Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
dllhost.exe com surrogate taking over the machine
Message
<blockquote data-quote="Loudanew" data-source="post: 293824" data-attributes="member: 30106"><p>OK, round 2! </p><p></p><p>mbar log:</p><p></p><p>Malwarebytes Anti-Rootkit BETA 1.08.0.1001</p><p><a href="http://www.malwarebytes.org" target="_blank">www.malwarebytes.org</a></p><p></p><p>Database version: v2014.11.06.09</p><p></p><p>Windows 7 Service Pack 1 x64 NTFS</p><p>Internet Explorer 11.0.9600.17358</p><p>SYS ADMIN :: A3DESKTOP [administrator]</p><p></p><p>11/6/2014 4:49:51 PM</p><p>mbar-log-2014-11-06 (16-49-51).txt</p><p></p><p>Scan type: Quick scan</p><p>Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken</p><p>Scan options disabled:</p><p>Objects scanned: 704569</p><p>Time elapsed: 45 minute(s), 56 second(s)</p><p></p><p>Memory Processes Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Memory Modules Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Keys Detected: 1</p><p>HKU\S-1-5-21-2044468799-2263312576-519008094-1003_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\LOCALSERVER32\^ (Trojan.Poweliks) -> Delete on reboot. [b1e0db5d8cf094a2b3af23df5aa63cc4]</p><p></p><p>Registry Values Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Data Items Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Folders Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Files Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Physical Sectors Detected: 0</p><p>(No malicious items detected)</p><p></p><p>(end)</p><p></p><p>mbar system log</p><p></p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.08.0.1001</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 6.1.7601 Windows 7 Service Pack 1 x64</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 11.0.9600.17358</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED</p><p>CPU speed: 2.194000 GHz</p><p>Memory total: 4255223808, free: 2836979712</p><p></p><p>Downloaded database version: v2014.11.06.09</p><p>Downloaded database version: v2014.11.01.02</p><p>=======================================</p><p>Initializing...</p><p>------------ Kernel report ------------</p><p> 11/06/2014 16:49:30</p><p>------------ Loaded modules -----------</p><p>\SystemRoot\system32\ntoskrnl.exe</p><p>\SystemRoot\system32\hal.dll</p><p>\SystemRoot\system32\kdcom.dll</p><p>\SystemRoot\system32\mcupdate_GenuineIntel.dll</p><p>\SystemRoot\system32\PSHED.dll</p><p>\SystemRoot\system32\CLFS.SYS</p><p>\SystemRoot\system32\CI.dll</p><p>\SystemRoot\system32\drivers\Wdf01000.sys</p><p>\SystemRoot\system32\drivers\WDFLDR.SYS</p><p>\SystemRoot\system32\drivers\ACPI.sys</p><p>\SystemRoot\system32\drivers\WMILIB.SYS</p><p>\SystemRoot\system32\drivers\msisadrv.sys</p><p>\SystemRoot\system32\drivers\pci.sys</p><p>\SystemRoot\system32\drivers\vdrvroot.sys</p><p>\SystemRoot\system32\drivers\gfibto.sys</p><p>\SystemRoot\System32\drivers\partmgr.sys</p><p>\SystemRoot\system32\drivers\volmgr.sys</p><p>\SystemRoot\System32\drivers\volmgrx.sys</p><p>\SystemRoot\System32\drivers\mountmgr.sys</p><p>\SystemRoot\system32\drivers\atapi.sys</p><p>\SystemRoot\system32\drivers\ataport.SYS</p><p>\SystemRoot\system32\drivers\msahci.sys</p><p>\SystemRoot\system32\drivers\PCIIDEX.SYS</p><p>\SystemRoot\system32\drivers\amdxata.sys</p><p>\SystemRoot\system32\drivers\fltmgr.sys</p><p>\SystemRoot\system32\drivers\fileinfo.sys</p><p>\SystemRoot\System32\Drivers\Ntfs.sys</p><p>\SystemRoot\System32\Drivers\msrpc.sys</p><p>\SystemRoot\System32\Drivers\ksecdd.sys</p><p>\SystemRoot\System32\Drivers\cng.sys</p><p>\SystemRoot\System32\drivers\pcw.sys</p><p>\SystemRoot\System32\Drivers\Fs_Rec.sys</p><p>\SystemRoot\system32\drivers\ndis.sys</p><p>\SystemRoot\system32\drivers\NETIO.SYS</p><p>\SystemRoot\System32\Drivers\ksecpkg.sys</p><p>\SystemRoot\System32\drivers\tcpip.sys</p><p>\SystemRoot\System32\drivers\fwpkclnt.sys</p><p>\SystemRoot\system32\drivers\volsnap.sys</p><p>\SystemRoot\System32\Drivers\spldr.sys</p><p>\SystemRoot\System32\drivers\rdyboost.sys</p><p>\SystemRoot\System32\Drivers\mup.sys</p><p>\SystemRoot\System32\drivers\hwpolicy.sys</p><p>\SystemRoot\System32\DRIVERS\fvevol.sys</p><p>\SystemRoot\system32\DRIVERS\disk.sys</p><p>\SystemRoot\system32\DRIVERS\CLASSPNP.SYS</p><p>\SystemRoot\System32\Drivers\Null.SYS</p><p>\SystemRoot\System32\Drivers\Beep.SYS</p><p>\SystemRoot\System32\drivers\vga.sys</p><p>\SystemRoot\System32\drivers\VIDEOPRT.SYS</p><p>\SystemRoot\System32\drivers\watchdog.sys</p><p>\SystemRoot\System32\DRIVERS\RDPCDD.sys</p><p>\SystemRoot\system32\drivers\rdpencdd.sys</p><p>\SystemRoot\system32\drivers\rdprefmp.sys</p><p>\SystemRoot\System32\Drivers\Msfs.SYS</p><p>\SystemRoot\System32\Drivers\Npfs.SYS</p><p>\SystemRoot\system32\DRIVERS\tdx.sys</p><p>\SystemRoot\system32\DRIVERS\TDI.SYS</p><p>\SystemRoot\System32\DRIVERS\netbt.sys</p><p>\SystemRoot\system32\drivers\afd.sys</p><p>\SystemRoot\system32\drivers\ws2ifsl.sys</p><p>\SystemRoot\system32\DRIVERS\wfplwf.sys</p><p>\SystemRoot\system32\DRIVERS\pacer.sys</p><p>\SystemRoot\system32\DRIVERS\vwififlt.sys</p><p>\SystemRoot\system32\DRIVERS\netbios.sys</p><p>\SystemRoot\system32\DRIVERS\wanarp.sys</p><p>\SystemRoot\system32\drivers\termdd.sys</p><p>\SystemRoot\system32\DRIVERS\rdbss.sys</p><p>\SystemRoot\system32\drivers\nsiproxy.sys</p><p>\SystemRoot\system32\drivers\mssmbios.sys</p><p>\SystemRoot\System32\drivers\discache.sys</p><p>\SystemRoot\System32\Drivers\dfsc.sys</p><p>\SystemRoot\system32\DRIVERS\blbdrive.sys</p><p>\SystemRoot\system32\DRIVERS\intelppm.sys</p><p>\SystemRoot\system32\DRIVERS\igdkmd64.sys</p><p>\SystemRoot\System32\drivers\dxgkrnl.sys</p><p>\SystemRoot\System32\drivers\dxgmms1.sys</p><p>\SystemRoot\system32\DRIVERS\usbuhci.sys</p><p>\SystemRoot\system32\DRIVERS\USBPORT.SYS</p><p>\SystemRoot\system32\DRIVERS\usbehci.sys</p><p>\SystemRoot\system32\drivers\HDAudBus.sys</p><p>\SystemRoot\system32\DRIVERS\athrx.sys</p><p>\SystemRoot\system32\DRIVERS\vwifibus.sys</p><p>\SystemRoot\system32\drivers\ohci1394.sys</p><p>\SystemRoot\system32\drivers\1394BUS.SYS</p><p>\SystemRoot\system32\DRIVERS\o2sdgx64.sys</p><p>\SystemRoot\system32\DRIVERS\SCSIPORT.SYS</p><p>\SystemRoot\system32\DRIVERS\o2mdgx64.sys</p><p>\SystemRoot\system32\DRIVERS\Rt64win7.sys</p><p>\SystemRoot\system32\drivers\CompositeBus.sys</p><p>\SystemRoot\system32\DRIVERS\AgileVpn.sys</p><p>\SystemRoot\system32\DRIVERS\rasl2tp.sys</p><p>\SystemRoot\system32\DRIVERS\ndistapi.sys</p><p>\SystemRoot\system32\DRIVERS\ndiswan.sys</p><p>\SystemRoot\system32\DRIVERS\raspppoe.sys</p><p>\SystemRoot\system32\DRIVERS\raspptp.sys</p><p>\SystemRoot\system32\DRIVERS\rassstp.sys</p><p>\SystemRoot\system32\DRIVERS\kbdclass.sys</p><p>\SystemRoot\system32\DRIVERS\mouclass.sys</p><p>\SystemRoot\system32\drivers\swenum.sys</p><p>\SystemRoot\system32\drivers\ks.sys</p><p>\SystemRoot\system32\DRIVERS\circlass.sys</p><p>\SystemRoot\system32\drivers\umbus.sys</p><p>\SystemRoot\system32\DRIVERS\usbhub.sys</p><p>\SystemRoot\System32\Drivers\NDProxy.SYS</p><p>\SystemRoot\system32\drivers\RTKVHD64.sys</p><p>\SystemRoot\system32\drivers\portcls.sys</p><p>\SystemRoot\system32\drivers\drmk.sys</p><p>\SystemRoot\system32\drivers\ksthunk.sys</p><p>\SystemRoot\system32\drivers\IntcHdmi.sys</p><p>\SystemRoot\System32\win32k.sys</p><p>\SystemRoot\System32\drivers\Dxapi.sys</p><p>\SystemRoot\System32\Drivers\crashdmp.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpata.sys</p><p>\SystemRoot\System32\Drivers\dump_msahci.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpfve.sys</p><p>\SystemRoot\system32\DRIVERS\monitor.sys</p><p>\SystemRoot\system32\DRIVERS\usbccgp.sys</p><p>\SystemRoot\system32\DRIVERS\USBD.SYS</p><p>\SystemRoot\System32\Drivers\VMC412.sys</p><p>\SystemRoot\system32\drivers\usbaudio.sys</p><p>\SystemRoot\System32\TSDDD.dll</p><p>\SystemRoot\system32\DRIVERS\hidusb.sys</p><p>\SystemRoot\system32\DRIVERS\HIDCLASS.SYS</p><p>\SystemRoot\system32\DRIVERS\HIDPARSE.SYS</p><p>\SystemRoot\system32\DRIVERS\kbdhid.sys</p><p>\SystemRoot\system32\DRIVERS\dc3d.sys</p><p>\SystemRoot\system32\DRIVERS\mouhid.sys</p><p>\SystemRoot\system32\DRIVERS\point64.sys</p><p>\SystemRoot\system32\drivers\luafv.sys</p><p>\SystemRoot\system32\DRIVERS\lltdio.sys</p><p>\SystemRoot\system32\DRIVERS\nwifi.sys</p><p>\SystemRoot\system32\DRIVERS\ndisuio.sys</p><p>\SystemRoot\system32\DRIVERS\rspndr.sys</p><p>\SystemRoot\system32\DRIVERS\vwifimp.sys</p><p>\SystemRoot\system32\drivers\HTTP.sys</p><p>\SystemRoot\System32\DRIVERS\srvnet.sys</p><p>\SystemRoot\system32\DRIVERS\bowser.sys</p><p>\SystemRoot\System32\drivers\mpsdrv.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb10.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb20.sys</p><p>\SystemRoot\System32\DRIVERS\srv2.sys</p><p>\SystemRoot\System32\DRIVERS\srv.sys</p><p>\SystemRoot\system32\drivers\peauth.sys</p><p>\SystemRoot\System32\Drivers\secdrv.SYS</p><p>\SystemRoot\System32\drivers\tcpipreg.sys</p><p>\SystemRoot\system32\drivers\WudfPf.sys</p><p>\SystemRoot\System32\cdd.dll</p><p>\SystemRoot\system32\drivers\btusbflt.sys</p><p>\SystemRoot\System32\Drivers\BTHUSB.sys</p><p>\SystemRoot\System32\Drivers\bthport.sys</p><p>\SystemRoot\system32\DRIVERS\rfcomm.sys</p><p>\SystemRoot\system32\drivers\BthEnum.sys</p><p>\SystemRoot\system32\DRIVERS\bthpan.sys</p><p>\SystemRoot\system32\DRIVERS\hidbth.sys</p><p>\SystemRoot\system32\DRIVERS\btwavdt.sys</p><p>\SystemRoot\system32\drivers\btwaudio.sys</p><p>\SystemRoot\system32\DRIVERS\btwl2cap.sys</p><p>\SystemRoot\system32\DRIVERS\btwrchid.sys</p><p>\??\C:\Windows\system32\drivers\mbamchameleon.sys</p><p>\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys</p><p>\Windows\System32\ntdll.dll</p><p>\Windows\System32\smss.exe</p><p>\Windows\System32\apisetschema.dll</p><p>\Windows\System32\autochk.exe</p><p>\Windows\System32\usp10.dll</p><p>\Windows\System32\sechost.dll</p><p>\Windows\System32\Wldap32.dll</p><p>\Windows\System32\imagehlp.dll</p><p>\Windows\System32\nsi.dll</p><p>\Windows\System32\imm32.dll</p><p>\Windows\System32\setupapi.dll</p><p>\Windows\System32\shlwapi.dll</p><p>\Windows\System32\comdlg32.dll</p><p>\Windows\System32\rpcrt4.dll</p><p>\Windows\System32\user32.dll</p><p>\Windows\System32\psapi.dll</p><p>\Windows\System32\clbcatq.dll</p><p>\Windows\System32\msctf.dll</p><p>\Windows\System32\msvcrt.dll</p><p>\Windows\System32\ws2_32.dll</p><p>\Windows\System32\ole32.dll</p><p>\Windows\System32\iertutil.dll</p><p>\Windows\System32\gdi32.dll</p><p>\Windows\System32\lpk.dll</p><p>\Windows\System32\kernel32.dll</p><p>\Windows\System32\advapi32.dll</p><p>\Windows\System32\shell32.dll</p><p>\Windows\System32\urlmon.dll</p><p>\Windows\System32\oleaut32.dll</p><p>\Windows\System32\difxapi.dll</p><p>\Windows\System32\wininet.dll</p><p>\Windows\System32\normaliz.dll</p><p>\Windows\System32\userenv.dll</p><p>\Windows\System32\wintrust.dll</p><p>\Windows\System32\devobj.dll</p><p>\Windows\System32\cfgmgr32.dll</p><p>\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll</p><p>\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll</p><p>\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll</p><p>\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll</p><p>\Windows\System32\KernelBase.dll</p><p>\Windows\System32\crypt32.dll</p><p>\Windows\System32\comctl32.dll</p><p>\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll</p><p>\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll</p><p>\Windows\System32\profapi.dll</p><p>\Windows\System32\msasn1.dll</p><p>\Windows\SysWOW64\normaliz.dll</p><p>----------- End -----------</p><p>Done!</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk0\DR0</p><p>Upper Device Object: 0xfffffa8004c06170</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\</p><p>Lower Device Object: 0xfffffa80046c6680</p><p>Lower Device Driver Name: \Driver\atapi\</p><p><<<2>>></p><p>Physical Sector Size: 512</p><p>Drive: 0, DevicePointer: 0xfffffa8004c06170, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa8004c07b90, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa8004c06170, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa80046ca520, DeviceName: Unknown, DriverName: \Driver\ACPI\</p><p>DevicePointer: 0xfffffa80046c6680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0x0, 0x0, 0x0</p><p>Lower DeviceData: 0x0, 0x0, 0x0</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p><<<2>>></p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...</p><p>Done!</p><p>Drive 0</p><p>This is a System drive</p><p>Scanning MBR on drive 0...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: 6242881B</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Primary (0x7)</p><p> Partition is ACTIVE.</p><p> Partition starts at LBA: 2048 Numsec = 204800</p><p> Partition file system is NTFS</p><p> Partition is bootable</p><p></p><p> Partition 1 type is Primary (0x7)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 206848 Numsec = 572352512</p><p></p><p> Partition 2 type is Other (0x12)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 572559360 Numsec = 52583088</p><p></p><p> Partition 3 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p>Disk Size: 320072933376 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Done!</p><p>Infected: HKU\S-1-5-21-2044468799-2263312576-519008094-1003_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\LOCALSERVER32\^ --> [Trojan.Poweliks]</p><p>Scan finished</p><p>Creating System Restore point...</p><p>Cleaning up...</p><p>Removal successful. No system shutdown is required.</p><p>=======================================</p><p></p><p>FRST.txt</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014</p><p>Ran by SYS ADMIN (administrator) on A3DESKTOP on 06-11-2014 21:32:02</p><p>Running from C:\Users\SYS ADMIN\Downloads</p><p>Loaded Profile: SYS ADMIN (Available profiles: LOUIS & BARBARA & SYS ADMIN)</p><p>Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)</p><p>Internet Explorer Version 11</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>() C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe</p><p>(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe</p><p>(Pro Softnet Corporation) C:\IDrive\IDriveE Service.exe</p><p>() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe</p><p>(O2Micro International) C:\Windows\System32\drivers\o2flash.exe</p><p>(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe</p><p>(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe</p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe</p><p>() C:\Program Files\Lenovo\Lenovo LVT Detect Program\ChangeKeyDefine.exe</p><p>(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE</p><p>(Intel Corporation) C:\Windows\System32\igfxtray.exe</p><p>(Intel Corporation) C:\Windows\System32\hkcmd.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxpers.exe</p><p>() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe</p><p>(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe</p><p>(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe</p><p>(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe</p><p>( ) C:\IDrive\IDrivePlugin.exe</p><p>(SanDisk Corporation) C:\Users\SYS ADMIN\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe</p><p>(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe</p><p>(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe</p><p>(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe</p><p>(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe</p><p>(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe</p><p>() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe</p><p>(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe</p><p>(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe</p><p>(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe</p><p>(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe</p><p>(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe</p><p>(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe</p><p>(Microsoft Corporation) C:\Windows\System32\prevhost.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9608224 2009-11-17] (Realtek Semiconductor)</p><p>HKLM\...\Run: [ChangeKeyDefine] => C:\Program Files\Lenovo\Lenovo LVT Detect Program\ChangeKeyDefine.exe [3686912 2009-11-09] ()</p><p>HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-07-26] (CANON INC.)</p><p>HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-17] (CANON INC.)</p><p>HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] ()</p><p>HKLM-x32\...\Run: [SetDefaultSCR] => C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe [102400 2009-07-25] (Lenovo)</p><p>HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)</p><p>HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)</p><p>HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe [61440 2006-09-14] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.)</p><p>HKLM-x32\...\Run: [] => [X]</p><p>HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft)</p><p>HKLM-x32\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)</p><p>HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)</p><p>HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()</p><p>Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)</p><p>HKU\S-1-5-21-2044468799-2263312576-519008094-1007\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)</p><p>HKU\S-1-5-21-2044468799-2263312576-519008094-1007\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)</p><p>HKU\S-1-5-21-2044468799-2263312576-519008094-1007\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)</p><p>HKU\S-1-5-21-2044468799-2263312576-519008094-1007\...\Run: [SansaDispatch] => C:\Users\SYS ADMIN\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [613888 2014-04-18] (SanDisk Corporation)</p><p>HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation)</p><p>Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk</p><p>ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()</p><p>Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk</p><p>ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()</p><p>Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk</p><p>ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)</p><p>Startup: C:\Users\BARBARA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk</p><p>ShortcutTarget: Dropbox.lnk -> C:\Users\SYS ADMIN\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)</p><p>Startup: C:\Users\SYS ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk</p><p>ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)</p><p>ShellIconOverlayIdentifiers: [AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud Connection (64 Bit)\CloudSyncExt.dll ()</p><p>ShellIconOverlayIdentifiers: [AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud Connection (64 Bit)\CloudSyncExt.dll ()</p><p>ShellIconOverlayIdentifiers: [AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud Connection (64 Bit)\CloudSyncExt.dll ()</p><p>ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File</p><p>ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File</p><p>ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File</p><p>ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BARBARA\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)</p><p>BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)</p><p>BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)</p><p>Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)</p><p>Toolbar: HKLM-x32 - FindWide Toolbar - {7F613374-CE10-4C6D-8C29-B21E167E67B5} - C:\Program Files (x86)\TNT2\Profiles\10885\passport.dll No File</p><p>Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File</p><p>Toolbar: HKCU - No Name - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File</p><p>Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File</p><p>Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File</p><p>DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <a href="http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab" target="_blank">http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab</a></p><p>Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)</p><p>Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File</p><p>Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File</p><p>Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)</p><p>Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)</p><p>Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)</p><p>Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)</p><p>Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File</p><p>Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)</p><p>Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)</p><p>Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.1</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\SYS ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\8zptc1uh.default</p><p>FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()</p><p>FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)</p><p>FF Plugin: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)</p><p>FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()</p><p>FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)</p><p>FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)</p><p>FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)</p><p>FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)</p><p>FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)</p><p>FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)</p><p>FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-10-30]</p><p></p><p>Chrome:</p><p>=======</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-07] (Adobe Systems) [File not signed]</p><p>R2 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] () [File not signed]</p><p>R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [899360 2010-04-14] (Broadcom Corporation.)</p><p>R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-01-07] (Macrovision Europe Ltd.) [File not signed]</p><p>R2 IDriveE Service; C:\IDrive\IDriveE Service.exe [157128 2011-06-24] (Pro Softnet Corporation)</p><p>R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] ()</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S3 a016bus; C:\Windows\System32\DRIVERS\a016bus.sys [109096 2008-01-18] (MCCI Corporation)</p><p>S3 a016mdfl; C:\Windows\System32\DRIVERS\a016mdfl.sys [19496 2008-01-18] (MCCI Corporation)</p><p>S3 a016mdm; C:\Windows\System32\DRIVERS\a016mdm.sys [146472 2008-01-18] (MCCI Corporation)</p><p>S3 a016mgmt; C:\Windows\System32\DRIVERS\a016mgmt.sys [130600 2008-01-18] (MCCI Corporation)</p><p>S3 a016obex; C:\Windows\System32\DRIVERS\a016obex.sys [125480 2008-01-18] (MCCI Corporation)</p><p>U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)</p><p>S3 ATIAVPCI; C:\Windows\System32\DRIVERS\atinavrr.sys [1383680 2009-07-15] (ATI Technologies Inc.)</p><p>S3 AVerBDA6x_x64; C:\Windows\System32\DRIVERS\AVerBDA716x_x64.sys [1504256 2009-11-27] (AVerMedia TECHNOLOGIES, Inc.)</p><p>R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-03-09] (GFI Software)</p><p>R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [131800 2014-11-06] (Malwarebytes Corporation)</p><p>S3 NxpCap64; C:\Windows\System32\DRIVERS\NxpCap64.sys [1648256 2009-10-16] (NXP Semiconductors Germany GmbH)</p><p>R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [50976 2010-01-11] (O2Micro )</p><p>S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)</p><p>R3 VMC412; C:\Windows\System32\Drivers\VMC412.sys [251648 2011-09-02] (Vimicro Corporation)</p><p>S3 catchme; \??\C:\ComboFix\catchme.sys [X]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-11-06 16:49 - 2014-11-06 21:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)</p><p>2014-11-06 16:47 - 2014-11-06 21:21 - 00000000 ____D () C:\Users\SYS ADMIN\Desktop\mbar</p><p>2014-11-06 16:47 - 2014-11-06 16:47 - 14439144 _____ (Malwarebytes Corp.) C:\Users\SYS ADMIN\Downloads\mbar-1.08.0.1001.exe</p><p>2014-11-06 11:25 - 2014-11-06 11:25 - 06808360 _____ (ParetoLogic, Inc.) C:\Users\LOUIS\Downloads\RegCureProSetup_e459c33_.exe</p><p>2014-11-05 16:08 - 2014-11-05 16:08 - 00001068 _____ () C:\Users\SYS ADMIN\Downloads\Malwarebytes.txt</p><p>2014-11-03 12:49 - 2014-11-03 12:49 - 00025354 _____ () C:\ComboFix.txt</p><p>2014-11-03 12:12 - 2014-11-03 12:12 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\SYS ADMIN\Downloads\tdsskiller.exe</p><p>2014-11-03 10:59 - 2014-11-05 15:03 - 00000000 ____D () C:\AdwCleaner</p><p>2014-11-03 10:48 - 2014-11-03 16:49 - 00039480 _____ () C:\Users\SYS ADMIN\Downloads\Addition.txt</p><p>2014-11-03 10:47 - 2014-11-06 21:32 - 00018157 _____ () C:\Users\SYS ADMIN\Downloads\FRST.txt</p><p>2014-11-03 10:46 - 2014-11-06 21:32 - 00000000 ____D () C:\FRST</p><p>2014-11-03 10:45 - 2014-11-03 10:45 - 01375089 _____ () C:\Users\SYS ADMIN\Downloads\AdwCleaner.exe</p><p>2014-11-03 10:44 - 2014-11-03 10:44 - 02114560 _____ (Farbar) C:\Users\SYS ADMIN\Downloads\FRST64.exe</p><p>2014-11-02 15:22 - 2014-11-03 12:49 - 00000000 ____D () C:\Qoobox</p><p>2014-11-02 15:22 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe</p><p>2014-11-02 15:22 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe</p><p>2014-11-02 15:22 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe</p><p>2014-11-02 15:22 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe</p><p>2014-11-02 15:22 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe</p><p>2014-11-02 15:22 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe</p><p>2014-11-02 15:22 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe</p><p>2014-11-02 15:22 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe</p><p>2014-11-02 15:21 - 2014-11-02 15:21 - 05591672 ____R (Swearware) C:\Users\SYS ADMIN\Downloads\ComboFix.exe</p><p>2014-11-02 09:54 - 2014-11-02 09:55 - 00001130 _____ () C:\DelFix.txt</p><p>2014-11-02 09:06 - 2014-11-02 09:41 - 00000000 ____D () C:\Windows\erdnt</p><p>2014-10-30 10:51 - 2014-10-30 10:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox</p><p>2014-10-30 09:30 - 2014-10-30 09:30 - 01055936 _____ (Adobe) C:\Users\LOUIS\Downloads\install_flashplayer15x32axau_mssd_aaa_aih.exe</p><p>2014-10-29 14:18 - 2014-10-30 16:21 - 00000000 ____D () C:\ProgramData\WatseLzayd</p><p>2014-10-28 14:25 - 2014-10-28 14:25 - 00000000 ____D () C:\Users\LOUIS\Documents\Updater5</p><p>2014-10-28 14:24 - 2014-10-28 14:24 - 01710787 _____ () C:\Users\LOUIS\Downloads\readpdfmessage</p><p>2014-10-16 07:34 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys</p><p>2014-10-16 07:34 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll</p><p>2014-10-16 07:34 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll</p><p>2014-10-16 07:34 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll</p><p>2014-10-16 07:34 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll</p><p>2014-10-16 07:34 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll</p><p>2014-10-16 07:34 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll</p><p>2014-10-16 07:34 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll</p><p>2014-10-16 07:33 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll</p><p>2014-10-16 07:33 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll</p><p>2014-10-16 07:33 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll</p><p>2014-10-16 07:33 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll</p><p>2014-10-16 07:33 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll</p><p>2014-10-16 07:33 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll</p><p>2014-10-16 07:33 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll</p><p>2014-10-16 07:33 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll</p><p>2014-10-16 07:33 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll</p><p>2014-10-16 07:33 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</p><p>2014-10-16 07:33 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl</p><p>2014-10-16 07:33 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl</p><p>2014-10-16 07:33 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll</p><p>2014-10-16 07:33 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb</p><p>2014-10-16 07:33 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll</p><p>2014-10-16 07:33 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</p><p>2014-10-16 07:33 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll</p><p>2014-10-16 07:33 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll</p><p>2014-10-16 07:33 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll</p><p>2014-10-16 07:33 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll</p><p>2014-10-16 07:33 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll</p><p>2014-10-16 07:33 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll</p><p>2014-10-16 07:33 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll</p><p>2014-10-16 07:33 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll</p><p>2014-10-16 07:33 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll</p><p>2014-10-16 07:33 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe</p><p>2014-10-16 07:33 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</p><p>2014-10-16 07:33 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll</p><p>2014-10-16 07:33 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe</p><p>2014-10-16 07:33 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe</p><p>2014-10-16 07:33 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</p><p>2014-10-16 07:33 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll</p><p>2014-10-16 07:33 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll</p><p>2014-10-16 07:33 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll</p><p>2014-10-16 07:33 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll</p><p>2014-10-16 07:33 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll</p><p>2014-10-16 07:33 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll</p><p>2014-10-16 07:33 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll</p><p>2014-10-16 07:33 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll</p><p>2014-10-16 07:33 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll</p><p>2014-10-16 07:33 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</p><p>2014-10-16 07:33 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</p><p>2014-10-16 07:33 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll</p><p>2014-10-16 07:33 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll</p><p>2014-10-16 07:33 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe</p><p>2014-10-16 07:33 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll</p><p>2014-10-16 07:33 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll</p><p>2014-10-16 07:33 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe</p><p>2014-10-16 07:33 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll</p><p>2014-10-16 07:33 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll</p><p>2014-10-16 07:33 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll</p><p>2014-10-16 07:33 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll</p><p>2014-10-16 07:33 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</p><p>2014-10-16 07:33 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll</p><p>2014-10-16 07:33 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll</p><p>2014-10-16 07:33 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</p><p>2014-10-16 07:33 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll</p><p>2014-10-16 07:33 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</p><p>2014-10-16 07:33 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll</p><p>2014-10-16 07:33 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll</p><p>2014-10-16 07:33 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll</p><p>2014-10-16 07:33 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll</p><p>2014-10-16 07:33 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll</p><p>2014-10-16 07:33 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL</p><p>2014-10-16 07:33 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL</p><p>2014-10-16 07:33 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL</p><p>2014-10-16 07:33 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL</p><p>2014-10-16 07:33 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL</p><p>2014-10-16 07:33 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL</p><p>2014-10-16 07:33 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL</p><p>2014-10-16 07:33 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL</p><p>2014-10-16 07:33 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL</p><p>2014-10-16 07:33 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL</p><p>2014-10-16 07:33 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls</p><p>2014-10-16 07:33 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls</p><p>2014-10-16 07:32 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll</p><p>2014-10-16 07:32 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll</p><p>2014-10-16 07:32 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll</p><p>2014-10-16 07:32 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe</p><p>2014-10-16 07:32 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll</p><p>2014-10-16 07:32 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll</p><p>2014-10-16 07:32 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll</p><p>2014-10-16 07:32 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll</p><p>2014-10-16 07:32 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll</p><p>2014-10-16 07:32 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll</p><p>2014-10-16 07:32 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll</p><p>2014-10-16 07:32 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys</p><p>2014-10-16 07:32 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys</p><p>2014-10-16 07:31 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll</p><p>2014-10-16 07:31 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll</p><p>2014-10-16 07:18 - 2014-10-16 07:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft</p><p>2014-10-16 07:17 - 2014-10-16 07:17 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft</p><p>2014-10-16 07:15 - 2014-10-16 07:16 - 01753736 _____ () C:\Users\LOUIS\Downloads\Adaware_Installer.exe</p><p>2014-10-13 10:14 - 2014-10-13 10:14 - 00001566 _____ () C:\Users\LOUIS\Desktop\Harding Membership List-2013-11-23 - Shortcut.lnk</p><p>2014-10-10 09:33 - 2014-10-10 09:33 - 00013824 _____ () C:\Users\LOUIS\Downloads\Romeos10Oct2014.xls</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-11-06 21:28 - 2010-03-04 13:44 - 01482657 _____ () C:\Windows\WindowsUpdate.log</p><p>2014-11-06 21:28 - 2009-07-14 00:13 - 00786598 _____ () C:\Windows\system32\PerfStringBackup.INI</p><p>2014-11-06 21:27 - 2010-11-30 21:53 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5D702A1D-61BF-46CE-80CF-3B7028E8D165}</p><p>2014-11-06 21:24 - 2013-03-09 15:13 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection</p><p>2014-11-06 21:24 - 2010-12-24 23:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2014-11-06 21:23 - 2013-04-25 21:15 - 00045872 _____ () C:\Windows\setupact.log</p><p>2014-11-06 21:23 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT</p><p>2014-11-06 21:20 - 2014-06-20 13:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2014-11-06 21:20 - 2010-12-24 23:12 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2014-11-06 16:49 - 2014-10-02 16:37 - 00131800 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2014-11-06 16:48 - 2014-10-02 16:37 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys</p><p>2014-11-06 10:50 - 2009-07-13 23:45 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2014-11-06 10:50 - 2009-07-13 23:45 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2014-11-06 10:49 - 2010-12-12 21:14 - 00000000 ____D () C:\Users\LOUIS\AppData\Local\Adobe</p><p>2014-11-06 10:45 - 2010-12-04 17:45 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C5D2A1F0-EF22-4EC1-A707-7908A3811D72}</p><p>2014-11-05 16:37 - 2012-11-05 12:57 - 00000000 ___RD () C:\Users\BARBARA\Dropbox</p><p>2014-11-05 16:15 - 2012-11-05 12:51 - 00000000 ____D () C:\Users\BARBARA\AppData\Roaming\Dropbox</p><p>2014-11-05 14:59 - 2013-09-18 17:12 - 00384268 _____ () C:\Windows\PFRO.log</p><p>2014-11-03 19:40 - 2010-03-04 14:06 - 00000000 ____D () C:\ProgramData\Microsoft Help</p><p>2014-11-03 19:17 - 2014-04-19 18:45 - 00044651 _____ () C:\Users\LOUIS\Documents\Walkway Vol Hub hours.xlsx</p><p>2014-11-03 13:30 - 2010-03-04 14:14 - 00799604 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI</p><p>2014-11-03 12:46 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini</p><p>2014-11-02 09:43 - 2014-07-15 07:32 - 00000000 ____D () C:\Users\TEMP.A3DESKTOP.007</p><p>2014-11-02 09:43 - 2012-09-27 08:23 - 00000000 ____D () C:\Users\TEMP.A3DESKTOP.003</p><p>2014-10-31 15:56 - 2010-12-23 22:01 - 00000000 ____D () C:\Users\LOUIS\AppData\Local\CutePDF Writer</p><p>2014-10-30 16:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Globalization</p><p>2014-10-30 14:33 - 2014-10-02 16:37 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2014-10-30 14:33 - 2014-10-02 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2014-10-30 14:33 - 2014-10-02 16:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware</p><p>2014-10-30 14:02 - 2012-06-25 14:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service</p><p>2014-10-25 11:01 - 2011-07-30 15:00 - 00000000 ____D () C:\IDrive</p><p>2014-10-24 10:02 - 2010-12-24 23:12 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA</p><p>2014-10-24 10:02 - 2010-12-24 23:12 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore</p><p>2014-10-22 11:33 - 2014-09-11 10:33 - 00000000 ____D () C:\Users\SYS ADMIN\AppData\Local\Adobe</p><p>2014-10-22 10:44 - 2014-06-20 13:56 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater</p><p>2014-10-22 10:44 - 2014-05-08 13:57 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2014-10-22 10:44 - 2014-05-08 13:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2014-10-21 13:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache</p><p>2014-10-21 11:16 - 2009-07-13 23:45 - 00418312 _____ () C:\Windows\system32\FNTCACHE.DAT</p><p>2014-10-21 11:12 - 2014-05-06 19:30 - 00000000 ___SD () C:\Windows\system32\CompatTel</p><p>2014-10-16 16:06 - 2013-09-01 19:24 - 00000000 ____D () C:\Windows\system32\MRT</p><p>2014-10-16 16:00 - 2010-12-16 19:51 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe</p><p>2014-10-16 14:50 - 2014-05-06 14:38 - 00000000 ____D () C:\Program Files\Used to be RrFilter</p><p>2014-10-16 14:50 - 2010-03-04 13:44 - 00000000 ____D () C:\temp</p><p>2014-10-13 10:11 - 2011-02-26 16:01 - 00000000 ____D () C:\Users\BARBARA\Documents\Miles of Hope</p><p>2014-10-10 09:35 - 2010-12-06 13:45 - 00000000 ____D () C:\My Work Files</p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Users\BARBARA\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxscssx.dll</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\System32\winlogon.exe => File is digitally signed</p><p>C:\Windows\System32\wininit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\System32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\System32\services.exe => File is digitally signed</p><p>C:\Windows\System32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\System32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\System32\rpcss.dll => File is digitally signed</p><p>C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2014-11-05 10:42</p><p></p><p>==================== End Of Log ============================</p><p></p><p>Addition.txt</p><p></p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014</p><p>Ran by SYS ADMIN at 2014-11-06 21:32:37</p><p>Running from C:\Users\SYS ADMIN\Downloads</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p> Sansa Media Converter (HKLM-x32\...\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}) (Version: 1.0-B4.263 - )</p><p>Ad-Aware Antivirus (HKLM\...\{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}_AdAwareUpdater) (Version: 11.4.6792.0 - Lavasoft)</p><p>AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden</p><p>AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden</p><p>Adobe Acrobat 8 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.0.0 - Adobe Systems)</p><p>Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)</p><p>Adobe Creative Cloud Connection (HKLM-x32\...\{893B3B44-0A1E-404B-8FE8-0A74509102A9}) (Version: 1.0.223.0 - Adobe Systems Incorporated)</p><p>Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )</p><p>Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)</p><p>Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)</p><p>Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.)</p><p>Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)</p><p>AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden</p><p>Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)</p><p>Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)</p><p>Applian FLV and Media Player 3.1.1.12 (HKLM-x32\...\Applian FLV and Media Player) (Version: 3.1.1.12 - Applian Technologies)</p><p>AVerMedia A328 Mini-Card Hybrid TV Tuner 2.2.64.33 (HKLM-x32\...\AVerMedia A328 Mini-Card Hybrid TV Tuner) (Version: 2.2.64.33 - AVerMedia TECHNOLOGIES, Inc.)</p><p>AVerMedia MiniCard Hybrid TV 1.3.64.80 (HKLM-x32\...\AVerMedia MiniCard Hybrid TV) (Version: 1.3.64.80 - AVerMedia TECHNOLOGIES, Inc.)</p><p>Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)</p><p>Box Edit (HKLM-x32\...\{D741BBF7-6A40-41D5-8F18-FCC2A3BBBDD3}) (Version: 2.0.15.240 - Box)</p><p>Broadcom 802.11 Wireless Driver (HKLM-x32\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )</p><p>CamSuite (HKLM-x32\...\{D1504C77-1B19-4AF0-8DEC-946666123B55}) (Version: 3.0.3604.1 - Lenovo)</p><p>Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version: - )</p><p>Canon MP490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series) (Version: - )</p><p>Canon MP490 series User Registration (HKLM-x32\...\Canon MP490 series User Registration) (Version: - )</p><p>Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )</p><p>Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )</p><p>Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )</p><p>CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)</p><p>CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )</p><p>D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden</p><p>DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.22 - DivX, LLC)</p><p>FLV Player (HKLM-x32\...\FLV Player2.0.25) (Version: 2.0.25 - Martijn de Visser Software)</p><p>Freecorder (HKLM-x32\...\Freecorder4.1) (Version: 4.1 - Applian Technologies Inc.)</p><p>Freecorder 7 Applications (7.0.0.48) (HKLM-x32\...\Freecorder 7 Applications) (Version: 7.0.0.48 - Applian Technologies)</p><p>Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )</p><p>Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden</p><p>Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)</p><p>Hybrid TV (HKLM\...\{CF29845C-705E-4450-A3FF-1D4754455AB9}) (Version: 6.14.10373 - Lenovo)</p><p>iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)</p><p>IDrive version 3.4.1 July 27, 2011 (HKLM-x32\...\IDrive_is1) (Version: 3.4.1 - ProSoftnet Corp)</p><p>ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.4.4.0 - LIGHTNING UK!)</p><p>Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)</p><p>Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1995 - Intel Corporation)</p><p>Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1800 - Broadcom Corporation)</p><p>Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.1.0.1311 - Lenovo)</p><p>Lenovo LVT Detect Program (HKLM-x32\...\{041B44FA-68E5-4D4B-BC87-F606DFD838C4}) (Version: 1.0.0.0 - Lenovo)</p><p>Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1029 - CyberLink Corp.)</p><p>Lenovo Rescue System (Version: 3.0.1029 - CyberLink Corp.) Hidden</p><p>Lenovo Screensaver (HKLM-x32\...\{803E6DED-5050-4E3D-B26A-5915397362CD}) (Version: 1.0.10.091105 - Lenovo)</p><p>Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)</p><p>LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.1.0930 - Lenovo)</p><p>Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)</p><p>MC963M (HKLM\...\{B500AD2D-F88B-4C60-9241-9BB34F6C727C}) (Version: 1.6.8028 - Lenovo)</p><p>Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)</p><p>Microsoft FrontPage 2002 (HKLM-x32\...\{90170409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)</p><p>Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)</p><p>Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)</p><p>Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)</p><p>Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)</p><p>Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)</p><p>Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.7 - Microsoft Corporation)</p><p>Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)</p><p>Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)</p><p>Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)</p><p>MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden</p><p>MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)</p><p>MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)</p><p>O2Micro 1394 OHCI Compliant Host Controller Driver (HKLM-x32\...\InstallShield_{AFC44A23-E6A8-4625-B6B1-23D438525D59}) (Version: 1.0.00 - O2Micro International LTD.)</p><p>O2Micro 1394 OHCI Compliant Host Controller Driver (Version: 1.0.00 - O2Micro International LTD.) Hidden</p><p>O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{2A318693-44C0-4582-A3B1-371F79591603}) (Version: 2.0.33.D - O2Micro International LTD.)</p><p>O2Micro Flash Memory Card Windows Driver (Version: 2.0.33.D - O2Micro International LTD.) Hidden</p><p>OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)</p><p>Paint Shop Pro 7 Anniversary Edition (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)</p><p>Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden</p><p>Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)</p><p>Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)</p><p>Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)</p><p>Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5983 - Realtek Semiconductor Corp.)</p><p>Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation)</p><p>Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)</p><p>Shutterfly Express Uploader (x32 Version: 1.2.0 - Shutterfly, Inc.) Hidden</p><p>Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)</p><p>TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.14563 - TeamViewer)</p><p>ThemeWallpaper (HKLM-x32\...\{F29CBF73-C211-4616-898A-379A2679F990}) (Version: 1.2.0.091030 - Lenovo)</p><p>Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)</p><p>VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden</p><p>VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden</p><p>Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)</p><p>Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)</p><p>Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)</p><p>Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)</p><p>Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)</p><p>Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)</p><p>Windows Driver Package - Broadcom Bluetooth (12/01/2009 6.2.0.9411) (HKLM\...\26DF6674D7C1C08AE6A9F0AB0F04558F369FF15F) (Version: 12/01/2009 6.2.0.9411 - Broadcom)</p><p>Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)</p><p>Windows Driver Package - YUAN High-Tech Development Co., Ltd (ATIAVPCI) MEDIA (07/16/2009 6.14.10.373) (HKLM\...\DF9F23E360B18E10871A49C3BC1AEDA269B8E0E2) (Version: 07/16/2009 6.14.10.373 - YUAN High-Tech Development Co., Ltd)</p><p>Windows Driver Package - YUAN High-Tech Development Co., Ltd. (NxpCap64) MEDIA (10/16/2009 1.0.6.8028) (HKLM\...\C64751AB0351661E4D7959673F613DD8DE6A65E3) (Version: 10/16/2009 1.0.6.8028 - YUAN High-Tech Development Co., Ltd.)</p><p>Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)</p><p>Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)</p><p>Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)</p><p></p><p>==================== Custom CLSID (selected items): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)</p><p></p><p>CustomCLSID: HKU\S-1-5-21-2044468799-2263312576-519008094-1007_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BARBARA\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File</p><p></p><p>==================== Restore Points =========================</p><p></p><p>02-11-2014 14:54:49 End of disinfection</p><p>07-11-2014 02:21:18 Malwarebytes Anti-Rootkit Restore Point</p><p></p><p>==================== Hosts content: ==========================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2009-07-13 21:34 - 2014-11-02 09:35 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts</p><p>127.0.0.1 localhost</p><p></p><p>==================== Scheduled Tasks (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)</p><p></p><p>Task: {04335846-6843-4C29-8548-10097783E779} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)</p><p>Task: {193FB2C9-80C9-49BD-84CD-0B63A169A881} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)</p><p>Task: {1D7B5D6D-4C2B-4DD4-8524-B6D352E3A961} - \TidyNetwork Update No Task File <==== ATTENTION</p><p>Task: {226F90C2-DD1C-47E8-A21E-75374034DEA5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-22] (Adobe Systems Incorporated)</p><p>Task: {2B0E4A12-0883-47D7-8898-1E44F34E192B} - System32\Tasks\Divx online update program => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2014-01-10] ()</p><p>Task: {2CC3B3AA-86DE-4949-B457-3D10A7C74FAF} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)</p><p>Task: {4C42DA95-A198-44D3-94C9-FBA2DE6B3FCB} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)</p><p>Task: {683CB9B3-D40D-4F96-934E-25B6F6B8A8D6} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-08-25] (Apple Inc.)</p><p>Task: {6981883D-7296-4CAF-AC4A-DD65771CAE09} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe</p><p>Task: {6C6CEFAB-4426-4BA3-BDE1-0715DF5CA218} - System32\Tasks\{6E2343E9-7171-4C2B-A27F-2D6EC646191D} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)</p><p>Task: {92289137-4070-45EA-B3AF-38A05058182C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)</p><p>Task: {9870CE82-D928-41AD-83F4-CE40A032C1BA} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup</p><p>Task: {99087A90-773A-4672-92B9-B9834009917D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)</p><p>Task: {9ABC845B-045C-4ACC-A529-6E2BBA156EA5} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)</p><p>Task: {BB6F29E3-03F1-48CB-9739-181D03A7A047} - System32\Tasks\0814tbUpdateInfo => C:\ProgramData\Avg_Update_0814tb\0814tb_{42FF3006-317D-46DE-960F-622BDD89DA19}.exe [2014-09-07] ()</p><p>Task: {C77E5657-C152-492E-A0CB-C54B9152B924} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)</p><p>Task: {E0AC090F-8ECF-4A46-8FF0-C2FF65D0EE04} - System32\Tasks\AdobeAAMUpdater-1.0-A3DESKTOP-LOUIS => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)</p><p>Task: {F43EEFC6-6ABC-41ED-8AD5-BA80DFACF0F9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)</p><p>Task: {F8615A71-CFFA-4B65-8E54-CF992654D843} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)</p><p>Task: C:\Windows\Tasks\0814tbUpdateInfo.job => C:\ProgramData\Avg_Update_0814tb\0814tb_{42FF3006-317D-46DE-960F-622BDD89DA19}.exe</p><p>Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p></p><p>==================== Loaded Modules (whitelisted) =============</p><p></p><p>2010-12-19 22:50 - 2009-11-05 07:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll</p><p>2006-09-14 07:56 - 2006-09-14 07:56 - 00102400 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe</p><p>2014-10-15 12:37 - 2014-10-15 12:37 - 00707888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 00103768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_thread-vc100-mt-1_55.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_system-vc100-mt-1_55.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_chrono-vc100-mt-1_55.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_date_time-vc100-mt-1_55.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_filesystem-vc100-mt-1_55.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 12459344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareServiceKernel.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\RCF.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 00788824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_regex-vc100-mt-1_55.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 00734536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareActivation.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 02185560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareApplicationUpdater.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 00813896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareGamingMode.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 00098624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareReset.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 00120128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTime.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 00952152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdater.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 00869224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdaterScheduler.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 01108808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIgnoreList.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 00250696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareQuarantine.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 00989016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiMalwareEngine.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiRootkitEngine.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 01172816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerHistory.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 01281344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScanner.dll</p><p>2014-10-15 13:04 - 2014-10-15 13:04 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_timer-vc100-mt-1_55.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 00976728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerScheduler.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 01092440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtection.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIncompatibles.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 00893768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiSpam.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 00845136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiPhishing.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareParentalControl.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 02887504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareWebProtection.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 01067344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareEmailProtection.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 01290584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNetworkProtection.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 01004352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePromo.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 00343880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareFeedback.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 02787160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareThreatWorkAlliance.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 01264960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePinCode.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 01004864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNotice.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAvcEngine.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 01179496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtectionHistory.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 00154944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\SecurityCenter.dll</p><p>2012-11-13 11:32 - 2012-11-13 11:32 - 04004528 _____ () C:\Program Files\Adobe\Adobe Creative Cloud Connection (64 Bit)\CloudSyncExt.dll</p><p>2010-03-04 13:52 - 2009-11-09 16:33 - 03686912 _____ () C:\Program Files\Lenovo\Lenovo LVT Detect Program\ChangeKeyDefine.exe</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 08925504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_locale-vc100-mt-1_55.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 02132800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\HtmlFramework.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\DllStorage.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTrayDefaultSkin.dll</p><p>2014-10-15 13:03 - 2014-10-15 13:03 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\Localization.dll</p><p>2014-01-10 00:26 - 2014-01-10 00:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe</p><p>2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll</p><p>2014-01-10 00:28 - 2014-01-10 00:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll</p><p>2014-10-30 10:51 - 2014-10-30 10:51 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll</p><p>2014-10-22 10:44 - 2014-10-22 10:44 - 16832176 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll</p><p></p><p>==================== Alternate Data Streams (whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)</p><p></p><p></p><p>==================== Safe Mode (whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"</p><p></p><p>==================== EXE Association (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)</p><p></p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items =========</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p></p><p>========================= Accounts: ==========================</p><p></p><p>Administrator (S-1-5-21-2044468799-2263312576-519008094-500 - Administrator - Disabled)</p><p>BARBARA (S-1-5-21-2044468799-2263312576-519008094-1006 - Limited - Enabled) => C:\Users\BARBARA</p><p>Guest (S-1-5-21-2044468799-2263312576-519008094-501 - Limited - Disabled)</p><p>HomeGroupUser$ (S-1-5-21-2044468799-2263312576-519008094-1005 - Limited - Enabled)</p><p>LOUIS (S-1-5-21-2044468799-2263312576-519008094-1003 - Limited - Enabled) => C:\Users\LOUIS</p><p>SYS ADMIN (S-1-5-21-2044468799-2263312576-519008094-1007 - Administrator - Enabled) => C:\Users\SYS ADMIN</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p>Name: Teredo Tunneling Pseudo-Interface</p><p>Description: Microsoft Teredo Tunneling Adapter</p><p>Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}</p><p>Manufacturer: Microsoft</p><p>Service: tunnel</p><p>Problem: : This device cannot start. (Code10)</p><p>Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.</p><p>On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (11/06/2014 09:21:19 PM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2044468799-2263312576-519008094-1003.bak). hr = 0x80070539, The security ID structure is invalid.</p><p>.</p><p></p><p></p><p>Operation:</p><p> OnIdentify event</p><p> Gathering Writer Data</p><p></p><p>Context:</p><p> Execution Context: Shadow Copy Optimization Writer</p><p> Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}</p><p> Writer Name: Shadow Copy Optimization Writer</p><p> Writer Instance ID: {813521e1-1d27-4d99-af56-86de1f3f2f08}</p><p></p><p>Error: (11/06/2014 03:57:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 12309</p><p></p><p>Error: (11/06/2014 03:57:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 12309</p><p></p><p>Error: (11/06/2014 03:57:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p>Error: (11/06/2014 03:57:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 11201</p><p></p><p>Error: (11/06/2014 03:57:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 11201</p><p></p><p>Error: (11/06/2014 03:57:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p>Error: (11/06/2014 03:57:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 10202</p><p></p><p>Error: (11/06/2014 03:57:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 10202</p><p></p><p>Error: (11/06/2014 03:57:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (11/06/2014 09:26:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:</p><p>%%-2140993535</p><p></p><p>Error: (11/06/2014 09:26:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )</p><p>Description: The Peer Name Resolution Protocol service terminated with the following error:</p><p>%%-2140993535</p><p></p><p>Error: (11/06/2014 09:26:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:</p><p>%%-2140993535</p><p></p><p>Error: (11/06/2014 09:26:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )</p><p>Description: The Peer Name Resolution Protocol service terminated with the following error:</p><p>%%-2140993535</p><p></p><p>Error: (11/06/2014 09:26:05 PM) (Source: PNRPSvc) (EventID: 102) (User: )</p><p>Description: 0x80630801</p><p></p><p>Error: (11/06/2014 09:26:05 PM) (Source: PNRPSvc) (EventID: 102) (User: )</p><p>Description: 0x80630801</p><p></p><p>Error: (11/06/2014 09:25:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:</p><p>%%-2140993535</p><p></p><p>Error: (11/06/2014 09:25:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )</p><p>Description: The Peer Name Resolution Protocol service terminated with the following error:</p><p>%%-2140993535</p><p></p><p>Error: (11/06/2014 09:25:55 PM) (Source: PNRPSvc) (EventID: 102) (User: )</p><p>Description: 0x80630801</p><p></p><p>Error: (11/06/2014 09:25:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )</p><p>Description: The following boot-start or system-start driver(s) failed to load:</p><p>cdrom</p><p></p><p></p><p>Microsoft Office Sessions:</p><p>=========================</p><p>Error: (07/28/2014 00:57:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )</p><p>Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3493 seconds with 480 seconds of active time. This session ended with a crash.</p><p></p><p>Error: (04/21/2014 04:12:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )</p><p>Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12166 seconds with 3180 seconds of active time. This session ended with a crash.</p><p></p><p>Error: (04/21/2014 00:21:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )</p><p>Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1874 seconds with 1380 seconds of active time. This session ended with a crash.</p><p></p><p>Error: (04/18/2014 11:08:08 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )</p><p>Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 73 seconds with 60 seconds of active time. This session ended with a crash.</p><p></p><p>Error: (04/18/2014 10:59:20 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )</p><p>Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 42 seconds with 0 seconds of active time. This session ended with a crash.</p><p></p><p>Error: (03/29/2014 02:04:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )</p><p>Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13503 seconds with 0 seconds of active time. This session ended with a crash.</p><p></p><p>Error: (10/15/2013 03:12:40 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )</p><p>Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.</p><p></p><p>Error: (01/16/2013 02:13:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )</p><p>Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 540 seconds with 60 seconds of active time. This session ended with a crash.</p><p></p><p>Error: (01/30/2012 07:58:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )</p><p>Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7354 seconds with 360 seconds of active time. This session ended with a crash.</p><p></p><p>Error: (12/11/2011 08:30:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )</p><p>Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 371 seconds with 0 seconds of active time. This session ended with a crash.</p><p></p><p></p><p>CodeIntegrity Errors:</p><p>===================================</p><p> Date: 2014-11-02 09:30:40.384</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2014-11-02 09:30:39.557</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2012-03-31 09:21:09.435</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2012-03-30 22:07:45.204</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2012-03-30 22:01:15.431</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2012-03-30 21:40:10.533</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2012-03-30 21:14:34.814</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2012-03-30 20:59:26.709</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2012-03-30 20:41:11.041</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2012-03-30 16:31:23.719</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p></p><p>==================== Memory info ===========================</p><p></p><p>Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz</p><p>Percentage of memory in use: 42%</p><p>Total physical RAM: 4058.1 MB</p><p>Available physical RAM: 2322.67 MB</p><p>Total Pagefile: 8114.38 MB</p><p>Available Pagefile: 6251.25 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.85 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: () (Fixed) (Total:272.92 GB) (Free:61.96 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 6242881B)</p><p>Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)</p><p>Partition 2: (Not Active) - (Size=272.9 GB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)</p><p></p><p>==================== End Of Log ============================</p><p></p><p>Let me know what you think!</p></blockquote><p></p>
[QUOTE="Loudanew, post: 293824, member: 30106"] OK, round 2! mbar log: Malwarebytes Anti-Rootkit BETA 1.08.0.1001 [url="http://www.malwarebytes.org"]www.malwarebytes.org[/url] Database version: v2014.11.06.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17358 SYS ADMIN :: A3DESKTOP [administrator] 11/6/2014 4:49:51 PM mbar-log-2014-11-06 (16-49-51).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 704569 Time elapsed: 45 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKU\S-1-5-21-2044468799-2263312576-519008094-1003_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\LOCALSERVER32\^ (Trojan.Poweliks) -> Delete on reboot. [b1e0db5d8cf094a2b3af23df5aa63cc4] Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) mbar system log --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.0.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17358 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.194000 GHz Memory total: 4255223808, free: 2836979712 Downloaded database version: v2014.11.06.09 Downloaded database version: v2014.11.01.02 ======================================= Initializing... ------------ Kernel report ------------ 11/06/2014 16:49:30 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\gfibto.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\athrx.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\drivers\ohci1394.sys \SystemRoot\system32\drivers\1394BUS.SYS \SystemRoot\system32\DRIVERS\o2sdgx64.sys \SystemRoot\system32\DRIVERS\SCSIPORT.SYS \SystemRoot\system32\DRIVERS\o2mdgx64.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\DRIVERS\circlass.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\IntcHdmi.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\Drivers\VMC412.sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\dc3d.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\point64.sys \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\btusbflt.sys \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\system32\DRIVERS\rfcomm.sys \SystemRoot\system32\drivers\BthEnum.sys \SystemRoot\system32\DRIVERS\bthpan.sys \SystemRoot\system32\DRIVERS\hidbth.sys \SystemRoot\system32\DRIVERS\btwavdt.sys \SystemRoot\system32\drivers\btwaudio.sys \SystemRoot\system32\DRIVERS\btwl2cap.sys \SystemRoot\system32\DRIVERS\btwrchid.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\usp10.dll \Windows\System32\sechost.dll \Windows\System32\Wldap32.dll \Windows\System32\imagehlp.dll \Windows\System32\nsi.dll \Windows\System32\imm32.dll \Windows\System32\setupapi.dll \Windows\System32\shlwapi.dll \Windows\System32\comdlg32.dll \Windows\System32\rpcrt4.dll \Windows\System32\user32.dll \Windows\System32\psapi.dll \Windows\System32\clbcatq.dll \Windows\System32\msctf.dll \Windows\System32\msvcrt.dll \Windows\System32\ws2_32.dll \Windows\System32\ole32.dll \Windows\System32\iertutil.dll \Windows\System32\gdi32.dll \Windows\System32\lpk.dll \Windows\System32\kernel32.dll \Windows\System32\advapi32.dll \Windows\System32\shell32.dll \Windows\System32\urlmon.dll \Windows\System32\oleaut32.dll \Windows\System32\difxapi.dll \Windows\System32\wininet.dll \Windows\System32\normaliz.dll \Windows\System32\userenv.dll \Windows\System32\wintrust.dll \Windows\System32\devobj.dll \Windows\System32\cfgmgr32.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\KernelBase.dll \Windows\System32\crypt32.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\profapi.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004c06170 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa80046c6680 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004c06170, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004c07b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004c06170, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80046ca520, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa80046c6680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 6242881B Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 572352512 Partition 2 type is Other (0x12) Partition is NOT ACTIVE. Partition starts at LBA: 572559360 Numsec = 52583088 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Done! Infected: HKU\S-1-5-21-2044468799-2263312576-519008094-1003_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\LOCALSERVER32\^ --> [Trojan.Poweliks] Scan finished Creating System Restore point... Cleaning up... Removal successful. No system shutdown is required. ======================================= FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014 Ran by SYS ADMIN (administrator) on A3DESKTOP on 06-11-2014 21:32:02 Running from C:\Users\SYS ADMIN\Downloads Loaded Profile: SYS ADMIN (Available profiles: LOUIS & BARBARA & SYS ADMIN) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [url]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/url] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Pro Softnet Corporation) C:\IDrive\IDriveE Service.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe (O2Micro International) C:\Windows\System32\drivers\o2flash.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files\Lenovo\Lenovo LVT Detect Program\ChangeKeyDefine.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe ( ) C:\IDrive\IDrivePlugin.exe (SanDisk Corporation) C:\Users\SYS ADMIN\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9608224 2009-11-17] (Realtek Semiconductor) HKLM\...\Run: [ChangeKeyDefine] => C:\Program Files\Lenovo\Lenovo LVT Detect Program\ChangeKeyDefine.exe [3686912 2009-11-09] () HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-07-26] (CANON INC.) HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-17] (CANON INC.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated) HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] () HKLM-x32\...\Run: [SetDefaultSCR] => C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe [102400 2009-07-25] (Lenovo) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe [61440 2006-09-14] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft) HKLM-x32\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2044468799-2263312576-519008094-1007\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.) HKU\S-1-5-21-2044468799-2263312576-519008094-1007\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.) HKU\S-1-5-21-2044468799-2263312576-519008094-1007\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.) HKU\S-1-5-21-2044468799-2263312576-519008094-1007\...\Run: [SansaDispatch] => C:\Users\SYS ADMIN\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [613888 2014-04-18] (SanDisk Corporation) HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\BARBARA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\SYS ADMIN\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File) Startup: C:\Users\SYS ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) ShellIconOverlayIdentifiers: [AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud Connection (64 Bit)\CloudSyncExt.dll () ShellIconOverlayIdentifiers: [AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud Connection (64 Bit)\CloudSyncExt.dll () ShellIconOverlayIdentifiers: [AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud Connection (64 Bit)\CloudSyncExt.dll () ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BARBARA\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - FindWide Toolbar - {7F613374-CE10-4C6D-8C29-B21E167E67B5} - C:\Program Files (x86)\TNT2\Profiles\10885\passport.dll No File Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [url]http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab[/url] Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation) Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\SYS ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\8zptc1uh.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-10-30] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-07] (Adobe Systems) [File not signed] R2 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] () [File not signed] R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [899360 2010-04-14] (Broadcom Corporation.) R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-01-07] (Macrovision Europe Ltd.) [File not signed] R2 IDriveE Service; C:\IDrive\IDriveE Service.exe [157128 2011-06-24] (Pro Softnet Corporation) R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 a016bus; C:\Windows\System32\DRIVERS\a016bus.sys [109096 2008-01-18] (MCCI Corporation) S3 a016mdfl; C:\Windows\System32\DRIVERS\a016mdfl.sys [19496 2008-01-18] (MCCI Corporation) S3 a016mdm; C:\Windows\System32\DRIVERS\a016mdm.sys [146472 2008-01-18] (MCCI Corporation) S3 a016mgmt; C:\Windows\System32\DRIVERS\a016mgmt.sys [130600 2008-01-18] (MCCI Corporation) S3 a016obex; C:\Windows\System32\DRIVERS\a016obex.sys [125480 2008-01-18] (MCCI Corporation) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S3 ATIAVPCI; C:\Windows\System32\DRIVERS\atinavrr.sys [1383680 2009-07-15] (ATI Technologies Inc.) S3 AVerBDA6x_x64; C:\Windows\System32\DRIVERS\AVerBDA716x_x64.sys [1504256 2009-11-27] (AVerMedia TECHNOLOGIES, Inc.) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-03-09] (GFI Software) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [131800 2014-11-06] (Malwarebytes Corporation) S3 NxpCap64; C:\Windows\System32\DRIVERS\NxpCap64.sys [1648256 2009-10-16] (NXP Semiconductors Germany GmbH) R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [50976 2010-01-11] (O2Micro ) S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.) R3 VMC412; C:\Windows\System32\Drivers\VMC412.sys [251648 2011-09-02] (Vimicro Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-06 16:49 - 2014-11-06 21:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-11-06 16:47 - 2014-11-06 21:21 - 00000000 ____D () C:\Users\SYS ADMIN\Desktop\mbar 2014-11-06 16:47 - 2014-11-06 16:47 - 14439144 _____ (Malwarebytes Corp.) C:\Users\SYS ADMIN\Downloads\mbar-1.08.0.1001.exe 2014-11-06 11:25 - 2014-11-06 11:25 - 06808360 _____ (ParetoLogic, Inc.) C:\Users\LOUIS\Downloads\RegCureProSetup_e459c33_.exe 2014-11-05 16:08 - 2014-11-05 16:08 - 00001068 _____ () C:\Users\SYS ADMIN\Downloads\Malwarebytes.txt 2014-11-03 12:49 - 2014-11-03 12:49 - 00025354 _____ () C:\ComboFix.txt 2014-11-03 12:12 - 2014-11-03 12:12 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\SYS ADMIN\Downloads\tdsskiller.exe 2014-11-03 10:59 - 2014-11-05 15:03 - 00000000 ____D () C:\AdwCleaner 2014-11-03 10:48 - 2014-11-03 16:49 - 00039480 _____ () C:\Users\SYS ADMIN\Downloads\Addition.txt 2014-11-03 10:47 - 2014-11-06 21:32 - 00018157 _____ () C:\Users\SYS ADMIN\Downloads\FRST.txt 2014-11-03 10:46 - 2014-11-06 21:32 - 00000000 ____D () C:\FRST 2014-11-03 10:45 - 2014-11-03 10:45 - 01375089 _____ () C:\Users\SYS ADMIN\Downloads\AdwCleaner.exe 2014-11-03 10:44 - 2014-11-03 10:44 - 02114560 _____ (Farbar) C:\Users\SYS ADMIN\Downloads\FRST64.exe 2014-11-02 15:22 - 2014-11-03 12:49 - 00000000 ____D () C:\Qoobox 2014-11-02 15:22 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-11-02 15:22 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-11-02 15:22 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-11-02 15:22 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-11-02 15:22 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-11-02 15:22 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe 2014-11-02 15:22 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe 2014-11-02 15:22 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe 2014-11-02 15:21 - 2014-11-02 15:21 - 05591672 ____R (Swearware) C:\Users\SYS ADMIN\Downloads\ComboFix.exe 2014-11-02 09:54 - 2014-11-02 09:55 - 00001130 _____ () C:\DelFix.txt 2014-11-02 09:06 - 2014-11-02 09:41 - 00000000 ____D () C:\Windows\erdnt 2014-10-30 10:51 - 2014-10-30 10:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-30 09:30 - 2014-10-30 09:30 - 01055936 _____ (Adobe) C:\Users\LOUIS\Downloads\install_flashplayer15x32axau_mssd_aaa_aih.exe 2014-10-29 14:18 - 2014-10-30 16:21 - 00000000 ____D () C:\ProgramData\WatseLzayd 2014-10-28 14:25 - 2014-10-28 14:25 - 00000000 ____D () C:\Users\LOUIS\Documents\Updater5 2014-10-28 14:24 - 2014-10-28 14:24 - 01710787 _____ () C:\Users\LOUIS\Downloads\readpdfmessage 2014-10-16 07:34 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-16 07:34 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-10-16 07:34 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-16 07:34 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-16 07:34 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-16 07:34 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-16 07:34 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-16 07:34 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-16 07:33 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-16 07:33 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-16 07:33 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-16 07:33 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-16 07:33 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-16 07:33 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-16 07:33 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-16 07:33 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-16 07:33 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-16 07:33 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-16 07:33 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-16 07:33 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-16 07:33 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-16 07:33 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-16 07:33 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-16 07:33 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-16 07:33 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-16 07:33 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-16 07:33 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-16 07:33 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-16 07:33 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-16 07:33 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-16 07:33 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-16 07:33 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-16 07:33 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-16 07:33 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-16 07:33 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-16 07:33 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-16 07:33 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-16 07:33 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-16 07:33 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-16 07:33 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-16 07:33 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-16 07:33 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-16 07:33 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-16 07:33 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-16 07:33 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-16 07:33 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-16 07:33 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-16 07:33 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-16 07:33 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-16 07:33 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-16 07:33 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-16 07:33 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-16 07:33 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-16 07:33 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-16 07:33 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-16 07:33 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-16 07:33 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-16 07:33 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-16 07:33 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-16 07:33 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-16 07:33 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-16 07:33 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-16 07:33 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-16 07:33 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-16 07:33 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-16 07:33 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-16 07:33 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-16 07:33 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-16 07:33 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-16 07:33 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-16 07:33 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-16 07:33 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-10-16 07:33 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-10-16 07:33 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-10-16 07:33 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-10-16 07:33 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-10-16 07:33 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-10-16 07:33 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-10-16 07:33 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-10-16 07:33 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-10-16 07:33 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-10-16 07:33 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-10-16 07:33 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-10-16 07:32 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-16 07:32 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-16 07:32 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-16 07:32 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-16 07:32 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-16 07:32 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-16 07:32 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-16 07:32 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-16 07:32 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-16 07:32 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-16 07:32 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-16 07:32 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-16 07:32 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-16 07:31 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-16 07:31 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-16 07:18 - 2014-10-16 07:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2014-10-16 07:17 - 2014-10-16 07:17 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-10-16 07:15 - 2014-10-16 07:16 - 01753736 _____ () C:\Users\LOUIS\Downloads\Adaware_Installer.exe 2014-10-13 10:14 - 2014-10-13 10:14 - 00001566 _____ () C:\Users\LOUIS\Desktop\Harding Membership List-2013-11-23 - Shortcut.lnk 2014-10-10 09:33 - 2014-10-10 09:33 - 00013824 _____ () C:\Users\LOUIS\Downloads\Romeos10Oct2014.xls ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-06 21:28 - 2010-03-04 13:44 - 01482657 _____ () C:\Windows\WindowsUpdate.log 2014-11-06 21:28 - 2009-07-14 00:13 - 00786598 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-06 21:27 - 2010-11-30 21:53 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5D702A1D-61BF-46CE-80CF-3B7028E8D165} 2014-11-06 21:24 - 2013-03-09 15:13 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection 2014-11-06 21:24 - 2010-12-24 23:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-06 21:23 - 2013-04-25 21:15 - 00045872 _____ () C:\Windows\setupact.log 2014-11-06 21:23 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-06 21:20 - 2014-06-20 13:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-06 21:20 - 2010-12-24 23:12 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-06 16:49 - 2014-10-02 16:37 - 00131800 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-06 16:48 - 2014-10-02 16:37 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-06 10:50 - 2009-07-13 23:45 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-06 10:50 - 2009-07-13 23:45 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-06 10:49 - 2010-12-12 21:14 - 00000000 ____D () C:\Users\LOUIS\AppData\Local\Adobe 2014-11-06 10:45 - 2010-12-04 17:45 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C5D2A1F0-EF22-4EC1-A707-7908A3811D72} 2014-11-05 16:37 - 2012-11-05 12:57 - 00000000 ___RD () C:\Users\BARBARA\Dropbox 2014-11-05 16:15 - 2012-11-05 12:51 - 00000000 ____D () C:\Users\BARBARA\AppData\Roaming\Dropbox 2014-11-05 14:59 - 2013-09-18 17:12 - 00384268 _____ () C:\Windows\PFRO.log 2014-11-03 19:40 - 2010-03-04 14:06 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-03 19:17 - 2014-04-19 18:45 - 00044651 _____ () C:\Users\LOUIS\Documents\Walkway Vol Hub hours.xlsx 2014-11-03 13:30 - 2010-03-04 14:14 - 00799604 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-11-03 12:46 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini 2014-11-02 09:43 - 2014-07-15 07:32 - 00000000 ____D () C:\Users\TEMP.A3DESKTOP.007 2014-11-02 09:43 - 2012-09-27 08:23 - 00000000 ____D () C:\Users\TEMP.A3DESKTOP.003 2014-10-31 15:56 - 2010-12-23 22:01 - 00000000 ____D () C:\Users\LOUIS\AppData\Local\CutePDF Writer 2014-10-30 16:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Globalization 2014-10-30 14:33 - 2014-10-02 16:37 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-30 14:33 - 2014-10-02 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-30 14:33 - 2014-10-02 16:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-30 14:02 - 2012-06-25 14:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-10-25 11:01 - 2011-07-30 15:00 - 00000000 ____D () C:\IDrive 2014-10-24 10:02 - 2010-12-24 23:12 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-24 10:02 - 2010-12-24 23:12 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-22 11:33 - 2014-09-11 10:33 - 00000000 ____D () C:\Users\SYS ADMIN\AppData\Local\Adobe 2014-10-22 10:44 - 2014-06-20 13:56 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-10-22 10:44 - 2014-05-08 13:57 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-10-22 10:44 - 2014-05-08 13:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-10-21 13:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache 2014-10-21 11:16 - 2009-07-13 23:45 - 00418312 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-21 11:12 - 2014-05-06 19:30 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-16 16:06 - 2013-09-01 19:24 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-16 16:00 - 2010-12-16 19:51 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-16 14:50 - 2014-05-06 14:38 - 00000000 ____D () C:\Program Files\Used to be RrFilter 2014-10-16 14:50 - 2010-03-04 13:44 - 00000000 ____D () C:\temp 2014-10-13 10:11 - 2011-02-26 16:01 - 00000000 ____D () C:\Users\BARBARA\Documents\Miles of Hope 2014-10-10 09:35 - 2010-12-06 13:45 - 00000000 ____D () C:\My Work Files Some content of TEMP: ==================== C:\Users\BARBARA\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxscssx.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-05 10:42 ==================== End Of Log ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014 Ran by SYS ADMIN at 2014-11-06 21:32:37 Running from C:\Users\SYS ADMIN\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Sansa Media Converter (HKLM-x32\...\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}) (Version: 1.0-B4.263 - ) Ad-Aware Antivirus (HKLM\...\{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}_AdAwareUpdater) (Version: 11.4.6792.0 - Lavasoft) AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden Adobe Acrobat 8 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.0.0 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated) Adobe Creative Cloud Connection (HKLM-x32\...\{893B3B44-0A1E-404B-8FE8-0A74509102A9}) (Version: 1.0.223.0 - Adobe Systems Incorporated) Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - ) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated) Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.) Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated) AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Applian FLV and Media Player 3.1.1.12 (HKLM-x32\...\Applian FLV and Media Player) (Version: 3.1.1.12 - Applian Technologies) AVerMedia A328 Mini-Card Hybrid TV Tuner 2.2.64.33 (HKLM-x32\...\AVerMedia A328 Mini-Card Hybrid TV Tuner) (Version: 2.2.64.33 - AVerMedia TECHNOLOGIES, Inc.) AVerMedia MiniCard Hybrid TV 1.3.64.80 (HKLM-x32\...\AVerMedia MiniCard Hybrid TV) (Version: 1.3.64.80 - AVerMedia TECHNOLOGIES, Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Box Edit (HKLM-x32\...\{D741BBF7-6A40-41D5-8F18-FCC2A3BBBDD3}) (Version: 2.0.15.240 - Box) Broadcom 802.11 Wireless Driver (HKLM-x32\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - ) CamSuite (HKLM-x32\...\{D1504C77-1B19-4AF0-8DEC-946666123B55}) (Version: 3.0.3604.1 - Lenovo) Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version: - ) Canon MP490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series) (Version: - ) Canon MP490 series User Registration (HKLM-x32\...\Canon MP490 series User Registration) (Version: - ) Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform) CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - ) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.22 - DivX, LLC) FLV Player (HKLM-x32\...\FLV Player2.0.25) (Version: 2.0.25 - Martijn de Visser Software) Freecorder (HKLM-x32\...\Freecorder4.1) (Version: 4.1 - Applian Technologies Inc.) Freecorder 7 Applications (7.0.0.48) (HKLM-x32\...\Freecorder 7 Applications) (Version: 7.0.0.48 - Applian Technologies) Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - ) Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) Hybrid TV (HKLM\...\{CF29845C-705E-4450-A3FF-1D4754455AB9}) (Version: 6.14.10373 - Lenovo) iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.) IDrive version 3.4.1 July 27, 2011 (HKLM-x32\...\IDrive_is1) (Version: 3.4.1 - ProSoftnet Corp) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.4.4.0 - LIGHTNING UK!) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation) Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1995 - Intel Corporation) Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1800 - Broadcom Corporation) Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.1.0.1311 - Lenovo) Lenovo LVT Detect Program (HKLM-x32\...\{041B44FA-68E5-4D4B-BC87-F606DFD838C4}) (Version: 1.0.0.0 - Lenovo) Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1029 - CyberLink Corp.) Lenovo Rescue System (Version: 3.0.1029 - CyberLink Corp.) Hidden Lenovo Screensaver (HKLM-x32\...\{803E6DED-5050-4E3D-B26A-5915397362CD}) (Version: 1.0.10.091105 - Lenovo) Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo) LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.1.0930 - Lenovo) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) MC963M (HKLM\...\{B500AD2D-F88B-4C60-9241-9BB34F6C727C}) (Version: 1.6.8028 - Lenovo) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft FrontPage 2002 (HKLM-x32\...\{90170409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.7 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla) MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) O2Micro 1394 OHCI Compliant Host Controller Driver (HKLM-x32\...\InstallShield_{AFC44A23-E6A8-4625-B6B1-23D438525D59}) (Version: 1.0.00 - O2Micro International LTD.) O2Micro 1394 OHCI Compliant Host Controller Driver (Version: 1.0.00 - O2Micro International LTD.) Hidden O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{2A318693-44C0-4582-A3B1-371F79591603}) (Version: 2.0.33.D - O2Micro International LTD.) O2Micro Flash Memory Card Windows Driver (Version: 2.0.33.D - O2Micro International LTD.) Hidden OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.) Paint Shop Pro 7 Anniversary Edition (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc) Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit) Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5983 - Realtek Semiconductor Corp.) Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation) Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.) Shutterfly Express Uploader (x32 Version: 1.2.0 - Shutterfly, Inc.) Hidden Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.14563 - TeamViewer) ThemeWallpaper (HKLM-x32\...\{F29CBF73-C211-4616-898A-379A2679F990}) (Version: 1.2.0.091030 - Lenovo) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom) Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom) Windows Driver Package - Broadcom Bluetooth (12/01/2009 6.2.0.9411) (HKLM\...\26DF6674D7C1C08AE6A9F0AB0F04558F369FF15F) (Version: 12/01/2009 6.2.0.9411 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom) Windows Driver Package - YUAN High-Tech Development Co., Ltd (ATIAVPCI) MEDIA (07/16/2009 6.14.10.373) (HKLM\...\DF9F23E360B18E10871A49C3BC1AEDA269B8E0E2) (Version: 07/16/2009 6.14.10.373 - YUAN High-Tech Development Co., Ltd) Windows Driver Package - YUAN High-Tech Development Co., Ltd. (NxpCap64) MEDIA (10/16/2009 1.0.6.8028) (HKLM\...\C64751AB0351661E4D7959673F613DD8DE6A65E3) (Version: 10/16/2009 1.0.6.8028 - YUAN High-Tech Development Co., Ltd.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2044468799-2263312576-519008094-1007_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BARBARA\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File ==================== Restore Points ========================= 02-11-2014 14:54:49 End of disinfection 07-11-2014 02:21:18 Malwarebytes Anti-Rootkit Restore Point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2014-11-02 09:35 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {04335846-6843-4C29-8548-10097783E779} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {193FB2C9-80C9-49BD-84CD-0B63A169A881} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd) Task: {1D7B5D6D-4C2B-4DD4-8524-B6D352E3A961} - \TidyNetwork Update No Task File <==== ATTENTION Task: {226F90C2-DD1C-47E8-A21E-75374034DEA5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-22] (Adobe Systems Incorporated) Task: {2B0E4A12-0883-47D7-8898-1E44F34E192B} - System32\Tasks\Divx online update program => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2014-01-10] () Task: {2CC3B3AA-86DE-4949-B457-3D10A7C74FAF} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {4C42DA95-A198-44D3-94C9-FBA2DE6B3FCB} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft) Task: {683CB9B3-D40D-4F96-934E-25B6F6B8A8D6} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-08-25] (Apple Inc.) Task: {6981883D-7296-4CAF-AC4A-DD65771CAE09} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: {6C6CEFAB-4426-4BA3-BDE1-0715DF5CA218} - System32\Tasks\{6E2343E9-7171-4C2B-A27F-2D6EC646191D} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.) Task: {92289137-4070-45EA-B3AF-38A05058182C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {9870CE82-D928-41AD-83F4-CE40A032C1BA} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {99087A90-773A-4672-92B9-B9834009917D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.) Task: {9ABC845B-045C-4ACC-A529-6E2BBA156EA5} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated) Task: {BB6F29E3-03F1-48CB-9739-181D03A7A047} - System32\Tasks\0814tbUpdateInfo => C:\ProgramData\Avg_Update_0814tb\0814tb_{42FF3006-317D-46DE-960F-622BDD89DA19}.exe [2014-09-07] () Task: {C77E5657-C152-492E-A0CB-C54B9152B924} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {E0AC090F-8ECF-4A46-8FF0-C2FF65D0EE04} - System32\Tasks\AdobeAAMUpdater-1.0-A3DESKTOP-LOUIS => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated) Task: {F43EEFC6-6ABC-41ED-8AD5-BA80DFACF0F9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {F8615A71-CFFA-4B65-8E54-CF992654D843} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.) Task: C:\Windows\Tasks\0814tbUpdateInfo.job => C:\ProgramData\Avg_Update_0814tb\0814tb_{42FF3006-317D-46DE-960F-622BDD89DA19}.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-12-19 22:50 - 2009-11-05 07:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll 2006-09-14 07:56 - 2006-09-14 07:56 - 00102400 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe 2014-10-15 12:37 - 2014-10-15 12:37 - 00707888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe 2014-10-15 13:03 - 2014-10-15 13:03 - 00103768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_thread-vc100-mt-1_55.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_system-vc100-mt-1_55.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_chrono-vc100-mt-1_55.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_date_time-vc100-mt-1_55.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_filesystem-vc100-mt-1_55.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 12459344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareServiceKernel.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\RCF.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 00788824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_regex-vc100-mt-1_55.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 00734536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareActivation.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 02185560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareApplicationUpdater.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 00813896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareGamingMode.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 00098624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareReset.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 00120128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTime.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 00952152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdater.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 00869224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdaterScheduler.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 01108808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIgnoreList.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 00250696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareQuarantine.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 00989016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiMalwareEngine.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiRootkitEngine.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 01172816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerHistory.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 01281344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScanner.dll 2014-10-15 13:04 - 2014-10-15 13:04 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_timer-vc100-mt-1_55.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 00976728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerScheduler.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 01092440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtection.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIncompatibles.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 00893768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiSpam.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 00845136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiPhishing.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareParentalControl.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 02887504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareWebProtection.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 01067344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareEmailProtection.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 01290584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNetworkProtection.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 01004352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePromo.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 00343880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareFeedback.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 02787160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareThreatWorkAlliance.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 01264960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePinCode.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 01004864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNotice.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAvcEngine.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 01179496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtectionHistory.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 00154944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\SecurityCenter.dll 2012-11-13 11:32 - 2012-11-13 11:32 - 04004528 _____ () C:\Program Files\Adobe\Adobe Creative Cloud Connection (64 Bit)\CloudSyncExt.dll 2010-03-04 13:52 - 2009-11-09 16:33 - 03686912 _____ () C:\Program Files\Lenovo\Lenovo LVT Detect Program\ChangeKeyDefine.exe 2014-10-15 13:03 - 2014-10-15 13:03 - 08925504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe 2014-10-15 13:03 - 2014-10-15 13:03 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_locale-vc100-mt-1_55.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 02132800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\HtmlFramework.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\DllStorage.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTrayDefaultSkin.dll 2014-10-15 13:03 - 2014-10-15 13:03 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\Localization.dll 2014-01-10 00:26 - 2014-01-10 00:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe 2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-01-10 00:28 - 2014-01-10 00:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll 2014-10-30 10:51 - 2014-10-30 10:51 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-10-22 10:44 - 2014-10-22 10:44 - 16832176 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2044468799-2263312576-519008094-500 - Administrator - Disabled) BARBARA (S-1-5-21-2044468799-2263312576-519008094-1006 - Limited - Enabled) => C:\Users\BARBARA Guest (S-1-5-21-2044468799-2263312576-519008094-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2044468799-2263312576-519008094-1005 - Limited - Enabled) LOUIS (S-1-5-21-2044468799-2263312576-519008094-1003 - Limited - Enabled) => C:\Users\LOUIS SYS ADMIN (S-1-5-21-2044468799-2263312576-519008094-1007 - Administrator - Enabled) => C:\Users\SYS ADMIN ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (11/06/2014 09:21:19 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2044468799-2263312576-519008094-1003.bak). hr = 0x80070539, The security ID structure is invalid. . Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {813521e1-1d27-4d99-af56-86de1f3f2f08} Error: (11/06/2014 03:57:18 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 12309 Error: (11/06/2014 03:57:18 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 12309 Error: (11/06/2014 03:57:18 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/06/2014 03:57:17 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 11201 Error: (11/06/2014 03:57:17 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 11201 Error: (11/06/2014 03:57:17 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/06/2014 03:57:16 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10202 Error: (11/06/2014 03:57:16 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10202 Error: (11/06/2014 03:57:16 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (11/06/2014 09:26:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535 Error: (11/06/2014 09:26:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535 Error: (11/06/2014 09:26:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535 Error: (11/06/2014 09:26:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535 Error: (11/06/2014 09:26:05 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 Error: (11/06/2014 09:26:05 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 Error: (11/06/2014 09:25:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535 Error: (11/06/2014 09:25:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535 Error: (11/06/2014 09:25:55 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 Error: (11/06/2014 09:25:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Microsoft Office Sessions: ========================= Error: (07/28/2014 00:57:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3493 seconds with 480 seconds of active time. This session ended with a crash. Error: (04/21/2014 04:12:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12166 seconds with 3180 seconds of active time. This session ended with a crash. Error: (04/21/2014 00:21:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1874 seconds with 1380 seconds of active time. This session ended with a crash. Error: (04/18/2014 11:08:08 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 73 seconds with 60 seconds of active time. This session ended with a crash. Error: (04/18/2014 10:59:20 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 42 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/29/2014 02:04:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13503 seconds with 0 seconds of active time. This session ended with a crash. Error: (10/15/2013 03:12:40 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error: (01/16/2013 02:13:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 540 seconds with 60 seconds of active time. This session ended with a crash. Error: (01/30/2012 07:58:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7354 seconds with 360 seconds of active time. This session ended with a crash. Error: (12/11/2011 08:30:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 371 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-11-02 09:30:40.384 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-11-02 09:30:39.557 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-03-31 09:21:09.435 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2012-03-30 22:07:45.204 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2012-03-30 22:01:15.431 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2012-03-30 21:40:10.533 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2012-03-30 21:14:34.814 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2012-03-30 20:59:26.709 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2012-03-30 20:41:11.041 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2012-03-30 16:31:23.719 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz Percentage of memory in use: 42% Total physical RAM: 4058.1 MB Available physical RAM: 2322.67 MB Total Pagefile: 8114.38 MB Available Pagefile: 6251.25 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:272.92 GB) (Free:61.96 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 6242881B) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=272.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12) ==================== End Of Log ============================ Let me know what you think! [/QUOTE]
Insert quotes…
Verification
Post reply
Top