Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Access Denied - Trying to install Nvidia Graphics Driver


  • This topic is locked This topic is locked
6 replies to this topic

#1 Ilymar

Ilymar

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 30 December 2014 - 05:44 PM

Whenever i try and install the driver for my Nvidia Graphics Card it tells me Access Denied.

 

However, i was able to install my Nvidia Audio Driver, along with other drivers. For instance I can install a generic VGA driver for my card right now.

 

 

Things I've done:

 

Tried to install as Administrator, created new Admin account and ran as Admin from there. Tried manually install driver from Device Manager. Ran SFC, also used Windows All In One Repair to repair the following items:

 

Registry Permissions

Reset File Permissions (2)

Reset Service Permissions

Register System Files

Repair WMI

Remove Policies Set by Infections

Removed Temp Files

Repair MSI

Restore Important Windows Services

Set Windows Service to Default Startup.

 

 

Please find attached log files for FRST and Security Check. FRST and Security Check ran after doing initial troubleshooting as listed above.

 

Any help would be greatly appreciated!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by WeatherE (administrator) on WEATHERECOE01 on 30-12-2014 16:24:17
Running from C:\Users\weathere\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QLD73M5V
Loaded Profile: WeatherE (Available profiles: WYAdmin & WeatherE)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.JAV\MSSQL\Binn\sqlservr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.JAV2\MSSQL\Binn\sqlservr.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\Ntrtscan.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Dell) C:\Users\weathere\AppData\Local\Apps\2.0\XPLNO8VA.9A7\111L9L4P.MAQ\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [684016 2012-12-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2230608 2012-12-07] (Trend Micro Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1518664 2014-09-17] (Seagate Technology LLC)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2014-12-22] (Intel Corporation)
HKLM Group Policy restriction on software: limewire*.* <====== ATTENTION
HKLM Group Policy restriction on software: Winamp*.* <====== ATTENTION
HKLM Group Policy restriction on software: Skype*.* <====== ATTENTION
HKLM Group Policy restriction on software: desktopweather*.* <====== ATTENTION
HKLM Group Policy restriction on software: GoogleWebAccelerator*.* <====== ATTENTION
HKLM Group Policy restriction on software: spybot*.* <====== ATTENTION
HKLM Group Policy restriction on software: GoogleDesktop*.* <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%\System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: D:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Navnt <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\program files\Trend Micro <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\hgnlyrs-x32:  [X]
Winlogon\Notify\pbhvoes-x32:  [X]
HKU\S-1-5-21-527237240-1708537768-682003330-406846\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-527237240-1708537768-682003330-406846\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-527237240-1708537768-682003330-406846\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-527237240-1708537768-682003330-406846\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-527237240-1708537768-682003330-406846\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127080 2014-09-17] (Seagate Technology LLC)
HKU\S-1-5-21-527237240-1708537768-682003330-406846\...\Run: [DellSystemDetect] => C:\Users\weathere\AppData\Local\Apps\2.0\XPLNO8VA.9A7\111L9L4P.MAQ\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2014-12-22] (Dell)
HKU\S-1-5-21-527237240-1708537768-682003330-406846\...\Policies\Explorer: [NoSMBalloonTip] 1
HKU\S-1-5-21-527237240-1708537768-682003330-406846\...\Policies\Explorer: [DisablePersonalDirChange] 1
HKU\S-1-5-21-527237240-1708537768-682003330-406846\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => "c:\Windows\SysWOW64\nvinit.dll" File Not Found
AppInit_DLLs-x32:  c:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => c:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257208 2012-05-23] (Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-527237240-1708537768-682003330-406846\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-527237240-1708537768-682003330-406846\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-527237240-1708537768-682003330-406846\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-527237240-1708537768-682003330-406846\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-527237240-1708537768-682003330-406846 -> DefaultScope {BCE099D6-1A4B-4E94-9CD8-8591D32D1096} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-527237240-1708537768-682003330-406846 -> {BCE099D6-1A4B-4E94-9CD8-8591D32D1096} URL = https://www.google.com/search?q={searchTerms}
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {2BCDB465-81F9-41CB-832C-8037A4064446} https://vpn.weyer.com/public/download/urxvpn.cab#version=7091,2014,409,2153
DPF: HKLM-x32 {2c8ffa64-e3f7-49ae-87c2-49018fde3aea} https://vpn.weyer.com/public/download/OesisInspector.cab#Version=7090,2014,724,1048
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://vpn.weyer.com/public/download/f5tunsrv.cab#version=7091,2014,409,2153
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://vpn.weyer.com/public/download/InstallerControl.cab#7091,2014,409,2153
DPF: HKLM-x32 {57C76689-F052-487B-A19F-855AFDDF28EE} https://vpn.weyer.com/public/download/f5InspectionHost.cab#version=7091,2014,409,2153
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://vpn.weyer.com/public/download/urxshost.cab#version=7091,2014,409,2153
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://vpn.weyer.com/public/download/urxhost.cab#version=7091,2014,409,2153
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF ProfilePath: C:\Users\weathere\AppData\Roaming\Mozilla\Firefox\Profiles\dcrbob34.default
FF DefaultSearchEngine: Yahoo US
FF SelectedSearchEngine: Yahoo MSD
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-527237240-1708537768-682003330-406846: @citrixonline.com/appdetectorplugin -> C:\Users\weathere\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF SearchPlugin: C:\Users\weathere\AppData\Roaming\Mozilla\Firefox\Profiles\dcrbob34.default\searchplugins\yahoo-msd.xml
FF Extension: F5 Networks Host Plugin - C:\Users\weathere\AppData\Roaming\Mozilla\Firefox\Profiles\dcrbob34.default\Extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2014-09-12]
FF Extension: Search App - C:\Users\weathere\AppData\Roaming\Mozilla\Firefox\Profiles\dcrbob34.default\Extensions\{869eaa8e-27d4-4a31-bc79-773154814090}.xpi [2014-12-24]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2014-02-14]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2014-02-14]

Chrome:
=======
CHR Profile: C:\Users\weathere\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\weathere\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-10]
CHR Extension: (Google Drive) - C:\Users\weathere\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\weathere\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-10]
CHR Extension: (F5 Networks Plugin Host) - C:\Users\weathere\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjhelpopbdbnlfmjkbkfkbfmbneaeob [2014-06-10]
CHR Extension: (YouTube) - C:\Users\weathere\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-10]
CHR Extension: (Google Search) - C:\Users\weathere\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-10]
CHR Extension: (Google Wallet) - C:\Users\weathere\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-10]
CHR Extension: (Gmail) - C:\Users\weathere\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 CcmExec; C:\Windows\CCM\CcmExec.exe [1571000 2013-09-11] (Microsoft Corporation)
S4 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [577720 2013-09-11] (Microsoft Corporation)
R2 CrypKey License; C:\Windows\system32\crypserv.exe [126976 2011-10-19] (CrypKey (Canada) Ltd.) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1385280 2013-12-10] (Microsoft Corp.)
R2 MSSQL$JAV; c:\Program Files\Microsoft SQL Server\MSSQL10_50.JAV\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R2 MSSQL$JAV2; c:\Program Files\Microsoft SQL Server\MSSQL10.JAV2\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [3033496 2014-01-16] (Trend Micro Inc.)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-09-17] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157776 2014-09-17] (Seagate Technology LLC)
S3 smstsmgr; C:\Windows\CCM\TSManager.exe [276152 2013-09-11] (Microsoft Corporation)
S4 SQLAgent$JAV; c:\Program Files\Microsoft SQL Server\MSSQL10_50.JAV\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
S4 SQLAgent$JAV2; c:\Program Files\Microsoft SQL Server\MSSQL10.JAV2\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5423888 2014-12-15] (TeamViewer GmbH)
R3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [573488 2014-04-21] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [3170232 2014-01-16] (Trend Micro Inc.)
R3 TmPfw; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe [596736 2011-04-15] (Trend Micro Inc.)
S4 TmProxy; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [918064 2012-08-08] (Trend Micro Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 32054238; C:\Windows\System32\DRIVERS\32054238.sys [458336 2014-12-18] (Kaspersky Lab ZAO)
R0 38322754; C:\Windows\System32\DRIVERS\38322754.sys [458336 2014-12-18] (Kaspersky Lab ZAO)
R0 38497134; C:\Windows\System32\DRIVERS\38497134.sys [458336 2014-12-18] (Kaspersky Lab ZAO)
R0 42522677; C:\Windows\System32\DRIVERS\42522677.sys [458336 2014-12-18] (Kaspersky Lab ZAO)
R0 47654256; C:\Windows\System32\DRIVERS\47654256.sys [458336 2014-12-22] (Kaspersky Lab ZAO)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2012-05-24] (Broadcom Corporation.)
S3 f5ipfw; C:\Windows\system32\drivers\urfltv64.sys [30952 2014-04-09] (F5 Networks, Inc.)
S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)
S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [26504 2012-02-06] (Intel Corporation)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-02-09] ()
R1 NetworkX; C:\Windows\System32\ckldrv.sys [30272 2010-03-18] ()
S3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2013-09-11] (Microsoft Corporation)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
R3 ST_ACCEL; C:\Windows\system32\drivers\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [86936 2014-04-21] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [180160 2013-12-25] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [66896 2014-04-21] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [351032 2014-08-30] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [197432 2012-06-21] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [44856 2014-08-30] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2010-12-07] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [338232 2012-06-21] (Trend Micro Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-19] ()
R3 urvpndrv; C:\Windows\System32\DRIVERS\covpnv64.sys [45776 2013-12-11] (F5 Networks, Inc.)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2316600 2014-08-30] (Trend Micro Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 kptfjebm; \??\C:\Windows\system32\drivers\kptfjebm.sys [X]
S1 mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\32054238.sys 795EC29BA21F1D948FD6FD740C00B599
C:\Windows\System32\DRIVERS\38322754.sys 795EC29BA21F1D948FD6FD740C00B599
C:\Windows\System32\DRIVERS\38497134.sys 795EC29BA21F1D948FD6FD740C00B599
C:\Windows\System32\DRIVERS\42522677.sys 795EC29BA21F1D948FD6FD740C00B599
C:\Windows\System32\DRIVERS\47654256.sys 795EC29BA21F1D948FD6FD740C00B599
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdkmpfd.sys 2D01D8CC6221A75EDB8CFABBBBA879DD
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\Apfiltr.sys D9E5CFDA45FA8A806E010DE13B17BE09
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\drivers\bcbtums.sys BC88D56376CCFAF08BE25E33A7046D1F
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ctxusbm.sys F02D7FD231AF76C69A8F09C619DEE384
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\System32\DRIVERS\e1c62x64.sys 6FA47EE7164599CA962451BD704F7FBA
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\urfltv64.sys 4CECFF051DE20C33A520499178654806
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\HBtnKey.sys 0E485F2C759F155170DA9F35354034E9
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 348214F96642FD4FEF630DE021BA3540
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\irstrtdv.sys 6DC22BDAA595BE00F19696E72F2F3312
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ISCTD64.sys 970995B7C36F4408ED31C3BF204FE1F5
C:\Windows\System32\drivers\iusb3hcs.sys 75779002A6084C1A011E195E421A9C75
C:\Windows\System32\DRIVERS\iusb3hub.sys F390B641FE6115F536B8B78AA71B8814
C:\Windows\System32\DRIVERS\iusb3xhc.sys 653B86AA174FF7661D00EE1E524B234F
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 41774FF331F609EF442B7398EE6202B1
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\system32\drivers\HECIx64.sys D71FD7A4FDB01C554AE144037B688DF1
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NETwsw00.sys C0ED8FA7BC077B0045C4368D4BB214C5
C:\Windows\System32\ckldrv.sys A97D9B1C2EEB2E169D2593E7073BCD27
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda64v.sys B4F53BCA4C688FF47F04FA90098F896E
C:\Windows\System32\DRIVERS\nvlddmkm.sys 86B50CE257C74E378FC2686B8A1F8B30
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nvstusb.sys FD7B8BC709366795A15EEC9DDA9A46BD
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\O2MDFw7x64.sys 6172DB160FC566CF24307941C0E94D8E
C:\Windows\system32\drivers\O2MDRw7x64.sys 8ED738ABA394BBF6D7802698BE453112
C:\Windows\system32\drivers\o2sdjw7x64.sys 072CF54D82D857001910C4FC70120D0F
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\prepdrv.sys C117970D3AE17FCDBA683D1D318B0440
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\RsFx0103.sys CD553B8633466A6D1C115812F2619F1F
C:\Windows\System32\DRIVERS\RsFx0151.sys C606C5F712A3761896CEFFA4AF6B1268
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rtnic64.sys 68DD0457D18FCCEF7384AE84022F0C86
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\stdcfltn.sys E4EA2412FB1B8AEE33667A9CC6D456A4
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys B1EFA62F5C0E4D3C39E24358FA40CC44
C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\ST_ACCEL.sys 8BA37304516F9B637FB140DD58B5D88C
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tmactmon.sys 7DE76C87DAAC62939517F370D24D560F
C:\Windows\System32\DRIVERS\tmcomm.sys D99CB31E7B52A71332C1BB3574D68E19
C:\Windows\System32\DRIVERS\tmevtmgr.sys 954A688DC0AF4F3D6BA2115CA7EAA934
C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys BB34D510A5DA561BCA257B4F7D9C9495
C:\Windows\System32\DRIVERS\tmlwf.sys B79CF2BD864EFCBAD28A56130432F745
C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys EAA84E5D1897147CBB753CD8DAFCA34C
C:\Windows\System32\DRIVERS\tmtdi.sys A42E6780C52B248AF54C6010A9A93384
C:\Windows\System32\DRIVERS\tmwfp.sys F0CA09798F2ADE27243E5192FB62AB11
C:\Windows\System32\drivers\TrueSight.sys FD44FA80DA03EA144153A76DEBBB61B4
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\covpnv64.sys C3912689DF0AE9FFD353112BE6EF5BCF
C:\Windows\System32\Drivers\usbaapl64.sys 5C3BE22E485B9BF11FCEFDC676C728D0
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys BA255A3188F429F4B4A40D53734023F4
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 16:23 - 2014-12-30 16:24 - 00000000 ____D () C:\FRST
2014-12-30 16:16 - 2014-12-30 16:16 - 00000000 ____D () C:\Windows\LastGood
2014-12-30 15:35 - 2014-12-30 15:35 - 00002170 _____ () C:\Users\weathere\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-12-30 15:35 - 2014-12-30 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-12-30 15:34 - 2014-12-30 15:34 - 09817304 _____ () C:\Users\weathere\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-12-24 08:29 - 2014-12-22 00:29 - 00000025 _____ () C:\Windows\system32\Drivers\etc\hosts.bak
2014-12-23 17:47 - 2014-12-23 18:02 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-12-23 15:51 - 2014-12-30 16:16 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-23 15:45 - 2014-12-23 15:50 - 00000000 ____D () C:\Users\weathere\Downloads\regscanner-x64
2014-12-23 15:45 - 2014-12-23 15:45 - 00084233 _____ () C:\Users\weathere\Downloads\regscanner-x64.zip
2014-12-23 15:31 - 2014-12-23 15:33 - 261127784 _____ (Dell Inc.) C:\Users\weathere\Desktop\Video_Driver_GKPWX_WN_9.18.13.2762_A07.EXE
2014-12-23 14:35 - 2013-11-01 04:43 - 29339936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-12-23 14:35 - 2013-11-01 04:43 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-12-23 14:35 - 2013-11-01 04:43 - 22104352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-12-23 14:35 - 2013-11-01 04:43 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-12-23 14:35 - 2013-11-01 04:43 - 15930288 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-12-23 14:35 - 2013-11-01 04:43 - 15699056 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-12-23 14:35 - 2013-11-01 04:43 - 13656024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-12-23 14:35 - 2013-11-01 04:43 - 12947384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-12-23 14:35 - 2013-11-01 04:43 - 11311392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-12-23 14:35 - 2013-11-01 04:43 - 09281544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-12-23 14:35 - 2013-11-01 04:43 - 07721112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-12-23 14:35 - 2013-11-01 04:43 - 07598080 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-12-23 14:35 - 2013-11-01 04:43 - 06330064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-12-23 14:35 - 2013-11-01 04:43 - 02990792 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-12-23 14:35 - 2013-11-01 04:43 - 02971424 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-12-23 14:35 - 2013-11-01 04:43 - 02789664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-12-23 14:35 - 2013-11-01 04:43 - 02633376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-12-23 14:35 - 2013-11-01 04:43 - 02367776 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-12-23 14:35 - 2013-11-01 04:43 - 02007840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-12-23 14:35 - 2013-11-01 04:43 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432762.dll
2014-12-23 14:35 - 2013-11-01 04:43 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432762.dll
2014-12-23 14:35 - 2013-11-01 04:43 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-12-23 14:35 - 2013-11-01 04:43 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-12-23 14:35 - 2013-11-01 04:43 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-12-23 14:35 - 2013-11-01 04:43 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-12-23 14:33 - 2014-04-28 14:44 - 00396480 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\PsExec.exe
2014-12-23 14:31 - 2014-12-23 14:31 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-23 14:12 - 2014-12-23 14:12 - 00000000 ____D () C:\Users\Administrator\Downloads\DDU
2014-12-23 14:12 - 2014-12-23 14:12 - 00000000 ____D () C:\Users\Administrator\Desktop\DDU
2014-12-23 14:12 - 2014-12-23 13:44 - 307606328 _____ (NVIDIA Corporation) C:\Users\Administrator\Desktop\347.09-notebook-win8-win7-64bit-international-whql.exe
2014-12-23 14:12 - 2014-12-22 14:33 - 261127784 _____ (Dell Inc.) C:\Users\Administrator\Desktop\Video_Driver_GKPWX_WN_9.18.13.2762_A07.EXE
2014-12-23 14:08 - 2014-12-23 14:08 - 00000000 ____D () C:\Users\Public\Desktop\TakeOwnership
2014-12-23 14:08 - 2014-12-23 14:08 - 00000000 ____D () C:\Users\Public\Desktop\PSTools
2014-12-23 13:42 - 2014-12-23 13:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Dell
2014-12-23 13:40 - 2014-12-23 13:44 - 307606328 _____ (NVIDIA Corporation) C:\Users\Administrator\Downloads\347.09-notebook-win8-win7-64bit-international-whql.exe
2014-12-23 12:57 - 2014-12-23 12:57 - 00000000 ____D () C:\Windows\SysWOW64\%LOCALAPPDATA%
2014-12-23 12:02 - 2014-12-23 12:29 - 00000000 ____D () C:\Users\weathere\Downloads\Display Driver Cleaner
2014-12-23 11:50 - 2014-12-27 11:44 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-12-23 11:50 - 2014-12-23 11:50 - 00001054 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10 Host.lnk
2014-12-23 11:50 - 2014-12-23 11:50 - 00001042 _____ () C:\Users\Public\Desktop\TeamViewer 10 Host.lnk
2014-12-23 11:00 - 2014-12-23 14:49 - 00000000 ____D () C:\RegBackup
2014-12-23 11:00 - 2014-12-23 11:00 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-WEATHERECOE01-Microsoft-Windows-7-Professional-(64-bit).dat
2014-12-23 10:57 - 2014-12-23 10:58 - 00000000 ____D () C:\Users\weathere\Downloads\Windows Tweak Setup
2014-12-23 10:47 - 2014-12-23 10:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\TeamViewer
2014-12-23 10:45 - 2014-12-23 10:45 - 00003304 _____ () C:\bootsqm.dat
2014-12-23 10:11 - 2014-12-23 10:11 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-12-23 09:47 - 2014-12-19 13:52 - 05333352 _____ (TeamViewer) C:\Users\Public\Desktop\TeamViewerQS_en.exe
2014-12-22 15:47 - 2014-12-22 14:33 - 261127784 _____ (Dell Inc.) C:\Users\Administrator\Downloads\Video_Driver_GKPWX_WN_9.18.13.2762_A07.EXE
2014-12-22 15:24 - 2014-12-22 15:24 - 00000000 ____D () C:\Users\weathere\AppData\Local\VS Revo Group
2014-12-22 15:24 - 2014-12-22 15:24 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-12-22 15:06 - 2014-12-22 15:06 - 00000000 ____D () C:\Users\Administrator\Downloads\x64
2014-12-22 15:05 - 2014-12-22 15:06 - 00000000 ____D () C:\Users\Administrator\Downloads\settings
2014-12-22 14:43 - 2014-12-22 14:43 - 00000000 ____D () C:\Users\weathere\Downloads\x64
2014-12-22 14:42 - 2014-07-16 11:54 - 00000000 ____D () C:\Users\weathere\Downloads\settings
2014-12-22 14:31 - 2014-12-22 14:33 - 261127784 _____ (Dell Inc.) C:\Users\weathere\Downloads\Video_Driver_GKPWX_WN_9.18.13.2762_A07.EXE
2014-12-22 14:30 - 2013-11-01 04:43 - 00012064 _____ (NVIDIA Corporation) C:\Windows\system32\NVMUPEventMsg.dll
2014-12-22 14:28 - 2014-12-22 14:28 - 00000000 ____D () C:\Windows\nvmup
2014-12-22 14:26 - 2014-12-22 14:34 - 00000000 ____D () C:\ProgramData\dell
2014-12-22 14:26 - 2013-02-22 19:40 - 00792560 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2014-12-22 14:26 - 2013-02-22 19:40 - 00358896 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2014-12-22 14:26 - 2013-02-22 19:40 - 00020464 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys
2014-12-22 14:04 - 2014-12-22 14:04 - 00000000 ____D () C:\Users\weathere\AppData\Local\GlassWire
2014-12-22 11:41 - 2014-12-22 11:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-22 11:17 - 2014-12-19 17:00 - 123833088 _____ (Microsoft Corporation) C:\Users\weathere\Desktop\msert.exe
2014-12-22 10:07 - 2014-12-22 17:35 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\47654256.sys
2014-12-22 09:51 - 2014-12-22 09:51 - 00000000 ____D () C:\Users\weathere\AppData\Local\dell
2014-12-22 09:51 - 2011-12-06 06:55 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2014-12-22 09:49 - 2014-12-22 09:49 - 00000000 ____D () C:\Users\weathere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-12-21 23:54 - 2014-12-21 23:54 - 00003500 _____ () C:\Windows\System32\Tasks\Seagate_Install_Launch
2014-12-21 23:54 - 2014-12-21 23:54 - 00003488 _____ () C:\Windows\System32\Tasks\WeatherE DBAgent 2 0
2014-12-21 23:54 - 2014-12-21 23:54 - 00000000 ____D () C:\Users\weathere\AppData\Roaming\Nero
2014-12-21 23:53 - 2014-12-21 23:53 - 00002717 _____ () C:\Users\Public\Desktop\Seagate Dashboard.lnk
2014-12-21 23:53 - 2014-12-21 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2014-12-21 23:52 - 2014-12-21 23:52 - 00000000 ____D () C:\ProgramData\Nero
2014-12-21 23:52 - 2014-12-21 23:52 - 00000000 ____D () C:\Program Files (x86)\Seagate
2014-12-21 23:51 - 2014-12-21 23:51 - 00000000 ____D () C:\Windows\System32\Tasks\Leader Technologies
2014-12-21 23:51 - 2014-12-21 23:51 - 00000000 ____D () C:\Users\weathere\AppData\Roaming\Seagate
2014-12-21 23:50 - 2014-12-21 23:50 - 00000000 ____D () C:\Users\weathere\AppData\Roaming\Leadertech
2014-12-20 16:06 - 2014-12-20 16:06 - 00026904 _____ () C:\ComboFix.txt
2014-12-20 15:56 - 2014-12-20 15:56 - 00277752 _____ () C:\Windows\Minidump\122014-17362-01.dmp
2014-12-20 15:01 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-20 15:01 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-20 15:01 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-20 15:01 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-20 15:01 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-20 15:01 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-20 15:01 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-20 15:01 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-20 15:00 - 2014-12-20 16:06 - 00000000 ____D () C:\Qoobox
2014-12-20 15:00 - 2014-12-20 16:02 - 00000000 ____D () C:\Windows\erdnt
2014-12-20 14:34 - 2014-12-20 14:34 - 00287592 _____ () C:\Windows\Minidump\122014-17082-01.dmp
2014-12-20 14:32 - 2014-12-20 14:32 - 00000000 ____D () C:\Users\weathere\AppData\Roaming\IObit
2014-12-19 19:34 - 2014-12-19 19:34 - 00277664 _____ () C:\Windows\Minidump\121914-17487-01.dmp
2014-12-19 19:14 - 2014-12-19 19:14 - 00295672 _____ () C:\Windows\Minidump\121914-18813-01.dmp
2014-12-19 19:00 - 2014-12-18 19:35 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\32054238.sys
2014-12-19 18:52 - 2014-12-19 18:52 - 00273872 _____ () C:\Windows\Minidump\121914-17893-01.dmp
2014-12-19 18:37 - 2014-12-19 18:38 - 00269400 _____ () C:\Windows\Minidump\121914-23259-01.dmp
2014-12-19 18:16 - 2014-12-19 18:16 - 00283320 _____ () C:\Windows\Minidump\121914-18891-01.dmp
2014-12-19 18:04 - 2014-12-22 09:36 - 00000000 ____D () C:\Users\weathere\AppData\Local\CrashDumps
2014-12-19 17:49 - 2014-12-19 17:49 - 00283392 _____ () C:\Windows\Minidump\121914-19640-01.dmp
2014-12-19 17:43 - 2014-12-19 17:43 - 00283568 _____ () C:\Windows\Minidump\121914-17877-01.dmp
2014-12-19 17:33 - 2014-12-19 17:33 - 00275056 _____ () C:\Windows\Minidump\121914-18376-01.dmp
2014-12-19 17:02 - 2014-12-19 17:09 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-19 17:02 - 2014-12-19 17:02 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-19 16:23 - 2014-12-18 19:35 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\38497134.sys
2014-12-19 15:54 - 2014-12-19 15:54 - 00000000 ____D () C:\Users\weathere\Desktop\mbar
2014-12-19 15:52 - 2014-12-19 15:52 - 00000000 ____D () C:\Users\weathere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2014-12-19 15:52 - 2014-12-19 15:52 - 00000000 ____D () C:\Program Files (x86)\NirSoft
2014-12-19 14:06 - 2014-12-19 14:06 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
2014-12-19 14:04 - 2014-12-19 14:04 - 00283288 _____ () C:\Windows\Minidump\121914-43524-01.dmp
2014-12-19 14:01 - 2014-12-19 15:59 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-19 14:01 - 2014-12-19 14:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-19 13:30 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-19 13:30 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-12-19 13:29 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-19 13:29 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-19 13:29 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-19 13:29 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-19 13:29 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-19 13:29 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-19 13:29 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-12-19 13:29 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-12-19 13:29 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-19 13:29 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-19 13:29 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-19 13:29 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-19 13:29 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-19 13:29 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-19 13:29 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-12-19 13:29 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-19 13:29 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-12-19 13:29 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-12-19 13:29 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-12-19 13:29 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-12-19 13:29 - 2014-04-11 20:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-12-19 13:29 - 2014-04-11 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-12-19 13:29 - 2014-04-11 20:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-12-19 13:29 - 2014-04-11 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-12-19 13:29 - 2014-04-11 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-12-19 13:29 - 2013-07-04 06:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-12-19 13:27 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-19 13:27 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-19 13:25 - 2014-12-19 13:25 - 00000000 ____D () C:\Users\weathere\AppData\Roaming\TeamViewer
2014-12-19 13:22 - 2014-12-19 13:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-19 13:22 - 2014-12-19 13:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-19 13:17 - 2014-12-19 13:17 - 00000000 ____D () C:\Users\weathere\Documents\My Meetings
2014-12-19 12:58 - 2014-12-19 12:58 - 00269688 _____ () C:\Windows\Minidump\121914-19921-01.dmp
2014-12-19 10:39 - 2014-12-19 10:40 - 00013168 __RSH () C:\Users\RicharCr\ntuser.pol
2014-12-19 10:39 - 2012-02-29 05:44 - 00108840 _____ () C:\Users\RicharCr\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-19 10:38 - 2014-12-19 10:39 - 00000000 ____D () C:\Users\RicharCr
2014-12-19 10:38 - 2014-06-12 07:34 - 00000000 ____D () C:\Users\RicharCr\AppData\Roaming\Garmin
2014-12-19 10:38 - 2014-02-11 14:29 - 00000000 ____D () C:\Users\RicharCr\Tracing
2014-12-19 10:38 - 2012-09-28 04:35 - 00000000 ____D () C:\Users\RicharCr\AppData\Local\Seavus
2014-12-19 10:38 - 2012-02-29 08:04 - 00000000 ____D () C:\Users\RicharCr\AppData\Roaming\Adobe
2014-12-19 10:38 - 2012-02-29 04:54 - 00000000 ____D () C:\Users\RicharCr\AppData\Roaming\InstallShield
2014-12-19 10:38 - 2012-02-29 03:32 - 00000000 ____D () C:\Users\RicharCr\AppData\Roaming\Macromedia
2014-12-19 10:38 - 2012-02-29 03:11 - 00001450 _____ () C:\Users\RicharCr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-19 10:38 - 2012-02-29 03:11 - 00001416 _____ () C:\Users\RicharCr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-12-19 10:38 - 2012-02-28 08:56 - 00000000 ____D () C:\Users\RicharCr\AppData\Local\Microsoft Help
2014-12-19 10:38 - 2011-04-22 22:41 - 00000020 ___SH () C:\Users\RicharCr\ntuser.ini
2014-12-19 10:38 - 2009-07-13 22:54 - 00000000 ___RD () C:\Users\RicharCr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-19 10:38 - 2009-07-13 22:49 - 00000000 ___RD () C:\Users\RicharCr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-19 10:26 - 2014-12-19 10:26 - 00286616 _____ () C:\Windows\Minidump\121914-25755-01.dmp
2014-12-19 10:16 - 2014-12-19 10:16 - 00000000 ____D () C:\90b19779bf9c4956ea
2014-12-19 10:16 - 2014-11-27 16:40 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-19 10:14 - 2014-12-18 12:10 - 36904648 _____ (Microsoft Corporation) C:\Users\weathere\Desktop\Windows-KB890830-x64-V5.19.exe
2014-12-19 10:07 - 2014-12-18 19:35 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\42522677.sys
2014-12-19 09:59 - 2014-12-19 10:00 - 00270128 _____ () C:\Windows\Minidump\121914-17752-01.dmp
2014-12-19 09:57 - 2014-12-19 09:57 - 00262192 _____ () C:\Windows\Minidump\121914-20202-01.dmp
2014-12-19 09:33 - 2014-12-18 19:35 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\38322754.sys
2014-12-19 08:57 - 2014-10-24 10:57 - 00508486 _____ () C:\Windows\SysWOW64\uncoogesm.exe
2014-12-19 08:57 - 2014-08-24 09:32 - 00508486 _____ () C:\Windows\SysWOW64\dupas.exe
2014-12-19 08:57 - 2014-06-02 12:57 - 00508486 _____ () C:\Windows\SysWOW64\epfixi.exe
2014-12-19 08:57 - 2014-05-31 16:18 - 00508486 _____ () C:\Windows\SysWOW64\nazyudysul.exe
2014-12-18 14:03 - 2014-12-18 14:03 - 00262192 _____ () C:\Windows\Minidump\121814-21450-01.dmp
2014-12-17 08:54 - 2014-12-17 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-12-16 16:43 - 2014-12-16 17:17 - 00000000 ____D () C:\Users\weathere\AppData\Roaming\Local Store
2014-12-15 09:52 - 2014-12-15 09:54 - 00000000 ____D () C:\ProgramData\meoht
2014-12-15 09:49 - 2014-12-19 15:27 - 00000000 ____D () C:\ProgramData\IayaMmonq
2014-12-15 08:53 - 2014-12-19 17:33 - 00000086 _____ () C:\Windows\DCEBOOT.RST
2014-12-15 08:53 - 2014-12-19 17:33 - 00000000 _____ () C:\Windows\DCEBOOT.LOG
2014-12-15 08:52 - 2014-12-22 10:01 - 00240176 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2014-12-15 08:51 - 2014-12-22 10:01 - 00182832 _____ (Trend Micro Inc.) C:\Windows\RegBootClean.exe
2014-12-15 08:51 - 2014-12-19 16:19 - 00021536 _____ () C:\Windows\DCEBoot64.exe
2014-12-12 18:45 - 2014-12-12 18:45 - 00304304 _____ () C:\Windows\Minidump\121214-17347-01.dmp
2014-12-12 18:44 - 2014-12-12 18:44 - 00000000 ____D () C:\found.000
2014-12-12 11:07 - 2014-12-19 16:16 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-12-01 10:53 - 2014-12-01 10:53 - 00055685 _____ () C:\Users\weathere\Desktop\beam 1.4te

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 16:23 - 2014-03-03 15:38 - 00000544 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-527237240-1708537768-682003330-406846.job
2014-12-30 16:22 - 2014-02-11 15:58 - 01895119 _____ () C:\Windows\WindowsUpdate.log
2014-12-30 16:19 - 2009-07-13 22:45 - 00029728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-30 16:19 - 2009-07-13 22:45 - 00029728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-30 16:14 - 2014-08-29 07:51 - 02849812 _____ () C:\Windows\SysWOW64\TmInstall.log
2014-12-30 16:14 - 2012-02-29 04:58 - 02675816 _____ () C:\Windows\system32\TmInstall.log
2014-12-30 16:13 - 2009-07-13 23:13 - 01052606 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-30 16:09 - 2012-09-28 08:48 - 00013907 _____ () C:\Windows\TMFilter.log
2014-12-30 16:08 - 2014-02-14 15:35 - 00060262 _____ () C:\Windows\errord.log
2014-12-30 16:08 - 2014-02-14 15:35 - 00046433 _____ () C:\Windows\error.log
2014-12-30 16:08 - 2010-11-21 00:20 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-30 16:08 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-30 16:08 - 2009-07-13 22:51 - 00062191 _____ () C:\Windows\setupact.log
2014-12-30 16:08 - 2009-07-13 22:45 - 00489000 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-30 15:57 - 2012-02-29 01:36 - 01052606 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-12-30 15:48 - 2014-02-13 14:22 - 00139752 _____ () C:\Users\weathere\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-30 15:32 - 2014-09-22 08:35 - 00000000 ____D () C:\Users\weathere\AppData\Local\135108C0-6060-458C-A294-5BD6834707CC.aplzod
2014-12-30 15:17 - 2014-02-13 13:38 - 00000570 _____ () C:\Windows\SMSCFG.ini
2014-12-29 14:33 - 2014-02-14 15:40 - 00001680 _____ () C:\Windows\system32\esnecil.ind
2014-12-29 14:33 - 2014-02-14 15:40 - 00000004 _____ () C:\Windows\vx86036.dat
2014-12-26 23:17 - 2014-02-28 08:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-24 08:30 - 2014-02-13 15:37 - 00013969 _____ () C:\Windows\cfgall.ini
2014-12-24 08:30 - 2014-02-13 15:15 - 00003568 _____ () C:\Windows\system32\config\netlogon.ftl
2014-12-23 18:03 - 2010-11-20 21:47 - 00231722 _____ () C:\Windows\PFRO.log
2014-12-23 16:18 - 2014-02-18 12:27 - 00000000 ____D () C:\Users\weathere\AppData\Local\Precision_Estimating
2014-12-23 13:49 - 2014-02-11 15:59 - 00139752 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-23 11:46 - 2014-02-13 14:22 - 00000000 ____D () C:\Users\weathere\Tracing
2014-12-23 08:09 - 2012-02-29 05:03 - 00000000 ____D () C:\Windows\ccmsetup
2014-12-22 15:08 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Help
2014-12-22 13:47 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-12-22 09:51 - 2014-02-11 14:27 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-12-22 09:50 - 2014-06-10 11:41 - 00000000 ____D () C:\Users\weathere\AppData\Local\Deployment
2014-12-22 09:49 - 2014-06-10 11:41 - 00000000 ____D () C:\Users\weathere\AppData\Local\Apps\2.0
2014-12-22 08:34 - 2014-03-03 15:38 - 00003572 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-527237240-1708537768-682003330-406846
2014-12-22 00:53 - 2014-02-13 15:07 - 00000000 ____D () C:\Users\weathere\Documents\QTD SIP Report
2014-12-20 16:06 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Default
2014-12-20 15:58 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-20 15:56 - 2014-11-03 15:38 - 289869052 _____ () C:\Windows\MEMORY.DMP
2014-12-20 15:56 - 2014-11-03 15:38 - 00000000 ____D () C:\Windows\Minidump
2014-12-20 15:53 - 2014-02-13 14:22 - 00000000 ____D () C:\Users\weathere
2014-12-19 15:27 - 2014-02-14 15:07 - 00000000 ____D () C:\Users\weathere\AppData\Local\HP
2014-12-19 13:17 - 2014-02-13 13:38 - 00000000 ____D () C:\ccmcache
2014-12-19 13:01 - 2009-07-13 20:34 - 00000500 _____ () C:\Windows\win.ini
2014-12-15 13:28 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-12-12 14:01 - 2014-02-13 15:14 - 00000000 ____D () C:\Users\weathere\Desktop\Estima V4 Jobs
2014-12-11 13:13 - 2014-02-13 15:56 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-12-04 10:01 - 2014-02-13 15:07 - 00000000 ____D () C:\Users\weathere\Documents\PDF's
2014-12-03 16:34 - 2014-02-13 15:07 - 00000000 ____D () C:\Users\weathere\Documents\Forte Files
2014-12-03 15:53 - 2014-02-13 15:05 - 00000000 ____D () C:\Users\weathere\Documents\Ernie
2014-12-01 18:03 - 2014-11-03 12:36 - 00000000 ____D () C:\Users\weathere\Documents\Company Car Mileage
2014-11-30 20:09 - 2014-02-13 15:09 - 00020480 _____ () C:\Users\weathere\Desktop\JOB NUMBERSPS.xls
2014-11-30 16:56 - 2014-02-13 15:05 - 00000000 ____D () C:\Users\weathere\Documents\Builder Agreement

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-22 13:39

==================== End Of Log ============================

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by WeatherE at 2014-12-30 16:25:15
Running from C:\Users\weathere\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QLD73M5V
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro OfficeScan Antivirus (Enabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro OfficeScan Anti-spyware (Enabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
FW: Trend Micro Personal Firewall (Enabled) {49A8346C-6900-54B6-B1B3-5F678736DDE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\{7C548501-3501-468A-A443-CC42F5B3626B}) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\{F1410A0A-8205-4D45-BF2B-9C7ACB2F4B24}) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{755DDD59-9690-4F1A-BE9C-D39BDCFA77C9}) (Version: 12.1.3.153 - Adobe Systems, Inc)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 70.2014.0409.2153 - F5 Networks, Inc.)
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.3.2291.0 - Microsoft Corporation)
Bing Bar Platform (x32 Version: 6.3.2291.0 - Microsoft Corporation) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.1.201.3 - Citrix Systems, Inc.)
Collaboration Data Objects 1.2.1 (HKLM-x32\...\{86EF9EB6-DE10-4ABB-B221-D61972BB3C09}) (Version: 6.5.7974.0 - Microsoft)
Configuration Manager Client (Version: 5.00.7958.1000 - Microsoft Corporation) Hidden
Dell System Detect (HKU\.DEFAULT\...\73f463568823ebbe) (Version: 5.13.0.1 - Dell)
Dell System Detect (HKU\S-1-5-21-527237240-1708537768-682003330-406846\...\73f463568823ebbe) (Version: 5.13.0.1 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.124 - ALPS ELECTRIC CO., LTD.)
DWG TrueView 2012 (HKLM\...\DWG TrueView 2012) (Version: 18.2.51.0 - Autodesk)
DWG TrueView 2012 (Version: 18.2.51.0 - Autodesk) Hidden
Elevated Installer (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Estima (HKLM\...\{A4550674-ADB7-44B6-BB71-58CF101155F4}_is1) (Version:  - Precision Estimating Inc.)
FileNet IDM Web Controls 3.3 (HKLM-x32\...\IDMControls) (Version:  - )
Forefront Identity Manager Add-ins and Extensions (HKLM\...\{663BEDE2-5DFB-422C-B2D9-A9D00FF95114}) (Version: 4.1.3114.0 - Microsoft Corporation)
Forte (HKLM-x32\...\{65AA17B7-1774-4D83-8462-9DF51F94E4C5}) (Version: 4.6.0 - Weyerhaeuser)
Garmin Express (HKLM-x32\...\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}) (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
GoToMeeting 7.0.5.2130 (HKU\S-1-5-21-527237240-1708537768-682003330-406846\...\GoToMeeting) (Version: 7.0.5.2130 - CitrixOnline)
HP Designjet 800 Printer Series (HKLM-x32\...\HP Designjet 800 Printer Series) (Version:  - Hewlett-Packard Co.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{2D5E3D2B-919F-407C-8757-E64827518BB6}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{F792E5B0-11C4-4C68-8A63-FB5F52749180}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Web Registration (HKLM-x32\...\{07E79F52-1D78-4081-814E-BF093FF7A1BF}) (Version: 1.0.0.0 - Hewlett Packard, Co.)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java™ 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
Javelin (HKLM-x32\...\{0F1E09C3-0424-47FC-9F68-7F1A7C908358}) (Version: 5.1.1.1000 - Weyerhaeuser)
Javelin JAV (HKLM\...\{0F1E09C3-0424-47FC-9F68-7F1A7C908358}) (Version: 5.1.1 - )
Junk E-mail Reporting Tool (HKLM-x32\...\{B72B06E0-0C54-495F-896F-E3ED2905624D}) (Version: 8.0.681 - Microsoft Corporation)
Macromedia Authorware Web Player (HKLM-x32\...\Macromedia Authorware Web Player) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Conferencing Add-in for Microsoft Office Outlook (HKLM-x32\...\{987CAEDE-EB67-4D5A-B0C0-AE0640A17B5F}) (Version: 8.0.6362.191 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Communicator 2007 R2 (HKLM-x32\...\{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}) (Version: 3.5.6907.268 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{BCC7E198-1D10-4B55-956E-550A196F8056}) (Version: 8.0.6362.190 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio Viewer 2007 (HKLM-x32\...\{95120000-0052-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Word 2007 Get Started Tab (HKLM-x32\...\{68B52EFD-86CC-486E-A8D0-A3A1554CB5BC}) (Version: 12.0.0 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{D8AB93B0-6FBF-44A0-971F-C0669B5AE6DD}) (Version: 7.250.4556.0 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{01078B88-2981-4F75-96B0-8B22E2D2DE03}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Modus License Manager (HKLM-x32\...\{F533EEA7-6904-43FF-BA7D-EDD666A950F2}) (Version: 1.1.0.26 - Weyerhaeuser)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{D535FC73-1F63-4347-896A-C97A45F11E9C}) (Version: 3.0.07.44 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.44 - O2Micro International LTD.) Hidden
ObjectDBX (HKLM-x32\...\{DD762739-29D8-490F-A2F6-1694755722FD}) (Version: 1.00.0000 - AutoDesk)
Online Plug-in (x32 Version: 13.1.201.3 - Citrix Systems, Inc.) Hidden
PDFlite 0.11.2.0 (HKLM-x32\...\PDFlite) (Version: 0.11.2.0 - Amnis Technology Ltd)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Seagate Dashboard (HKLM-x32\...\{F1D8690F-06B3-4100-9949-398EA253AC61}) (Version: 3.2.1801.0 - Seagate)
Seavus Project Viewer 4.0.0 Corporate Edition (HKLM-x32\...\{EC852FE4-9F93-4152-ADB8-916623FB45AA}) (Version: 4.0.0 - Seavus)
Self-service Plug-in (x32 Version: 3.2.0.24226 - Citrix Systems, Inc.) Hidden
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (HKLM\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation)
SlimDX Redistributable (August 2009) (HKLM-x32\...\{94C1A41C-2A2D-4AF0-858E-924288245621}) (Version: 2.0.8.42 - SlimDX Group)
SlimDX Runtime .NET 4.0 x64 (January 2012) (HKLM\...\{A2199A06-89C4-4187-AA4A-3A9676FB799D}) (Version: 2.0.13.43 - SlimDX Group)
SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Management Studio (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0036 - ST Microelectronics)
TeamViewer 10 Host (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Trend Micro OfficeScan Client (HKLM-x32\...\OfficeScanNT) (Version: 10.6.3205 - Trend Micro)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Wey_Reg_Update_EN1 (64 Bit) (HKLM\...\{BF7D21F0-148A-4ABF-B248-2402D22CD0B9}) (Version: 1.00.0000 - HP)
Weyerhaeuser Design Engine 6.0.0 (HKLM-x32\...\{6FA60EA7-C211-429E-9819-7D77C0E64391}) (Version: 6.0.0 - Weyerhaeuser)
Weyerhaeuser Design Engine 6.1.1 (HKLM-x32\...\{607B7B4D-1F1C-488B-B094-6D506FD869BD}) (Version: 6.1.1.5 - Weyerhaeuser)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
XImage (HKLM-x32\...\{F998B3B6-B961-4060-9375-9B9961030C93}) (Version: 7.1.6 - Dell Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-527237240-1708537768-682003330-406846_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2012\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-527237240-1708537768-682003330-406846_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-527237240-1708537768-682003330-406846_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2012\dwgviewr.exe (Autodesk, Inc.)

==================== Restore Points  =========================

22-12-2014 14:44:00 DDU System Restored Point
22-12-2014 14:45:31 DDU System Restored Point
22-12-2014 15:07:58 DDU System Restored Point
22-12-2014 16:07:01 Corey - Dec 22nd
23-12-2014 10:33:15 Corey Dec 23rd
23-12-2014 16:16:51 Removed Windows Resource Kit Tools - SubInAcl.exe
30-12-2014 15:36:28 Tweaking.com - Windows Repair

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-12-23 13:04 - 2014-12-24 09:32 - 00000025 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06083D8A-BF0E-48D7-B609-50DBCD40931F} - System32\Tasks\{B53BF8C5-A889-454D-AB4A-C1D512CFB498} => pcalua.exe -a "C:\Temp\Trend_10.6 GUID Repair\ImgSetup.exe" -d C:\Users\weathere\Desktop
Task: {11D5E620-58D9-467D-91A9-65D0C91C528B} - System32\Tasks\G2MUpdateTask-S-1-5-21-527237240-1708537768-682003330-406846 => C:\Program Files (x86)\Citrix\GoToMeeting\2130\g2mupdate.exe [2014-12-22] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {4E483B6F-76DF-44E5-9522-34050AC8EC88} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {6628955D-510E-41F8-83F8-7DD29CB8CF8B} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-09-17] (Seagate Technology LLC)
Task: {6744B432-F45B-4F54-AEF3-0549901AE28B} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\Windows\CCM\ccmeval.exe [2013-09-11] (Microsoft Corporation)
Task: {86D880C0-D4BE-4D33-8835-874A7474B035} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {9B9B651A-4EEE-432B-844B-CFACA1512441} - System32\Tasks\{271E0F23-7C26-49F8-8A39-62344BAF2B18} => pcalua.exe -a "C:\Users\weathere\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YXFJ045X\win64_152822.exe" -d C:\Users\weathere\Desktop
Task: {9ED00978-16D8-47C8-8945-E64299F14FDC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A92ECD98-6C14-4913-80A9-49F2D81EC9F7} - System32\Tasks\WeatherE DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-09-17] (Seagate Technology LLC)
Task: {B664E23F-656A-4F14-BC6C-13DD59E9C944} - \Search-Protect No Task File <==== ATTENTION
Task: {D198AEB1-297A-4B10-88C4-8D1C5517EC9A} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-23] ()
Task: {D2B2B4FC-B98E-4E9C-B57C-A7D7E31107FA} - System32\Tasks\Leader Technologies\PowerRegister\Seagate NA7GLL9G Product Registration (WeatherE) => C:\Users\weathere\AppData\Roaming\Leadertech\PowerRegister\Seagate NA7GLL9G Product Registration.exe [2014-12-21] (Leader Technologies/Seagate)
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-527237240-1708537768-682003330-406846.job => C:\Program Files (x86)\Citrix\GoToMeeting\2130\g2mupdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-03 13:57 - 2013-08-26 06:12 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2014-08-28 09:00 - 2011-04-01 14:16 - 00801792 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\sqlite3.dll
2007-05-16 12:42 - 2007-05-16 12:42 - 00089088 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\zlibwapi.dll
2014-02-11 14:26 - 2003-04-18 06:36 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: SecurityCenterServer1106302851 => 2
MSCONFIG\Services: SecurityCenterServer145289543 => 2
MSCONFIG\Services: SecurityCenterServer1832421798 => 2
MSCONFIG\Services: SecurityCenterServer1938603624 => 2
MSCONFIG\Services: SecurityCenterServer2336802626 => 2
MSCONFIG\Services: SecurityCenterServer2655143048 => 2
MSCONFIG\Services: SecurityCenterServer2984744756 => 2
MSCONFIG\Services: SecurityCenterServer3087585242 => 2
MSCONFIG\Services: SecurityCenterServer3319609078 => 2
MSCONFIG\Services: SecurityCenterServer34648708 => 2
MSCONFIG\Services: SecurityCenterServer388578941 => 2
MSCONFIG\Services: SecurityCenterServer4149760764 => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Akizosfeanaqevn => C:\Users\weathere\AppData\Roaming\Yshyuvh\ywohav.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Communicator => "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: Ehnetiogorokc => C:\Users\weathere\AppData\Roaming\Ciadmey\loepu.exe
MSCONFIG\startupreg: Ekviyf => "C:\Users\weathere\AppData\Roaming\Tuledygu\bootoz.exe"
MSCONFIG\startupreg: Heuriqovsofuy => "C:\Users\weathere\AppData\Roaming\Icwani\sageob.exe"
MSCONFIG\startupreg: Hiuropimugom => "C:\Users\weathere\AppData\Roaming\Yxvesy\qigaiqk.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Imlilaepa => "C:\Users\weathere\AppData\Roaming\Reakul\lotup.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: OfficeScanNT Monitor => "C:\Program Files (x86)\Trend Micro\OfficeScan Client\Pccntmon.exe" -HideWindow
MSCONFIG\startupreg: Ohvoexikg => "C:\Users\weathere\AppData\Roaming\Kiawtood\moneryz.exe"
MSCONFIG\startupreg: Onlauwm => "C:\Users\weathere\AppData\Roaming\Soatyzl\itacqa.exe"
MSCONFIG\startupreg: Osuwopigboecna => "C:\Users\weathere\AppData\Roaming\Hydookfa\ohixt.exe"
MSCONFIG\startupreg: Pafaofe => "C:\Users\weathere\AppData\Roaming\Ygbiqu\mueni.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Seutce => C:\Users\weathere\AppData\Roaming\Pisikay\bolah.exe
MSCONFIG\startupreg: Sieqah => "C:\Users\weathere\AppData\Roaming\Ytozfoso\meudv.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: Ykahyxxeoxyhazo => "C:\Users\weathere\AppData\Roaming\Syihqyv\pyleo.exe"

========================= Accounts: ==========================

%Prineville!!! (S-1-5-21-3852123465-4035860073-2269387134-501 - Limited - Disabled)
WYAdmin (S-1-5-21-3852123465-4035860073-2269387134-500 - Administrator - Enabled) => C:\Users\Administrator

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/30/2014 04:16:38 PM) (Source: NVMUP) (EventID: 4) (User: )
Description: Update Update Failed

Package Display.Driver

Log file: C:\Windows\nvmup\updatepackage\log\nvmup.log

Exit Code = 1603 (Error)

Error: (12/30/2014 04:09:11 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (12/30/2014 04:09:11 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (12/30/2014 03:58:22 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL10.JAV\MSSQL\BINN\XEPKG0.MOF

Error: (12/30/2014 03:58:22 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL10.JAV\MSSQL\BINN\XESOSPKG.MOF

Error: (12/30/2014 03:58:22 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL10.JAV\MSSQL\BINN\XESQLPKG.MOF

Error: (12/30/2014 03:58:22 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004100aC:\PROGRAM FILES (X86)\MICROSOFT SQL SERVER\100\SHARED\SQLMGMPROVIDERXPSP2UP.MOF

Error: (12/30/2014 03:15:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 02:30:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 00:46:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (12/30/2014 04:19:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/30/2014 04:12:21 PM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.

Error: (12/30/2014 04:10:38 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: CORP)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (12/30/2014 04:09:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/30/2014 04:09:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Time service terminated with the following error:
%%1792

Error: (12/30/2014 04:09:13 PM) (Source: Microsoft-Windows-Time-Service) (EventID: 46) (User: NT AUTHORITY)
Description: The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started.

Error: (12/30/2014 04:09:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
mbamchameleon

Error: (12/30/2014 04:08:40 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (12/30/2014 04:07:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The OfficeScan NT Firewall service depends on the Trend Micro WFP Callout Driver service which failed to start because of the following error:
%%2

Error: (12/30/2014 04:07:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Trend Micro WFP Callout Driver service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-12-20 15:52:55.703
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-20 15:52:55.687
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 20%
Total physical RAM: 12229.51 MB
Available physical RAM: 9765.19 MB
Total Pagefile: 24457.2 MB
Available Pagefile: 21739.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:465.47 GB) (Free:379.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 10CE05D2)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

 

 

Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Trend Micro OfficeScan Antivirus  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java™ 6 Update 33 
 Java version 32-bit out of Date!
  Adobe Flash Player 15.0.0.239 Flash Player out of Date! 
 Adobe Reader XI 
 Mozilla Firefox (34.0.5)
 Google Chrome 35.0.1916.153 Google Chrome out of date! 
````````Process Check: objlist.exe by Laurent```````` 
 Trend Micro OfficeScan Client pccntmon.exe
 Common Files Microsoft Shared Microsoft Online Services MSOIDSVC.EXE
 Common Files Microsoft Shared Microsoft Online Services MSOIDSvcm.exe
 Trend Micro OfficeScan Client ntrtscan.exe 
 Trend Micro OfficeScan Client tmlisten.exe 
 Trend Micro OfficeScan Client CNTAoSMgr.exe 
 Trend Micro BM TMBMSRV.exe 
 Trend Micro OfficeScan Client TmPfw.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
 


Edited by hamluis, 30 December 2014 - 06:40 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:14 AM

Posted 04 January 2015 - 05:26 PM

Greetings Ilymar and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I see you have done quite a bit to the computer already but it is still in a troubled state.

Please run the below for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM Group Policy restriction on software: limewire*.* <====== ATTENTION
HKLM Group Policy restriction on software: Winamp*.* <====== ATTENTION
HKLM Group Policy restriction on software: Skype*.* <====== ATTENTION
HKLM Group Policy restriction on software: desktopweather*.* <====== ATTENTION
HKLM Group Policy restriction on software: GoogleWebAccelerator*.* <====== ATTENTION
HKLM Group Policy restriction on software: spybot*.* <====== ATTENTION
HKLM Group Policy restriction on software: GoogleDesktop*.* <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%\System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: D:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Navnt <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\program files\Trend Micro <====== ATTENTION
Winlogon\Notify\hgnlyrs-x32:  [X]
Winlogon\Notify\pbhvoes-x32:  [X]
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => "c:\Windows\SysWOW64\nvinit.dll" File Not Found
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-527237240-1708537768-682003330-406846\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 kptfjebm; \??\C:\Windows\system32\drivers\kptfjebm.sys [X]
S1 mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys [X]
2014-12-19 08:57 - 2014-10-24 10:57 - 00508486 _____ () C:\Windows\SysWOW64\uncoogesm.exe
2014-12-19 08:57 - 2014-08-24 09:32 - 00508486 _____ () C:\Windows\SysWOW64\dupas.exe
2014-12-19 08:57 - 2014-06-02 12:57 - 00508486 _____ () C:\Windows\SysWOW64\epfixi.exe
2014-12-19 08:57 - 2014-05-31 16:18 - 00508486 _____ () C:\Windows\SysWOW64\nazyudysul.exe
2014-12-15 09:52 - 2014-12-15 09:54 - 00000000 ____D () C:\ProgramData\meoht
2014-12-15 09:49 - 2014-12-19 15:27 - 00000000 ____D () C:\ProgramData\IayaMmonq
Task: {B664E23F-656A-4F14-BC6C-13DD59E9C944} - \Search-Protect No Task File <==== ATTENTION
Folder C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
cmd: regedit /e "%userprofile%\desktop\msconfig.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig"
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • In addition, another file called msconfig.txt will be created on your desktop. Please attach that file to your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • Attached msconfig.txt file
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#3 Ilymar

Ilymar
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 07 January 2015 - 09:24 AM

Hi Gary!

 

I appreciate the reply and i apologize that I have not been able to check back on this for several days now.

 

Interestingly enough I had fixed the issue by re-registering the Windows Installer service.

 

I'll post the logs as soon as possible, the pc in question is a friends, so I will see if I can get the necessary information tonight after work.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:14 AM

Posted 07 January 2015 - 11:37 AM

Thanks for the update. I will await your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:14 AM

Posted 10 January 2015 - 11:03 AM

Greetings,

Are you able to provide update information?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:14 AM

Posted 12 January 2015 - 09:15 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:14 AM

Posted 15 January 2015 - 10:25 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users