 2014-11-03 16:04 - 04009672 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
    2014-11-10 10:04 - 2014-11-03 16:04 - 01876296 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6434465.dll
    2014-11-10 10:04 - 2014-11-03 16:04 - 01539272 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6434465.dll
    2014-11-10 10:04 - 2014-11-03 16:04 - 00962704 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
    2014-11-10 10:04 - 2014-11-03 16:04 - 00934216 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
    2014-11-10 10:04 - 2014-11-03 16:04 - 00922256 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
    2014-11-10 10:04 - 2014-11-03 16:04 - 00898192 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
    2014-11-10 10:04 - 2014-11-03 16:04 - 00870624 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvumdshim.dll
    2014-11-10 10:04 - 2014-11-03 16:04 - 00501064 _____ (NVIDIA Corporation) C:\windows\system32\nvEncodeAPI64.dll
    2014-11-10 10:04 - 2014-11-03 16:04 - 00417096 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvEncodeAPI.dll
    2014-11-10 10:04 - 2014-11-03 16:04 - 00391824 _____ (NVIDIA Corporation) C:\windows\system32\NvIFROpenGL.dll
    2014-11-10 10:04 - 2014-11-03 16:04 - 00352016 _____ (NVIDIA Corporation) C:\windows\system32\nvoglshim64.dll
    2014-11-10 10:04 - 2014-11-03 16:04 - 00349504 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFROpenGL.dll
    2014-11-10 10:04 - 2014-11-03 16:04 - 00303600 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglshim32.dll
    2014-11-10 10:04 - 2014-11-03 16:04 - 00174856 _____ (NVIDIA Corporation) C:\windows\system32\nvinitx.dll
    2014-11-10 10:04 - 2014-11-03 16:04 - 00156840 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvinit.dll
    2014-11-10 09:46 - 2014-10-03 11:23 - 00038216 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvvad64v.sys
    2014-11-10 09:46 - 2014-10-03 11:23 - 00032584 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvaudcap32v.dll
    2014-11-10 09:46 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_43.dll
    2014-11-10 09:46 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_43.dll
    2014-11-10 09:46 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_43.dll
    2014-11-10 09:46 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_43.dll
    2014-11-10 09:46 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_43.dll
    2014-11-10 09:46 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_43.dll
    2014-11-08 20:03 - 2014-11-08 20:03 - 00000000 ____D () C:\Users\aworkofmarc2\AppData\Local\Metability_Software
    2014-11-08 20:02 - 2014-11-08 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metability Software
    2014-11-08 20:02 - 2014-11-08 20:02 - 00000000 ____D () C:\Program Files (x86)\Metability Software
    2014-11-08 16:47 - 2014-11-08 16:47 - 00000132 _____ () C:\Users\aworkofmarc2\AppData\Roaming\Adobe BMP Format CS6 Prefs
    2014-11-06 07:53 - 2014-11-06 07:55 - 00000000 ____D () C:\Users\aworkofmarc2\AppData\Roaming\Alien Skin
    2014-11-05 14:01 - 2014-11-06 07:54 - 00000000 ____D () C:\ProgramData\Alien Skin
    2014-11-05 14:00 - 2014-11-06 07:53 - 00000000 ____D () C:\Users\aworkofmarc2\AppData\Local\Alien Skin
    2014-11-05 09:26 - 2014-11-05 09:28 - 00002900 _____ () C:\windows\system32\lic2.xml7725
    2014-11-03 11:57 - 2014-11-03 12:31 - 00001022 _____ () C:\signature.html
    2014-11-02 08:26 - 2014-11-02 08:28 - 00002900 _____ () C:\windows\system32\lic2.xml31658
    2014-10-31 20:09 - 2014-10-31 20:09 - 00001456 _____ () C:\Users\aworkofmarc2\AppData\Local\Adobe Save for Web 13.0 Prefs
    2014-10-31 15:59 - 2014-10-31 16:28 - 00000000 ____D () C:\Users\aworkofmarc2\Documents\DxO ViewPoint 2
    2014-10-31 15:59 - 2014-10-31 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DxO ViewPoint 2
    2014-10-31 15:56 - 2014-11-15 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DxO OpticsPro 10
    2014-10-31 07:05 - 2014-10-31 07:06 - 00002900 _____ () C:\windows\system32\lic2.xml18706
    2014-10-29 22:05 - 2014-10-29 22:05 - 00000000 ____D () C:\Users\aworkofmarc2\Documents\Bluetooth Folder

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-27 22:18 - 2009-07-13 21:13 - 00781790 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-11-27 22:15 - 2014-09-10 20:32 - 01453664 _____ () C:\windows\WindowsUpdate.log
    2014-11-27 22:14 - 2009-07-13 20:45 - 00021696 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-27 22:14 - 2009-07-13 20:45 - 00021696 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-27 22:13 - 2014-09-10 21:22 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-11-27 22:13 - 2014-09-03 12:24 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-27 22:12 - 2014-09-03 13:28 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-11-27 22:12 - 2009-07-13 21:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-11-26 23:31 - 2014-09-11 09:55 - 00000000 ____D () C:\Users\aworkofmarc2\AppData\Roaming\FileZilla
    2014-11-26 13:25 - 2014-09-14 20:01 - 00000000 ____D () C:\Users\aworkofmarc2\AppData\Local\Windows Live
    2014-11-25 23:12 - 2014-09-15 16:33 - 00000000 ____D () C:\Users\aworkofmarc2\AppData\Local\CrashDumps
    2014-11-25 00:17 - 2014-09-11 07:56 - 00000000 ____D () C:\Program Files\Adobe
    2014-11-24 08:37 - 2014-09-03 12:24 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-24 08:36 - 2014-09-11 07:07 - 00000000 ____D () C:\Users\aworkofmarc2\AppData\Local\Adobe
    2014-11-21 21:49 - 2014-10-01 19:01 - 00000000 ____D () C:\Users\aworkofmarc2\AppData\Local\Wacom Help
    2014-11-21 21:49 - 2014-09-14 14:37 - 00000000 ____D () C:\Program Files\Tablet
    2014-11-21 16:03 - 2014-09-15 13:28 - 00000132 _____ () C:\Users\aworkofmarc2\AppData\Roaming\Adobe PNG Format CS6 Prefs
    2014-11-21 15:48 - 2014-10-07 13:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-11-21 15:48 - 2014-09-23 16:43 - 00000000 ____D () C:\Program Files (x86)\Free Hide Folder
    2014-11-21 15:48 - 2014-09-20 11:47 - 00000000 ____D () C:\Program Files\pia_manager
    2014-11-21 15:48 - 2014-09-19 21:30 - 00000000 ____D () C:\Program Files\BOXPN Client Win7
    2014-11-21 15:48 - 2014-09-16 22:25 - 00000000 ____D () C:\Program Files (x86)\QuickTime
    2014-11-21 15:48 - 2014-09-16 11:53 - 00000000 ____D () C:\Program Files (x86)\Alien Skin
    2014-11-21 15:48 - 2014-09-15 16:30 - 00000000 __HDC () C:\ProgramData\{E3119013-3906-4E62-8407-060230D405CD}
    2014-11-21 15:48 - 2014-09-15 16:29 - 00000000 __HDC () C:\ProgramData\{D9E0EE67-1483-4783-8326-7E411B3B012D}
    2014-11-21 15:48 - 2014-09-15 16:29 - 00000000 __HDC () C:\ProgramData\{9DE75BC9-6CF5-4972-8A4E-86BAAD477DC6}
    2014-11-21 15:48 - 2014-09-15 16:29 - 00000000 __HDC () C:\ProgramData\{8265C354-3D13-4FE5-95C7-65F277FF3041}
    2014-11-21 15:48 - 2014-09-15 16:29 - 00000000 ____D () C:\Program Files\Common Files\Topaz Labs
    2014-11-21 15:48 - 2014-09-15 09:11 - 00000000 ____D () C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform
    2014-11-21 15:48 - 2014-09-14 16:24 - 00000000 ____D () C:\Program Files\WinRAR
    2014-11-21 15:48 - 2014-09-14 14:37 - 00000000 ____D () C:\Program Files\TabletPlugins
    2014-11-21 15:48 - 2014-09-14 14:37 - 00000000 ____D () C:\Program Files (x86)\TabletPlugins
    2014-11-21 15:48 - 2014-09-12 15:45 - 00000000 ____D () C:\Program Files\Defraggler
    2014-11-21 15:48 - 2014-09-12 15:40 - 00000000 ____D () C:\Program Files\CCleaner
    2014-11-21 15:48 - 2014-09-11 16:31 - 00000000 ____D () C:\Program Files (x86)\NetworkIndicator
    2014-11-21 15:48 - 2014-09-11 09:55 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
    2014-11-21 15:48 - 2014-09-10 21:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-11-21 15:48 - 2014-09-10 20:36 - 00000000 ____D () C:\Users\aworkofmarc2
    2014-11-21 15:48 - 2014-09-03 12:38 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
    2014-11-21 15:48 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
    2014-11-21 15:48 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Portable Devices
    2014-11-21 15:48 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
    2014-11-21 15:48 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Defender
    2014-11-21 15:48 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\DVD Maker
    2014-11-21 15:48 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2014-11-21 15:48 - 2009-07-13 21:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
    2014-11-21 15:48 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\SysWOW64\com
    2014-11-21 15:48 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\system32\Setup
    2014-11-21 15:48 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\system32\com
    2014-11-21 15:48 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\system32\AdvancedInstallers
    2014-11-21 15:48 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\servicing
    2014-11-21 15:48 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\registration
    2014-11-21 10:34 - 2014-09-03 13:29 - 00000000 ____D () C:\windows\Chipset
    2014-11-21 10:22 - 2014-09-16 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FontLab
    2014-11-21 10:22 - 2014-09-16 14:23 - 00000000 ____D () C:\Program Files (x86)\FontLab
    2014-11-19 21:40 - 2014-09-17 09:36 - 00000000 ____D () C:\windows\system32\appmgmt
    2014-11-19 21:40 - 2014-09-14 18:44 - 00000000 ____D () C:\ProgramData\DxO Labs
    2014-11-19 21:40 - 2014-09-14 18:44 - 00000000 ____D () C:\Program Files\DxO Labs
    2014-11-19 21:38 - 2014-09-11 07:56 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2014-11-13 03:56 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\rescache
    2014-11-13 03:03 - 2014-09-15 09:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-11-13 03:02 - 2013-08-26 08:37 - 00000000 ____D () C:\windows\system32\MRT
    2014-11-13 03:00 - 2013-08-26 08:37 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-11-12 19:35 - 2014-09-03 12:24 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-11-12 19:34 - 2014-09-11 06:57 - 00000000 ____D () C:\Users\aworkofmarc2\AppData\Local\Google
    2014-11-10 10:05 - 2014-09-03 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2014-11-10 10:05 - 2014-09-03 13:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
    2014-11-06 16:06 - 2014-09-15 16:39 - 00000000 ____D () C:\Users\aworkofmarc2\.android
    2014-11-06 14:46 - 2014-10-06 16:48 - 00003186 _____ () C:\windows\System32\Tasks\Private Internet Access Startup
    2014-11-06 14:46 - 2014-10-06 16:48 - 00000000 ____D () C:\Users\aworkofmarc2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
    2014-11-06 09:06 - 2014-09-03 13:28 - 02800296 _____ (NVIDIA Corporation) C:\windows\system32\nvspcap64.dll
    2014-11-06 09:06 - 2014-09-03 13:28 - 02197680 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspcap.dll
    2014-11-06 09:06 - 2014-09-03 13:28 - 01715224 _____ (NVIDIA Corporation) C:\windows\system32\nvspbridge64.dll
    2014-11-06 09:06 - 2014-09-03 13:28 - 01291280 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspbridge.dll
    2014-11-04 17:25 - 2014-09-11 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
    2014-11-04 14:30 - 2010-11-20 19:27 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
    2014-11-03 16:04 - 2014-09-03 13:28 - 00073872 _____ (Khronos Group) C:\windows\system32\OpenCL.dll
    2014-11-03 16:04 - 2014-09-03 13:28 - 00059592 _____ (Khronos Group) C:\windows\SysWOW64\OpenCL.dll
    2014-11-03 16:04 - 2014-09-03 13:27 - 20985544 _____ (NVIDIA Corporation) C:\windows\system32\nvwgf2umx.dll
    2014-11-03 16:04 - 2014-09-03 13:27 - 19966344 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll
    2014-11-03 16:04 - 2014-09-03 13:27 - 18514080 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvwgf2um.dll
    2014-11-03 16:04 - 2014-09-03 13:27 - 16884632 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvd3dum.dll
    2014-11-03 16:04 - 2014-09-03 13:27 - 03238040 _____ (NVIDIA Corporation) C:\windows\system32\nvapi64.dll
    2014-11-03 16:04 - 2014-09-03 13:27 - 02849736 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvapi.dll
    2014-11-03 16:04 - 2014-09-03 13:27 - 00987520 _____ (NVIDIA Corporation) C:\windows\system32\nvumdshimx.dll
    2014-11-03 16:04 - 2014-09-03 13:27 - 00027094 _____ () C:\windows\system32\nvinfo.pb
    2014-11-03 14:02 - 2014-09-03 13:28 - 06882448 _____ (NVIDIA Corporation) C:\windows\system32\nvcpl.dll
    2014-11-03 14:02 - 2014-09-03 13:28 - 03531464 _____ (NVIDIA Corporation) C:\windows\system32\nvsvc64.dll
    2014-11-03 14:02 - 2014-09-03 13:28 - 00935232 _____ (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
    2014-11-03 14:02 - 2014-09-03 13:28 - 00385352 _____ (NVIDIA Corporation) C:\windows\system32\nvmctray.dll
    2014-11-03 14:02 - 2014-09-03 13:28 - 00061640 _____ (NVIDIA Corporation) C:\windows\system32\nvshext.dll
    2014-11-03 03:58 - 2014-09-03 13:28 - 04099264 _____ () C:\windows\system32\nvcoproc.bin
    2014-11-01 07:50 - 2009-07-13 21:32 - 00000000 ____D () C:\windows\system32\FxsTmp
    2014-11-01 07:49 - 2014-09-14 19:30 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-11-01 07:49 - 2014-09-14 19:30 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-10-31 15:59 - 2014-09-14 18:44 - 00000000 ____D () C:\Users\aworkofmarc2\AppData\Local\DxO_Labs
    2014-10-31 15:58 - 2014-09-14 18:54 - 00000000 ____D () C:\Users\aworkofmarc2\AppData\Roaming\DxO Labs
    2014-10-31 15:58 - 2014-09-11 21:22 - 00000000 ____D () C:\Users\aworkofmarc2\AppData\Local\Downloaded Installations

    Some content of TEMP:
    ====================
    C:\Users\aworkofmarc2\AppData\Local\Temp\4w4Xufm4lT.exe
    C:\Users\aworkofmarc2\AppData\Local\Temp\7rUvdII7y4.exe
    C:\Users\aworkofmarc2\AppData\Local\Temp\ao5d7Y4R96.exe
    C:\Users\aworkofmarc2\AppData\Local\Temp\BgDjdDKAje.exe
    C:\Users\aworkofmarc2\AppData\Local\Temp\bJa7x4qIwh.exe
    C:\Users\aworkofmarc2\AppData\Local\Temp\bPoDhgxWK2.exe
    C:\Users\aworkofmarc2\AppData\Local\Temp\ddD8sk2BsI.exe
    C:\Users\aworkofmarc2\AppData\Local\Temp\EMMz04BaGT.exe
    C:\Users\aworkofmarc2\AppData\Local\Temp\GoForFiles2SteQt9oht.exe
    C:\Users\aworkofmarc2\AppData\Local\Temp\GoForFilesaerpllilhx.exe
    C:\Users\aworkofmarc2\AppData\Local\Temp\GoForFilesCoyWFxGJ84.exe
    C:\Users\aworkofmarc2\AppData\Local\Temp\GoForFileskKtp27CJdM.exe
    C:\Users\aworkofmarc2\AppData\Local\Temp\GoForFilesMjOnZDLAOc.exe
    C:\Users\aworkofmarc2\AppData\Local\Temp\GoForFilesohlGbyB1Mb.exe
    C:\Users\aworkofmarc2\AppData\Local\Temp\GoForFilesoZURPa2qOV.exe
    C:\Users\aworkofmarc2\AppData\Local\Temp\GoForFilesS6H3PhDDeR.exe
    C:\Users\aworkofmarc2\AppData\Local\Temp\GoForFilesSH8rWzuIyq.exe
    C:\Users\aworkofmarc2\AppData\Local\Temp\GoForFilesT7vE38ElL0.exe
    C:\Users\aworkofmarc2\AppData\Local\Temp\GoForFilesy7R6X7HKww.exe
    C:\Users\aworkofmarc2\AppData\Local\Temp\GoForFilesZcr6ZoRhzU.exe
    C:\Users\aworkofmarc2\AppData\Local\Temp\IY7vvb0dJs.exe
    C:\Users\aworkofmarc2\AppData\Local\Temp\MzIpzrUxtS.exe
    C:\Users\aworkofmarc2\AppData\Local\Temp\Quarantine.exe
    C:\Users\aworkofmarc2\AppData\Local\Temp\Qvyb9w3TJ0.exe
    C:\Users\aworkofmarc2\AppData\Local\Temp\sdg5C89.exe
    C:\Users\aworkofmarc2\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-11-25 15:02

    ==================== End Of Log ============================

     

    FRST SCAN ADDITION.TXT SCAN BELOW:
     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
    Ran by aworkofmarc2 at 2014-11-27 22:19:28
    Running from D:\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be

    uninstalled manually.)

    Acrok MTS Converter Ver 2.5.15.416 (HKLM-x32\...\{06A87D1F-B9B1-4CB5-8FAA-DB6DC8501548}_is1) (Version:  - )
    Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.12 - Adobe

    Systems)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.0.447 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
    Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
    Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems

    Incorporated)
    Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
    Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
    Alien Skin Eye Candy 6 (HKLM\...\Alien Skin Eye Candy 6) (Version:  - Alien Skin Software)
    Alien Skin Xenofex 2 (HKLM\...\Alien Skin Xenofex 2) (Version:  - Alien Skin Software)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia

    Technology)
    Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia

    Technology)
    ASUS Product Register Program (HKLM-x32\...\{49BE9B8A-E858-4533-A74A-64306C13DB59}) (Version: 1.0.014 - ASUS)
    Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
    bl (x32 Version: 1.0.0 - Your Company Name) Hidden
    Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
    Canon PRO-100 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_PRO-100_series) (Version:  - Canon Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Data Import Utility (HKLM-x32\...\{98E62842-1524-4C30-9E60-1545CDD810A4}) (Version: 2.00.005 - PIXELA)
    Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
    Dell Display Manager (HKLM-x32\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version:  - EnTech Taiwan)
    DxO OpticsPro 10 (HKLM\...\{C2E56E0E-EDCA-4AB0-954C-0DAD561BDFCF}) (Version: 10.0.0 - DxO Labs)
    DxO OpticsPro 10 plug-in for Adobe Lightroom (HKLM-x32\...\{79C97462-1598-48CD-B597-8B3C3C5A20B8}) (Version: 1.0.23 - DxO Labs)
    DxO ViewPoint 2 (HKLM\...\{5602DC38-848F-42BD-B764-4BE48E9E7623}) (Version: 2.5.19.0 - DxO Labs)
    FileMind QuickFix (HKLM-x32\...\{92789900-80D0-4B61-B742-7897964A69AB}_is1) (Version: Build 4184 - Metability Software)
    FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
    Free Hide Folder (HKLM-x32\...\Free Hide Folder) (Version:  - )
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel

    Corporation)
    Intel® Network Connections 17.2.154.0 (HKLM\...\PROSetDX) (Version: 17.2.154.0 - Intel)
    Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes

    Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft

    Corporation)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft

    Corporation)
    Microsoft Camera Codec Pack (HKLM\...\{D553E8CC-5C56-4B06-AC1A-A443DFF31092}) (Version: 6.3.9723.0 - Microsoft Corporation)
    Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 -

    Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft

    Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft

    Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft

    Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version:

    9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version:

    9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version:

    9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version:

    9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219

    - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version:

    10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version:

    11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version:

    11.0.61030.0 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    Network Activity Indicator for Windows 7 (HKLM-x32\...\NetworkIndicator_is1) (Version: 1.5 - IT Samples)
    Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.8 - Google)
    NVIDIA 3D Vision Controller Driver 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.65 -

    NVIDIA Corporation)
    NVIDIA 3D Vision Driver 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.65 - NVIDIA

    Corporation)
    NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA

    Corporation)
    NVIDIA Graphics Driver 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.65 - NVIDIA

    Corporation)
    NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA

    Corporation)
    NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA

    Corporation)
    PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    ph (x32 Version: 1.0.0 - Your Company Name) Hidden
    Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet

    Access)
    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek

    Semiconductor Corp.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}

    _Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
    Spyder4Elite (HKLM-x32\...\Spyder4Elite) (Version:  - )
    Topaz Adjust 4 (64-bit) (HKLM-x32\...\Topaz Adjust 4 (64-bit)) (Version: 4.1.0 - Topaz Labs)
    Topaz Adjust 4 (64-bit) (Version: 4.1.0 - Topaz Labs) Hidden
    Topaz Adjust 4 (HKLM-x32\...\Topaz Adjust 4) (Version: 4.1.0 - Topaz Labs)
    Topaz Adjust 4 (x32 Version: 4.1.0 - Topaz Labs) Hidden
    Topaz DeNoise 5 (64-bit) (HKLM-x32\...\Topaz DeNoise 5 (64-bit)) (Version: 5.0.1 - Topaz Labs)
    Topaz DeNoise 5 (64-bit) (Version: 5.0.1 - Topaz Labs) Hidden
    Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.0.1 - Topaz Labs)
    Topaz DeNoise 5 (x32 Version: 5.0.1 - Topaz Labs) Hidden
    TransType Pro (HKLM-x32\...\{762EBEC5-7ADC-48DC-ADDE-882616730050}) (Version: 3.0 - FontLab)
    Trapcode Suite 64-bit (HKLM-x32\...\InstallShield_{9528F9CB-29E3-4E33-8BAA-181B336E24F8}) (Version: 12.1.1 - Red Giant)
    Trapcode Suite 64-bit (Version: 12.1.1 - Red Giant) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.9w3 - Wacom Technology Corp.)
    WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom

    Technology Corp.)
    WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology

    Corp.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
    WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points  =========================

    10-11-2014 17:46:18 Installed DirectX
    11-11-2014 17:13:04 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
    11-11-2014 17:13:10 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
    11-11-2014 17:14:02 Windows Update
    13-11-2014 11:00:25 Windows Update
    13-11-2014 17:12:26 Windows Update
    15-11-2014 23:59:19 Installed DxO OpticsPro 10
    16-11-2014 00:02:11 Removed DxO OpticsPro 10 plug-in for Adobe Lightroom
    16-11-2014 00:02:17 Installed DxO OpticsPro 10 plug-in for Adobe Lightroom
    20-11-2014 05:39:23 Removed Citrix Online Launcher
    20-11-2014 05:40:02 Removed DxO Optics Pro 9
    20-11-2014 05:40:11 Removed DxO Optics Pro 9 plug-in for Adobe Lightroom
    20-11-2014 05:42:53 11/19/2014  - prior to registry cleaning
    21-11-2014 19:02:20 Checkpoint by HitmanPro
    21-11-2014 19:02:54 Checkpoint by HitmanPro
    21-11-2014 23:47:03 Restore Operation
    24-11-2014 07:03:19 Windows Update
    25-11-2014 08:16:52 Installed Adobe Photoshop Lightroom 5.7 64-bit.

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be

    moved.)

    Task: {01081DBE-093F-4292-9DD1-D9D3A365F9A4} - System32\Tasks\GoForFiles Installer Starter => C:\Users\aworkofmarc2\AppData\Local

    \Temp\GoForFilesoZURPa2qOV.exe [2014-11-21] (http://goforfiles.com) <==== ATTENTION
    Task: {03F2D490-9DA1-41B5-915A-7D71DBB680A3} - System32\Tasks\GoogleUpdateTaskMachineCore1cffef23f5f01bc => C:\Program Files

    (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
    Task: {15F67D9E-335E-4FE8-A4A2-8E46FD9D734D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-

    21] (Piriform Ltd)
    Task: {20E7FC7B-23C2-41F2-B53E-AD4A9470D5FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update

    \GoogleUpdate.exe [2014-10-20] (Google Inc.)
    Task: {3BA18F53-14F4-4A3F-884D-0959CEC54443} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update

    \GoogleUpdate.exe [2014-10-20] (Google Inc.)
    Task: {809ED7CF-809B-4EA4-88BF-01FB32F44E53} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager

    \pia_manager.exe [2014-11-06] ()
    Task: {9E01F7C5-05D0-4A95-A9E3-29B9ED0097A3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start

    osppsvc
    Task: {E4F51A47-ADB9-4AA6-B060-F19445269F70} - System32\Tasks\GoogleUpdateTaskMachineUA1cffef2401fbc7e => C:\Program Files

    (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
    Task: {E90042F0-FDBB-434B-8471-92D9CFB57322} - System32\Tasks\AdobeAAMUpdater-1.0-aworkofmarc2-PC-aworkofmarc2 => C:\Program Files

    (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1cffef23f5f01bc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1cffef2401fbc7e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-09-10 21:35 - 2013-03-19 11:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
    2014-09-10 21:35 - 2013-09-03 13:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
    2014-09-03 13:28 - 2014-11-03 14:02 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2014-09-26 13:41 - 2014-09-26 13:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension

    \CoreSync_x64.dll
    2014-05-01 11:29 - 2014-05-01 11:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
    2014-09-14 14:37 - 2014-08-14 09:41 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
    2014-10-06 16:48 - 2014-11-06 14:46 - 08817658 _____ () C:\Program Files\pia_manager\pia_manager.exe
    2014-10-06 16:48 - 2014-11-06 14:46 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
    2014-10-06 16:48 - 2014-11-06 14:46 - 00690176 _____ () C:\Program Files\pia_manager\openvpn.exe
    2014-10-06 16:48 - 2014-11-06 14:46 - 00190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
    2014-10-06 16:48 - 2014-11-06 14:46 - 00108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
    2014-10-27 17:37 - 2014-10-27 17:37 - 00054272 _____ () C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Plug-ins\DxO ViewPoint

    2\PhotoshopPlugin-automation64dvpv2.8li
    2011-08-09 15:06 - 2012-02-07 13:59 - 00139264 _____ () C:\Program Files (x86)\Datacolor\Spyder4Elite\Utility\SpyderUtility Libs

    \Appearance Pak.dll
    2011-08-09 15:06 - 2012-02-07 13:59 - 00151552 _____ () C:\Program Files (x86)\Datacolor\Spyder4Elite\Utility\SpyderUtility Libs

    \RegEx.dll
    2011-08-09 15:06 - 2012-02-07 13:59 - 12977947 _____ () C:\Program Files (x86)\Datacolor\Spyder4Elite\Utility\SpyderUtility Libs

    \RBScript.dll
    2011-08-09 15:06 - 2012-02-07 13:59 - 00098304 _____ () C:\Program Files (x86)\Datacolor\Spyder4Elite\Utility\SpyderUtility Libs

    \Shell.dll
    2011-08-09 15:06 - 2012-02-07 13:59 - 00761856 _____ () C:\Program Files (x86)\Datacolor\Spyder4Elite\Utility\SpyderUtility Libs

    \XML.dll
    2011-08-09 15:06 - 2012-02-07 13:59 - 00274432 _____ () C:\Program Files (x86)\Datacolor\Spyder4Elite\Utility\SpyderUtility Libs

    \CGamma.dll
    2011-08-09 15:06 - 2012-02-07 13:59 - 00086016 _____ () C:\Program Files (x86)\Datacolor\Spyder4Elite\Utility\SpyderUtility Libs

    \CSensor.dll
    2011-09-22 14:22 - 2012-02-07 13:59 - 00039936 _____ () C:\Program Files (x86)\Datacolor\Spyder4Elite\Utility\SpyderUtility Libs

    \MBSRegistrationPlugin16724.dll
    2011-09-22 14:22 - 2012-02-07 13:59 - 00025600 _____ () C:\Program Files (x86)\Datacolor\Spyder4Elite\Utility\SpyderUtility Libs

    \MBSPluginVersionPlugin16724.dll
    2014-11-27 22:13 - 2014-11-27 22:13 - 00012800 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrDF65.tmp\lib\ruby\1.9.1\i386-

    mingw32\enc\encdb.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00009728 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrDF65.tmp\lib\ruby\1.9.1\i386-

    mingw32\enc\iso_8859_1.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00014848 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrDF65.tmp\lib\ruby\1.9.1\i386-

    mingw32\enc\trans\transdb.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00094208 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrDF65.tmp\src\rgloader

    \rgloader193.mswin.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00009216 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrDF65.tmp\lib\ruby\1.9.1\i386-

    mingw32\etc.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00094208 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrDF65.tmp\lib\ruby\site_ruby

    \1.9.1\rgloader\rgloader193.mswin.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00126976 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrDF65.tmp\lib\ruby\1.9.1\i386-

    mingw32\win32ole.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00087552 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrDF65.tmp\lib\ruby\1.9.1\i386-

    mingw32\dl.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00016384 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrDF65.tmp\lib\ruby\1.9.1\i386-

    mingw32\fiddle.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00127316 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrDF65.tmp\bin\libffi-6.dll
    2014-11-27 22:13 - 2014-11-27 22:13 - 00008704 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrDF65.tmp\lib\ruby\1.9.1\i386-

    mingw32\enc\utf_16le.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00013312 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrDF65.tmp\lib\ruby\1.9.1\i386-

    mingw32\enc\trans\utf_16_32.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00095744 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrDF65.tmp\lib\ruby\1.9.1\i386-

    mingw32\enc\trans\single_byte.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00026624 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrDF65.tmp\lib\ruby\gems

    \1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00012800 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrE906.tmp\lib\ruby\1.9.1\i386-

    mingw32\enc\encdb.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00009728 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrE906.tmp\lib\ruby\1.9.1\i386-

    mingw32\enc\iso_8859_1.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00014848 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrE906.tmp\lib\ruby\1.9.1\i386-

    mingw32\enc\trans\transdb.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00094208 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrE906.tmp\src\rgloader

    \rgloader193.mswin.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00094208 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrE906.tmp\lib\ruby\site_ruby

    \1.9.1\rgloader\rgloader193.mswin.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00118784 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrE906.tmp\lib\ruby\1.9.1\i386-

    mingw32\socket.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00069120 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrE906.tmp\lib\ruby\1.9.1\i386-

    mingw32\zlib.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00083968 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrE906.tmp\bin\zlib1.dll
    2014-11-27 22:13 - 2014-11-27 22:13 - 00026624 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrE906.tmp\lib\ruby\1.9.1\i386-

    mingw32\stringio.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00275968 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrE906.tmp\lib\ruby\1.9.1\i386-

    mingw32\openssl.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00015360 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrE906.tmp\lib\ruby\1.9.1\i386-

    mingw32\digest.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00008192 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrE906.tmp\lib\ruby\1.9.1\i386-

    mingw32\fcntl.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00009216 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrE906.tmp\lib\ruby\1.9.1\i386-

    mingw32\etc.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00023552 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrE906.tmp\lib\ruby\1.9.1\i386-

    mingw32\json\ext\parser.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00008704 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrE906.tmp\lib\ruby\1.9.1\i386-

    mingw32\enc\utf_16be.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00008704 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrE906.tmp\lib\ruby\1.9.1\i386-

    mingw32\enc\utf_16le.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00008704 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrE906.tmp\lib\ruby\1.9.1\i386-

    mingw32\enc\utf_32be.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00008704 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrE906.tmp\lib\ruby\1.9.1\i386-

    mingw32\enc\utf_32le.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00036352 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrE906.tmp\lib\ruby\1.9.1\i386-

    mingw32\json\ext\generator.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00126976 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrE906.tmp\lib\ruby\1.9.1\i386-

    mingw32\win32ole.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00087552 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrE906.tmp\lib\ruby\1.9.1\i386-

    mingw32\dl.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00016384 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrE906.tmp\lib\ruby\1.9.1\i386-

    mingw32\fiddle.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00127316 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrE906.tmp\bin\libffi-6.dll
    2014-11-27 22:13 - 2014-11-27 22:13 - 00013312 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrE906.tmp\lib\ruby\1.9.1\i386-

    mingw32\enc\trans\utf_16_32.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00095744 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrE906.tmp\lib\ruby\1.9.1\i386-

    mingw32\enc\trans\single_byte.so
    2014-11-27 22:13 - 2014-11-27 22:13 - 00026624 _____ () C:\Users\aworkofmarc2\AppData\Local\Temp\ocrE906.tmp\lib\ruby\gems

    \1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
    2014-10-06 16:48 - 2014-11-06 14:46 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
    2014-10-06 16:48 - 2014-11-06 14:46 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
    2014-10-06 16:48 - 2014-11-06 14:46 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
    2014-10-06 16:48 - 2014-11-06 14:46 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
    2014-10-06 16:48 - 2014-11-06 14:46 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
    2014-10-06 16:48 - 2014-11-06 14:46 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d

    \tiappmodule.dll
    2014-10-06 16:48 - 2014-11-06 14:46 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
    2014-10-06 16:48 - 2014-11-06 14:46 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
    2014-10-06 16:48 - 2014-11-06 14:46 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d

    \tifilesystemmodule.dll
    2014-10-06 16:48 - 2014-11-06 14:46 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d

    \tiuimodule.dll
    2014-10-06 16:48 - 2014-11-06 14:46 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d

    \tinetworkmodule.dll
    2014-10-06 16:48 - 2014-11-06 14:46 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
    2014-10-06 16:48 - 2014-11-06 14:46 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d

    \tiprocessmodule.dll
    2012-03-09 15:26 - 2013-04-25 02:50 - 00108128 _____ () C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\zlib1.dll
    2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures

    \office.odf
    2014-11-10 22:51 - 2014-11-10 22:51 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Windows:nlsPreferences
    AlternateDataStreams: C:\Users\aworkofmarc2\AppData\Local\Temp:BdHxCHiyIYhqQN8QacRp
    AlternateDataStreams: C:\Users\aworkofmarc2\AppData\Local\Temp:CWbKyD4uUPqJjHe2j8OPYO
    AlternateDataStreams: C:\Users\aworkofmarc2\AppData\Local\Temporary Internet Files:LTU7Frp7dTOyNh8n3Hud

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3057180045-2085749164-1676399383-500 - Administrator - Disabled)
    aworkofmarc2 (S-1-5-21-3057180045-2085749164-1676399383-1000 - Administrator - Enabled) => C:\Users\aworkofmarc2
    Guest (S-1-5-21-3057180045-2085749164-1676399383-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3057180045-2085749164-1676399383-1002 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/27/2014 10:15:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program firefox.exe version 33.1.0.5423 stopped interacting with Windows and was closed. To see if more

    information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1b00

    Start Time: 01d00ad2b055be98

    Termination Time: 18

    Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    Report Id: f859bf36-76c5-11e4-a3ed-0026833b5bd7

    Error: (11/27/2014 10:14:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND

    TargetInstance.LoadPercentage > 990x80041003

    Error: (11/25/2014 03:04:18 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-

    controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\windows\WinSxS

    \manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:

    \windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-

    controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-

    controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error: (11/24/2014 00:07:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND

    TargetInstance.LoadPercentage > 990x80041003

    Error: (11/23/2014 11:01:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND

    TargetInstance.LoadPercentage > 990x80041003

    Error: (11/23/2014 05:51:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND

    TargetInstance.LoadPercentage > 990x80041003

    Error: (11/23/2014 00:29:44 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-

    controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\windows\WinSxS

    \manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:

    \windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-

    controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-

    controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error: (11/21/2014 09:53:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND

    TargetInstance.LoadPercentage > 990x80041003

    Error: (11/21/2014 06:24:21 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-

    controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\windows\WinSxS

    \manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:

    \windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-

    controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-

    controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error: (11/21/2014 03:51:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND

    TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (11/25/2014 08:37:02 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.

    Error: (11/21/2014 03:30:55 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


    Microsoft Office Sessions:
    =========================
    Error: (11/27/2014 10:15:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: firefox.exe33.1.0.54231b0001d00ad2b055be9818C:\Program Files (x86)\Mozilla Firefox\firefox.exef859bf36-76c5-11e4-

    a3ed-0026833b5bd7

    Error: (11/27/2014 10:14:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND

    TargetInstance.LoadPercentage > 990x80041003

    Error: (11/25/2014 03:04:18 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-

    controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-

    controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils

    \Creative Cloud Uninstaller.exe

    Error: (11/24/2014 00:07:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND

    TargetInstance.LoadPercentage > 990x80041003

    Error: (11/23/2014 11:01:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND

    TargetInstance.LoadPercentage > 990x80041003

    Error: (11/23/2014 05:51:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND

    TargetInstance.LoadPercentage > 990x80041003

    Error: (11/23/2014 00:29:44 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-

    controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-

    controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils

    \Creative Cloud Uninstaller.exe

    Error: (11/21/2014 09:53:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND

    TargetInstance.LoadPercentage > 990x80041003

    Error: (11/21/2014 06:24:21 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-

    controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-

    controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils

    \Creative Cloud Uninstaller.exe

    Error: (11/21/2014 03:51:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND

    TargetInstance.LoadPercentage > 990x80041003


    ==================== Memory info ===========================

    Processor: Intel® Core™ i7-4930K CPU @ 3.40GHz
    Percentage of memory in use: 13%
    Total physical RAM: 32706.46 MB
    Available physical RAM: 28197.66 MB
    Total Pagefile: 65411.11 MB
    Available Pagefile: 58752.98 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.8 MB

    ==================== Drives ================================

    Drive c: (OSDisk) (Fixed) (Total:465.27 GB) (Free:326.35 GB) NTFS
    Drive d: (Aworkofmarc DATA) (Fixed) (Total:1862.89 GB) (Free:1578.46 GB) NTFS
    Drive i: (Lexar) (Removable) (Total:59.61 GB) (Free:31.23 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FC12E63F)
    Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 3 (MBR Code: Windows XP) (Size: 59.6 GB) (Disk ID: C3072E18)
    Partition 1: (Not Active) - (Size=59.6 GB) - (Type=0C)

    ==================== End Of Log ============================

     

    Also --here is a screen shot of the Task Manager again -- this time with a picture of the Go For Files start up screen next to it that starts automatically with Windows... that when I click close it opens a browser window to the "Purchase Music Files" gotforfiles_bastard.jpg


    Edited by IdesofMarc, 28 November 2014 - 01:30 AM.


    #8 nasdaq

    nasdaq

    • Malware Response Team
    • 40,736 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:10:39 PM

    Posted 28 November 2014 - 09:17 AM

    Run this tool to clean your Temporary files/Folders.

    Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program.
    • TFC will close all open programs itself in order to run.
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted, it should not take long to finish.
    • Once it's finished, click OK to reboot.
    • If it does not reboot, reboot your system manually.
    ===

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
    start
    
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-3057180045-2085749164-1676399383-1000\...\Run: [AdobeBridge] => [X]
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF SearchPlugin: C:\Users\aworkofmarc2\AppData\Roaming\Mozilla\Firefox\Profiles\lnxhir2b.default\searchplugins\duckduckgo.xml
    FF Extension: DuckDuckGo Plus - C:\Users\aworkofmarc2\AppData\Roaming\Mozilla\Firefox\Profiles\lnxhir2b.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-10-07]
    CHR Extension: (Google Wallet) - C:\Users\aworkofmarc2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-12]
    S3 MSICDSetup; \??\D:\CDriver64.sys [X]
    S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
    AlternateDataStreams: C:\Users\aworkofmarc2\AppData\Local\Temp:BdHxCHiyIYhqQN8QacRp
    AlternateDataStreams: C:\Users\aworkofmarc2\AppData\Local\Temp:CWbKyD4uUPqJjHe2j8OPYO
    AlternateDataStreams: C:\Users\aworkofmarc2\AppData\Local\Temporary Internet Files:LTU7Frp7dTOyNh8n3Hud
    End
    
    Save the files as fixlist.txt into the same folder as FRST

    Run FRST and click Fix only once and wait.

    Restart the computer normally to reset the registry.

    The tool will create a log Fixlog.txt please post it to your reply.

    Note:
    You are running the Farbar tool from this folder.
    Running from D:\Downloads
    ===

    If the problem persists execute this.

    Reset the browsers that have been compromised.

    Reset Chrome...
    Click on "Customize and control Google Chrome":
     
    p22003758.gif
     
    Click "Settings" then "Show advanced settings" at the bottom of the screen.
     
    Click "Reset browser settings" button.
     
    Restart Chrome.
    ====

    Firefox:
    Reset Default Browsing settings:
    https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
    ===

    Reset Internet Explorer:
    Menu > Tools > Internet Options > General Tab.
    Click the Reset button on the bottom of the pane.
    Click the Apply button.
    Close IE.

    ===

    There is also a possibility that if you are using a router that later could be compromised.

    How to Reset a Router Back to the Factory Default Settings
    http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

    Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

    http://www.routerpasswords.com/
    http://www.phenoelit-us.org/dpl/dpl.html
    ===

    Reset for Linksys, Netgear, D-Link and Belkin Routers
    http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

    How to Secure Your Wireless Router
    http://www.ehow.com/how_2253625_secure-wireless-router.html

    ===

    Download Security Check by screen317 from here
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.

    If the site is busy or not available use this mirror site:
    http://www.bleepingcomputer.com/download/securitycheck/

    How is the computer running now?

    ======

    #9 IdesofMarc

    IdesofMarc
    • Topic Starter

    • Members
    • 23 posts
    • OFFLINE
    •  
    • Local time:10:39 PM

    Posted 28 November 2014 - 11:51 AM

    Thank you.

     

    Whew.. I will get to it until later today.

     

    But to be sure I'm doing this right -- I first save the fixlist.txt (copied from above) document into my D:\Downloads folder. And THEN:

     

    'run FRST and click Fix only once and wait.'

     

    Correct?


    Edited by IdesofMarc, 28 November 2014 - 11:58 AM.


    #10 nasdaq

    nasdaq

    • Malware Response Team
    • 40,736 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:10:39 PM

    Posted 28 November 2014 - 01:54 PM

    Yes

    #11 IdesofMarc

    IdesofMarc
    • Topic Starter

    • Members
    • 23 posts
    • OFFLINE
    •  
    • Local time:10:39 PM

    Posted 28 November 2014 - 09:06 PM

    1) I ran TFC

     

    2) I reset Firefox.

     

    3) (No router that I know of)

     

    4) I ran Security Check.

     

     Results of screen317's Security Check version 0.99.91  
     Windows 7 Service Pack 1 x64 (UAC is enabled)  
     Internet Explorer 11  
    ``````````````Antivirus/Firewall Check:``````````````
     Windows Firewall Enabled!  
    Bitdefender Antivirus Free Edition   
     Antivirus up to date!   
    `````````Anti-malware/Other Utilities Check:`````````
     Spyder4Elite     
     Malwarebytes Anti-Malware version 2.0.3.1025  
     Adobe Flash Player 15.0.0.189  
     Mozilla Firefox (33.1)
    ````````Process Check: objlist.exe by Laurent````````  
     Malwarebytes Anti-Malware mbamservice.exe  
     Malwarebytes Anti-Malware mbam.exe  
     Bitdefender Antivirus Free Edition gzserv.exe  
     Bitdefender Antivirus Free Edition gziface.exe  
     Malwarebytes Anti-Malware mbamscheduler.exe   
    `````````````````System Health check`````````````````
     Total Fragmentation on Drive C: 10%
    ````````````````````End of Log``````````````````````

     

    Same issue - has not resolved.

     



    #12 nasdaq

    nasdaq

    • Malware Response Team
    • 40,736 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:10:39 PM

    Posted 29 November 2014 - 08:50 AM

    Let see what we can find on this process.

    Please run the Farbar Recovery Scan Tool. Enter GoForfilescoywfxgj84.exe in the Search Box and hit the File Search button.
    Post the content of the Search.txt in your next reply.

    <<<>>>


    Lets look also in the Registry.

    Please run the Farbar Recovery Scan Tool. Enter GoForfilescoywfxgj84.exe in the Search Box.
    click the Search Registry button, post the content of the Search.txt file in your next reply.

    #13 IdesofMarc

    IdesofMarc
    • Topic Starter

    • Members
    • 23 posts
    • OFFLINE
    •  
    • Local time:10:39 PM

    Posted 29 November 2014 - 05:56 PM

    Wait! Holy Crap! Look at all this!  Dayum!!  Why couldn't I find them using Windows folders search? When I did a GoForFile*.* search?

    Anyways..  I just deleted them rebooted and it seems to have fixed the issue.

     

    I will runs a few anti viruis malware checks again this evening to make usre I got everything but so far --it looks good!

     

     

    goforfiles_crap.jpg

     

    Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
    Ran by aworkofmarc2 at 2014-11-29 14:50:20
    Running from D:\Downloads
    Boot Mode: Normal

    ================== Search Files: "GoForfilescoywfxgj84.exe" =============

    C:\Users\aworkofmarc2\AppData\Local\Temp\GoForFilesCoyWFxGJ84.exe
    [2014-11-23 23:01][2014-11-21 10:07] 3911016 ____A (http://goforfiles.com) 25296B09174FA378D0389F1FA7CBA451 [File is signed]

    ====== End Of Search ======

     

     

     

    Nothing in the registry.


    Edited by IdesofMarc, 29 November 2014 - 06:19 PM.


    #14 nasdaq

    nasdaq

    • Malware Response Team
    • 40,736 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:10:39 PM

    Posted 30 November 2014 - 08:56 AM


    Glad we could help.

    If all is well.

    To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
    http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
    ===

    #15 IdesofMarc

    IdesofMarc
    • Topic Starter

    • Members
    • 23 posts
    • OFFLINE
    •  
    • Local time:10:39 PM

    Posted 30 November 2014 - 11:37 AM

    Thanks. Last question: I haven't seen a "donate" button. To where do I go for that?






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users