View Full Version : Comp freezes regularly, Chrome doesn't refresh, FireFox opens strange tabs
My computer has been freezing about once every day or two. Chrome has gotten where the refresh and back buttons only produce a blank page. I installed Firefox today, which twice has opened new tabs, one of which was blocked by Firefox as a dangerous site while the other offered information about Russian women. o.O
Thanks in advance for your help!
DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.51.2
Run by Thaedon at 18:23:54 on 2014-02-08
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.5824 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Thaedon\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\splwow64.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Users\Thaedon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thaedon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thaedon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\PROGRA~2\MIF5BA~1\Office12\WINWORD.EXE
C:\Users\Thaedon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://idp.mls.ntreis.net/idp/Authn/UserPassword
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
uRun: [Google Update] "C:\Users\Thaedon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ROC_ROC_APR2013_AV] C:\Users\Thaedon\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 49901070658447d187b4f1867614c634-d78fccd3f18c46d5521984890289a55d5f8f2a87 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
uRun: [AVG-Secure-Search-Update_0913a] C:\Users\Thaedon\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 49901070658447d187b4f1867614c634-d78fccd3f18c46d5521984890289a55d5f8f2a87 --CMPID 0913a
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
StartupFolder: C:\Users\Thaedon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Thaedon\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Thaedon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{6D81366A-A141-4141-AB5D-BDAB37CCB179} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{86755BB6-C96E-4C8C-8007-A551DB3CD2A8} : DHCPNameServer = 192.168.1.254
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
x64-Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Thaedon\AppData\Roaming\Mozilla\Firefox\Profiles\5fgiqjc6.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - hxxp://duckduckgo.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Users\Thaedon\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Thaedon\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Thaedon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Thaedon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Thaedon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Thaedon\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-11-3 827560]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2012-1-14 73384]
R3 ews88mt;EWS88 WDM Audio;C:\Windows\System32\drivers\ews88wdm.sys [2007-3-14 126944]
R3 QuickBooksDB23;QuickBooksDB23;C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB23 --> C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB23 [?]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\System32\drivers\Rtnic64.sys [2009-7-23 52736]
R3 synusb64;eLicenser;C:\Windows\System32\drivers\synusb64.sys [2012-1-5 30352]
R3 XENfiltv;XENfiltv;C:\Windows\System32\drivers\XENfiltv.sys [2012-12-28 25600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-12-28 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-12-28 79360]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-16 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-13 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-16 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-31 1255736]
S4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
S4 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [2013-12-13 151648]
S4 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2012-5-10 608864]
S4 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2013-12-13 135824]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-12-30 8704]
S4 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-8-18 1248256]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
.
=============== Created Last 30 ================
.
2014-02-08 18:13:01 -------- d-----w- C:\Users\Thaedon\AppData\Local\Macromedia
2014-01-30 18:07:34 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-29 15:16:16 -------- d-----w- C:\Users\Thaedon\.freemind
2014-01-29 15:15:31 -------- d-----w- C:\Program Files (x86)\FreeMind
2014-01-27 15:30:50 -------- d-----w- C:\Users\Thaedon\AppData\Local\eLicenser
2014-01-27 15:06:52 -------- d-----w- C:\Windows\pss
2014-01-25 03:00:33 -------- d-----w- C:\Users\Thaedon\AppData\Roaming\Samsung
2014-01-25 02:53:55 -------- d-----w- C:\Program Files (x86)\Samsung
2014-01-25 02:21:37 -------- d-----w- C:\Users\Thaedon\AppData\Local\Downloaded Installations
2014-01-22 14:52:10 206080 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2014-01-22 14:52:10 108800 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2014-01-21 19:14:32 -------- d-----r- C:\Program Files (x86)\Skype
2014-01-17 14:01:35 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-17 14:01:35 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-17 14:01:35 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-17 14:01:35 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-17 14:01:34 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-17 14:01:34 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-17 14:01:34 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-17 14:01:32 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-17 14:01:16 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
.
==================== Find3M ====================
.
2014-02-09 00:11:47 59 ----a-w- C:\Windows\wpd99.drv
2014-02-05 22:30:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 22:30:19 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-13 22:49:08 40448 ----a-w- C:\Windows\SysWow64\pdf995mon64.dll
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 18:25:01.87 ===============
aswMBR:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-02-08 18:34:06
-----------------------------
18:34:06.702 OS Version: Windows x64 6.1.7601 Service Pack 1
18:34:06.702 Number of processors: 4 586 0x402
18:34:06.703 ComputerName: THAEDON-PC UserName: Thaedon
18:34:10.845 Initialize success
18:36:01.253 AVAST engine defs: 14020800
18:36:18.023 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
18:36:18.028 Disk 0 Vendor: NVIDIA__ Size: 953869MB BusType: 8
18:36:18.204 Disk 0 MBR read successfully
18:36:18.210 Disk 0 MBR scan
18:36:18.221 Disk 0 Windows 7 default MBR code
18:36:18.232 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:36:18.247 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
18:36:18.311 Disk 0 scanning C:\Windows\system32\drivers
18:36:34.708 Service scanning
18:37:03.521 Modules scanning
18:37:03.538 Disk 0 trace - called modules:
18:37:03.559 ntoskrnl.exe CLASSPNP.SYS disk.sys nvrd64.sys ACPI.sys storport.sys hal.dll nvstor64.sys
18:37:03.564 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ac7060]
18:37:03.896 3 CLASSPNP.SYS[fffff88000c0143f] -> nt!IofCallDriver -> \Device\00000063[0xfffffa80077bb790]
18:37:03.907 5 nvrd64.sys[fffff88001080402] -> nt!IofCallDriver -> [0xfffffa8006b10e40]
18:37:03.918 7 ACPI.sys[fffff88000f1d7a1] -> nt!IofCallDriver -> \Device\00000060[0xfffffa8006b3d720]
18:37:09.701 AVAST engine scan C:\Windows
18:37:16.204 AVAST engine scan C:\Windows\system32
18:44:06.401 AVAST engine scan C:\Windows\system32\drivers
18:44:49.221 AVAST engine scan C:\Users\Thaedon
19:44:46.365 AVAST engine scan C:\ProgramData
19:48:39.109 Scan finished successfully
22:32:45.262 Disk 0 MBR has been saved successfully to "C:\Users\Thaedon\Desktop\MBR.dat"
22:32:45.267 The log file has been saved successfully to "C:\Users\Thaedon\Desktop\aswMBR.txt"
Hi and welcome
-AdwCleaner-by Xplode
Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Do not click on any links in the top Advertisment.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.
Due to the lack of feedback this Topic is closed.
Accidently did these out of order because I forgot to click "Clean" on the first run through. Hope that didn't foul anything up.
AdwCleaner
# AdwCleaner v3.018 - Report created 16/02/2014 at 17:22:38
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Thaedon - THAEDON-PC
# Running from : C:\Users\Thaedon\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Thaedon\AppData\Local\Temp\pccustubinstaller
Folder Deleted : C:\Users\Thaedon\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
File Deleted : C:\Users\Thaedon\AppData\Local\Temp\Uninstall.exe
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16518
-\\ Mozilla Firefox v27.0 (en-US)
[ File : C:\Users\Thaedon\AppData\Roaming\Mozilla\Firefox\Profiles\5fgiqjc6.default\prefs.js ]
-\\ Google Chrome v
[ File : C:\Users\Thaedon\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [2717 octets] - [16/02/2014 16:45:08]
AdwCleaner[R1].txt - [2061 octets] - [16/02/2014 17:21:18]
AdwCleaner[S0].txt - [1996 octets] - [16/02/2014 17:22:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2056 octets] ##########
JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Professional x64
Ran by Thaedon on Sun 02/16/2014 at 17:04:45.72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Thaedon\appdata\local\apn"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/16/2014 at 17:11:45.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tell me how is the computer at the moment?
http://www.malwarebytes.org/forums/style_images/1/bf_new.gif Please download Malwarebytes' Anti-Malware from Here (http://www.malwarebytes.org/mbam-download.php). Never download Malwarebytes' Anti-Malware from other sources.
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/)
(use correct version for your system.....Which system am I using? (http://support.microsoft.com/kb/827218))
and Tutorial http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
please post:
MBAM log
FRST.txt
The problems with Chrome seem to be gone. It also seems the computer is booting much faster. Earlier, dropbox would take several minutes to sync. Now it is almost instant.
MBAM Log
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.02.17.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Thaedon :: THAEDON-PC [administrator]
2/16/2014 11:09:27 PM
mbam-log-2014-02-16 (23-09-27).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 304081
Time elapsed: 23 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\$Recycle.Bin\S-1-5-21-1026113764-1157268055-2123133849-1000\$R3GUV6U.exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.
C:\Users\Thaedon\AppData\Local\Temp\wh_cc.exe (PUP.WebHancer) -> Quarantined and deleted successfully.
C:\Users\Thaedon\Downloads\Diablo_3_installer.exe (Trojan.Hoaxsms) -> Quarantined and deleted successfully.
(end)
FRST
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-02-2014
Ran by Thaedon (administrator) on THAEDON-PC on 16-02-2014 23:53:37
Running from C:\Users\Thaedon\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(Dropbox, Inc.) C:\Users\Thaedon\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Users\Thaedon\AppData\Local\Google\Chrome\Application\chrome.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe
(Google Inc.) C:\Users\Thaedon\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thaedon\AppData\Local\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Users\Thaedon\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-07-14] (Check Point Software Technologies)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73392 2012-08-03] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Intuit SyncManager] - C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3774776 2014-01-16] (Intuit Inc. All rights reserved.)
HKU\S-1-5-21-1026113764-1157268055-2123133849-1000\...\Run: [Google Update] - C:\Users\Thaedon\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-31] (Google Inc.)
HKU\S-1-5-21-1026113764-1157268055-2123133849-1000\...\Run: [ROC_ROC_APR2013_AV] - C:\Users\Thaedon\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 49901070658447d187b4f1867614c634-d78fccd3f18c46d5521984890289a55d5f8f2a87 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
HKU\S-1-5-21-1026113764-1157268055-2123133849-1000\...\Run: [AVG-Secure-Search-Update_0913a] - C:\Users\Thaedon\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 49901070658447d187b4f1867614c634-d78fccd3f18c46d5521984890289a55d5f8f2a87 --CMPID 0913a
HKU\S-1-5-21-1026113764-1157268055-2123133849-1000\...\MountPoints2: {0835c72d-3383-11e1-8490-806e6f6e6963} - E:\SETUP.exe
HKU\S-1-5-21-1026113764-1157268055-2123133849-1006\...\Run: [Google Update] - C:\Users\Thaedon\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-31] (Google Inc.)
HKU\S-1-5-21-1026113764-1157268055-2123133849-1006\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\S-1-5-21-1026113764-1157268055-2123133849-1006\...\RunOnce: [CTPostBootSequencer] - "C:\Users\Thaedon\AppData\Local\Temp\CTPBSeq.exe" /reglaunch /self_destruct
HKU\S-1-5-21-1026113764-1157268055-2123133849-1006\...\MountPoints2: {0835c72d-3383-11e1-8490-806e6f6e6963} - D:\Setup\rsrc\Autorun.exe
Startup: C:\Users\Thaedon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Thaedon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Thaedon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://idp.mls.ntreis.net/idp/Authn/UserPassword
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7C307ECD6D2ACD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF ProfilePath: C:\Users\Thaedon\AppData\Roaming\Mozilla\Firefox\Profiles\5fgiqjc6.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: hxxp://duckduckgo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Thaedon\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Thaedon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Thaedon\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Thaedon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Thaedon\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Thaedon\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Thaedon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Thaedon\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Thaedon\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Thaedon\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Thaedon\AppData\Roaming\Mozilla\Firefox\Profiles\5fgiqjc6.default\searchplugins\duckduckgo.xml
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012-08-12]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012-08-12]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Thaedon\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Thaedon\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Thaedon\AppData\Local\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Thaedon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
CHR Plugin: (Unity Player) - C:\Users\Thaedon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Thaedon\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Thaedon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-24]
CHR Extension: (YouTube) - C:\Users\Thaedon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-31]
CHR Extension: (Google Search) - C:\Users\Thaedon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-31]
CHR Extension: (Google Voice (by Google)) - C:\Users\Thaedon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2012-11-11]
CHR Extension: (Google Wallet) - C:\Users\Thaedon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Buffer) - C:\Users\Thaedon\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2012-01-07]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Thaedon\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2012-11-11]
CHR Extension: (LogMeIn) - C:\Users\Thaedon\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon [2013-11-17]
CHR Extension: (Gmail) - C:\Users\Thaedon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-31]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Thaedon\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-06-24]
CHR StartMenuInternet: Google Chrome - C:\Users\Thaedon\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S4 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [827560 2012-07-14] (Check Point Software Technologies)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2012-01-08] ()
R3 QuickBooksDB23; C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe [679936 2012-08-18] (Intuit, Inc.)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445880 2012-08-03] (Check Point Software Technologies LTD)
==================== Drivers (Whitelisted) ====================
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 ews88mt; C:\Windows\System32\drivers\ews88wdm.sys [126944 2007-03-14] (Terratec Electronic GmbH)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-07-14] (Check Point Software Technologies)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R0 nvrd64; C:\Windows\System32\DRIVERS\nvrd64.sys [175720 2010-04-09] (NVIDIA Corporation)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [52736 2009-07-23] (Realtek Semiconductor Corporation )
R3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2010-09-17] (Steinberg Media Technologies GmbH)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [454232 2011-05-07] (Check Point Software Technologies LTD)
R3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-16 23:53 - 2014-02-16 23:54 - 00019155 _____ () C:\Users\Thaedon\Downloads\FRST.txt
2014-02-16 23:53 - 2014-02-16 23:53 - 00000000 ____D () C:\FRST
2014-02-16 23:52 - 2014-02-16 23:52 - 02152448 _____ (Farbar) C:\Users\Thaedon\Downloads\FRST64.exe
2014-02-16 23:07 - 2014-02-16 23:07 - 00000000 ____D () C:\Users\Thaedon\AppData\Roaming\Malwarebytes
2014-02-16 23:07 - 2014-02-16 23:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-16 23:07 - 2014-02-16 23:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-16 23:07 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-16 23:04 - 2014-02-16 23:06 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Thaedon\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-16 17:04 - 2014-02-16 17:04 - 00000000 ____D () C:\Windows\ERUNT
2014-02-16 17:03 - 2014-02-16 17:03 - 01037530 _____ (Thisisu) C:\Users\Thaedon\Downloads\JRT.exe
2014-02-16 16:45 - 2014-02-16 17:23 - 00000000 ____D () C:\AdwCleaner
2014-02-16 16:43 - 2014-02-16 16:43 - 01166132 _____ () C:\Users\Thaedon\Downloads\AdwCleaner.exe
2014-02-16 15:49 - 2014-02-16 15:49 - 00050758 _____ () C:\Users\Thaedon\Desktop\VN-2014-02-16-08-33-44.AMR
2014-02-14 16:01 - 2014-02-14 16:01 - 00009114 _____ () C:\Users\Thaedon\Desktop\James Jones Terms.xlsx
2014-02-14 10:07 - 2014-02-14 10:07 - 00262144 ____N () C:\Windows\Minidump\021414-45645-01.dmp
2014-02-11 15:31 - 2014-02-11 15:31 - 00930440 _____ (CNET Download.com) C:\Users\Thaedon\Downloads\cbsidlm-cbsi176-VSDC_Free_Video_Editor-ORG-75764187.exe
2014-02-11 13:33 - 2013-12-21 03:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-11 13:33 - 2013-12-21 02:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-11 13:32 - 2014-02-11 13:32 - 00007545 _____ () C:\Users\Thaedon\Desktop\Blind Offer Mind Map.mm
2014-02-11 13:31 - 2014-02-06 06:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-11 13:31 - 2014-02-06 05:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-11 13:31 - 2014-02-06 05:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-11 13:31 - 2014-02-06 05:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-11 13:31 - 2014-02-06 05:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-11 13:31 - 2014-02-06 05:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-11 13:31 - 2014-02-06 04:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-11 13:31 - 2014-02-06 04:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-11 13:31 - 2014-02-06 04:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-11 13:31 - 2014-02-06 04:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-11 13:31 - 2014-02-06 04:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-11 13:31 - 2014-02-06 04:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-11 13:31 - 2014-02-06 04:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-11 13:31 - 2014-02-06 04:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-11 13:31 - 2014-02-06 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-11 13:31 - 2014-02-06 04:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-11 13:31 - 2014-02-06 04:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-11 13:31 - 2014-02-06 04:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-11 13:31 - 2014-02-06 04:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-11 13:31 - 2014-02-06 03:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-11 13:31 - 2014-02-06 03:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-11 13:31 - 2014-02-06 03:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-11 13:31 - 2014-02-06 03:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-11 13:31 - 2014-02-06 03:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-11 13:31 - 2014-02-06 03:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-11 13:31 - 2014-02-06 03:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-11 13:31 - 2014-02-06 03:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-11 13:31 - 2014-02-06 03:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-11 13:31 - 2014-02-06 03:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-11 13:31 - 2014-02-06 03:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-11 13:31 - 2014-02-06 03:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-11 13:31 - 2014-02-06 03:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-11 13:31 - 2014-02-06 03:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-11 13:31 - 2014-02-06 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-11 13:31 - 2014-02-06 02:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-11 13:31 - 2014-02-06 02:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-11 13:31 - 2014-02-06 02:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-11 13:31 - 2014-02-06 02:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-11 13:31 - 2014-02-06 02:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-11 13:30 - 2013-12-03 20:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-11 13:30 - 2013-12-03 20:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-11 13:30 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-11 13:30 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-11 13:30 - 2013-12-03 20:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-11 13:30 - 2013-12-03 20:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-11 13:30 - 2013-12-03 20:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-11 13:30 - 2013-12-03 20:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-11 13:30 - 2013-12-03 20:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-11 13:30 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-11 13:30 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-11 13:30 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-11 13:30 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-11 13:30 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-11 13:30 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-11 13:30 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-11 13:30 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-11 13:30 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-11 13:29 - 2013-12-31 17:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-11 13:29 - 2013-12-31 17:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-11 13:29 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-11 13:29 - 2013-12-24 16:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-11 13:29 - 2013-12-05 20:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 13:29 - 2013-12-05 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-11 13:29 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-11 13:29 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-11 13:29 - 2013-11-26 17:29 - 05693440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-11 13:29 - 2013-11-26 16:49 - 06573056 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-11 13:29 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-11 13:29 - 2013-11-22 16:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 12:46 - 2014-02-11 12:46 - 00401496 _____ (NCH Software) C:\Users\Thaedon\Downloads\clickchartsetup.exe
2014-02-11 12:46 - 2014-02-11 12:46 - 00001202 _____ () C:\Users\Public\Desktop\ClickCharts Diagram Flowchart Software.lnk
2014-02-11 12:46 - 2014-02-11 12:46 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-02-11 12:46 - 2014-02-11 12:46 - 00000000 ____D () C:\Users\Thaedon\Documents\ClickCharts
2014-02-11 12:46 - 2014-02-11 12:46 - 00000000 ____D () C:\ProgramData\NCH Software
2014-02-11 12:46 - 2014-02-11 12:46 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-02-11 12:43 - 2014-02-11 13:33 - 00000000 ____D () C:\Program Files (x86)\MeeSoft
2014-02-11 12:43 - 2014-02-11 12:43 - 01393105 _____ () C:\Users\Thaedon\Downloads\DiagramDesignerSetup.exe
2014-02-09 19:44 - 2014-02-09 19:44 - 00262144 ____N () C:\Windows\Minidump\020914-44319-01.dmp
2014-02-09 19:36 - 2014-02-09 19:36 - 00262144 ____N () C:\Windows\Minidump\020914-45630-01.dmp
2014-02-08 22:32 - 2014-02-08 22:32 - 00002016 _____ () C:\Users\Thaedon\Desktop\aswMBR.txt
2014-02-08 22:32 - 2014-02-08 22:32 - 00000512 _____ () C:\Users\Thaedon\Desktop\MBR.dat
2014-02-08 18:34 - 2014-02-08 18:34 - 04745728 _____ (AVAST Software) C:\Users\Thaedon\Downloads\aswMBR.exe
2014-02-08 18:32 - 2014-02-08 18:32 - 00004019 _____ () C:\Users\Thaedon\Desktop\attach.zip
2014-02-08 18:25 - 2014-02-08 18:25 - 00018420 _____ () C:\Users\Thaedon\Desktop\dds.txt
2014-02-08 18:25 - 2014-02-08 18:25 - 00011561 _____ () C:\Users\Thaedon\Desktop\attach.txt
2014-02-08 18:23 - 2014-02-08 18:23 - 00688992 ____R (Swearware) C:\Users\Thaedon\Downloads\dds.scr
2014-02-08 18:23 - 2014-02-08 18:23 - 00000000 ____D () C:\Windows\ERDNT
2014-02-08 18:22 - 2014-02-08 18:22 - 00791393 _____ (Lars Hederer ) C:\Users\Thaedon\Downloads\erunt-setup.exe
2014-02-08 18:22 - 2014-02-08 18:22 - 00000928 _____ () C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2014-02-08 18:22 - 2014-02-08 18:22 - 00000928 _____ () C:\Users\Thaedon\Desktop\NTREGOPT.lnk
2014-02-08 18:22 - 2014-02-08 18:22 - 00000928 _____ () C:\Users\QBDataServiceUser23\Desktop\NTREGOPT.lnk
2014-02-08 18:22 - 2014-02-08 18:22 - 00000909 _____ () C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2014-02-08 18:22 - 2014-02-08 18:22 - 00000909 _____ () C:\Users\Thaedon\Desktop\ERUNT.lnk
2014-02-08 18:22 - 2014-02-08 18:22 - 00000909 _____ () C:\Users\QBDataServiceUser23\Desktop\ERUNT.lnk
2014-02-08 18:22 - 2014-02-08 18:22 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-02-08 18:19 - 2014-02-08 18:19 - 00011353 _____ () C:\Users\Thaedon\Desktop\OWNER FINANCE.xlsx
2014-02-08 12:26 - 2014-02-08 12:26 - 00262144 ____N () C:\Windows\Minidump\020814-38641-01.dmp
2014-02-08 12:13 - 2014-02-08 12:13 - 00000000 ____D () C:\Users\Thaedon\AppData\Local\Macromedia
2014-02-08 12:10 - 2014-02-08 12:11 - 00000000 ____D () C:\Users\Thaedon\AppData\Local\Mozilla
2014-02-08 12:10 - 2014-02-08 12:10 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-08 12:10 - 2014-02-08 12:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-08 12:10 - 2014-02-08 12:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-08 12:02 - 2014-02-08 12:02 - 00282960 _____ (Mozilla) C:\Users\Thaedon\Downloads\Firefox Setup Stub 27.0.exe
2014-02-07 20:12 - 2014-02-07 20:12 - 00000000 ____D () C:\Users\Thaedon\Documents\Games for Windows - LIVE Demos
2014-02-07 16:22 - 2014-02-07 16:22 - 00262144 ____N () C:\Windows\Minidump\020714-65536-01.dmp
2014-02-06 11:14 - 2014-02-06 11:14 - 00020028 _____ () C:\Users\Thaedon\Desktop\Export.CSV
2014-02-04 19:04 - 2014-02-04 19:04 - 00055808 _____ () C:\Users\Thaedon\Desktop\Fix-Flip-Checklist.xls
2014-01-30 12:07 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-30 12:07 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-30 12:07 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-30 12:07 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-30 12:06 - 2014-01-30 12:07 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-29 09:16 - 2014-02-11 22:04 - 00000000 ____D () C:\Users\Thaedon\.freemind
2014-01-29 09:15 - 2014-01-29 09:15 - 00000000 ____D () C:\Program Files (x86)\FreeMind
2014-01-29 09:14 - 2014-01-29 09:15 - 38068733 _____ ( ) C:\Users\Thaedon\Downloads\FreeMind-Windows-Installer-1.0.0-max.exe
2014-01-27 16:27 - 2014-01-27 16:27 - 00262144 ____N () C:\Windows\Minidump\012714-38267-01.dmp
2014-01-27 09:30 - 2014-01-27 09:30 - 00000000 ____D () C:\Users\Thaedon\AppData\Local\eLicenser
2014-01-27 09:06 - 2014-01-27 09:06 - 00000000 ____D () C:\Windows\pss
2014-01-24 21:01 - 2014-01-24 21:02 - 70015304 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Thaedon\Downloads\KiesSetup.exe
2014-01-24 21:00 - 2014-01-24 21:00 - 00000000 ____D () C:\Users\Thaedon\Documents\SelfMV
2014-01-24 21:00 - 2014-01-24 21:00 - 00000000 ____D () C:\Users\Thaedon\Documents\samsung
2014-01-24 21:00 - 2014-01-24 21:00 - 00000000 ____D () C:\Users\Thaedon\AppData\Roaming\Samsung
2014-01-24 21:00 - 2014-01-24 21:00 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-01-24 20:53 - 2014-01-24 21:03 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-01-24 20:31 - 2014-01-24 20:28 - 11634004 _____ () C:\Users\Thaedon\Desktop\TwWallpaperChooser.zip
2014-01-24 20:21 - 2014-01-24 20:21 - 00000000 ____D () C:\Users\Thaedon\AppData\Local\Downloaded Installations
2014-01-24 20:11 - 2014-01-24 20:13 - 37141984 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Thaedon\Downloads\Kies3Setup.exe
2014-01-24 19:26 - 2014-01-24 19:29 - 00000000 ____D () C:\Users\Thaedon\Desktop\Photos
2014-01-24 19:21 - 2014-01-24 19:27 - 557720573 _____ (TODO: <Company name>) C:\Users\Thaedon\Downloads\SPH-D710_FL24_CL1173404_REV2_Rooted_Nodata.exe
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-01-21 20:22 - 2014-01-21 20:22 - 04973244 _____ () C:\Users\Thaedon\Desktop\AttendeeViewerImage002.bmp
2014-01-21 20:21 - 2014-01-21 20:21 - 04973244 _____ () C:\Users\Thaedon\Desktop\AttendeeViewerImage001.bmp
2014-01-21 19:22 - 2014-01-21 19:22 - 04973244 _____ () C:\Users\Thaedon\Desktop\AttendeeViewerImage000.bmp
2014-01-21 13:14 - 2014-01-24 23:01 - 00000000 ____D () C:\Users\Thaedon\AppData\Roaming\Skype
2014-01-21 13:14 - 2014-01-21 13:14 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-01-21 13:14 - 2014-01-21 13:14 - 00000000 ____D () C:\ProgramData\Skype
2014-01-21 13:13 - 2014-01-21 13:14 - 35095200 _____ (Skype Technologies S.A.) C:\Users\Thaedon\Downloads\SkypeSetupFull.exe
2014-01-21 13:13 - 2014-01-21 13:13 - 00003180 _____ () C:\Windows\System32\Tasks\{8AF6B1DD-81C6-4691-8871-9EC122AC37D6}
2014-01-21 13:12 - 2014-01-21 13:12 - 01551008 _____ (Skype Technologies S.A.) C:\Users\Thaedon\Downloads\SkypeSetup.exe
2014-01-17 21:01 - 2014-01-17 21:01 - 00000000 ___RD () C:\Users\QBDataServiceUser23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-17 08:01 - 2013-11-26 19:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-17 08:01 - 2013-11-26 19:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-17 08:01 - 2013-11-26 19:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-17 08:01 - 2013-11-26 19:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-17 08:01 - 2013-11-26 19:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-17 08:01 - 2013-11-26 19:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-17 08:01 - 2013-11-26 19:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-17 08:01 - 2013-11-26 05:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-17 08:01 - 2013-11-26 04:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
2014-02-16 23:54 - 2014-02-16 23:53 - 00019155 _____ () C:\Users\Thaedon\Downloads\FRST.txt
2014-02-16 23:53 - 2014-02-16 23:53 - 00000000 ____D () C:\FRST
2014-02-16 23:53 - 2009-07-13 22:45 - 00020528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-16 23:53 - 2009-07-13 22:45 - 00020528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-16 23:52 - 2014-02-16 23:52 - 02152448 _____ (Farbar) C:\Users\Thaedon\Downloads\FRST64.exe
2014-02-16 23:50 - 2011-12-30 12:52 - 01621408 _____ () C:\Windows\WindowsUpdate.log
2014-02-16 23:47 - 2013-06-24 20:11 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-16 23:47 - 2013-03-09 16:22 - 00000000 ___RD () C:\Users\Thaedon\Dropbox
2014-02-16 23:47 - 2012-03-27 20:10 - 00000000 ____D () C:\Users\Thaedon\AppData\Roaming\Dropbox
2014-02-16 23:46 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-16 23:46 - 2009-07-13 22:51 - 56591673 _____ () C:\Windows\setupact.log
2014-02-16 23:37 - 2010-11-20 21:47 - 00099344 _____ () C:\Windows\PFRO.log
2014-02-16 23:30 - 2012-05-03 19:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-16 23:21 - 2013-06-24 20:11 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-16 23:10 - 2011-12-31 00:59 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1026113764-1157268055-2123133849-1000UA.job
2014-02-16 23:07 - 2014-02-16 23:07 - 00000000 ____D () C:\Users\Thaedon\AppData\Roaming\Malwarebytes
2014-02-16 23:07 - 2014-02-16 23:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-16 23:07 - 2014-02-16 23:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-16 23:06 - 2014-02-16 23:04 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Thaedon\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-16 21:10 - 2011-12-31 00:59 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1026113764-1157268055-2123133849-1000Core.job
2014-02-16 21:05 - 2011-12-31 00:59 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1026113764-1157268055-2123133849-1000UA
2014-02-16 21:05 - 2011-12-31 00:59 - 00003494 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1026113764-1157268055-2123133849-1000Core
2014-02-16 18:08 - 2011-12-31 01:06 - 00000000 ____D () C:\Users\Thaedon\AppData\Roaming\CheckPoint
2014-02-16 17:31 - 2011-12-31 01:01 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-16 17:23 - 2014-02-16 16:45 - 00000000 ____D () C:\AdwCleaner
2014-02-16 17:04 - 2014-02-16 17:04 - 00000000 ____D () C:\Windows\ERUNT
2014-02-16 17:03 - 2014-02-16 17:03 - 01037530 _____ (Thisisu) C:\Users\Thaedon\Downloads\JRT.exe
2014-02-16 16:43 - 2014-02-16 16:43 - 01166132 _____ () C:\Users\Thaedon\Downloads\AdwCleaner.exe
2014-02-16 15:49 - 2014-02-16 15:49 - 00050758 _____ () C:\Users\Thaedon\Desktop\VN-2014-02-16-08-33-44.AMR
2014-02-16 11:58 - 2013-12-13 16:35 - 00000060 _____ () C:\Windows\wpd99.drv
2014-02-16 11:58 - 2013-12-13 16:35 - 00000000 ____D () C:\ProgramData\pdf995
2014-02-15 22:16 - 2013-06-24 20:11 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-15 22:16 - 2013-06-24 20:11 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-14 16:01 - 2014-02-14 16:01 - 00009114 _____ () C:\Users\Thaedon\Desktop\James Jones Terms.xlsx
2014-02-14 10:07 - 2014-02-14 10:07 - 00262144 ____N () C:\Windows\Minidump\021414-45645-01.dmp
2014-02-14 10:07 - 2012-01-08 18:25 - 00000000 ____D () C:\Windows\Minidump
2014-02-13 20:10 - 2011-12-30 12:45 - 00000000 ____D () C:\Users\Thaedon
2014-02-11 22:04 - 2014-01-29 09:16 - 00000000 ____D () C:\Users\Thaedon\.freemind
2014-02-11 15:31 - 2014-02-11 15:31 - 00930440 _____ (CNET Download.com) C:\Users\Thaedon\Downloads\cbsidlm-cbsi176-VSDC_Free_Video_Editor-ORG-75764187.exe
2014-02-11 13:45 - 2013-07-13 21:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-11 13:41 - 2011-12-31 08:47 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-11 13:36 - 2012-12-13 17:07 - 00773912 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-11 13:36 - 2009-07-13 23:13 - 00773912 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-11 13:33 - 2014-02-11 12:43 - 00000000 ____D () C:\Program Files (x86)\MeeSoft
2014-02-11 13:32 - 2014-02-11 13:32 - 00007545 _____ () C:\Users\Thaedon\Desktop\Blind Offer Mind Map.mm
2014-02-11 13:24 - 2011-12-31 09:19 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-11 12:46 - 2014-02-11 12:46 - 00401496 _____ (NCH Software) C:\Users\Thaedon\Downloads\clickchartsetup.exe
2014-02-11 12:46 - 2014-02-11 12:46 - 00001202 _____ () C:\Users\Public\Desktop\ClickCharts Diagram Flowchart Software.lnk
2014-02-11 12:46 - 2014-02-11 12:46 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-02-11 12:46 - 2014-02-11 12:46 - 00000000 ____D () C:\Users\Thaedon\Documents\ClickCharts
2014-02-11 12:46 - 2014-02-11 12:46 - 00000000 ____D () C:\ProgramData\NCH Software
2014-02-11 12:46 - 2014-02-11 12:46 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-02-11 12:43 - 2014-02-11 12:43 - 01393105 _____ () C:\Users\Thaedon\Downloads\DiagramDesignerSetup.exe
2014-02-11 09:06 - 2012-05-04 18:43 - 00000000 ____D () C:\Users\Thaedon\AppData\Roaming\Mozilla
2014-02-09 20:03 - 2012-01-08 14:51 - 00533716 _____ () C:\Windows\DirectX.log
2014-02-09 19:44 - 2014-02-09 19:44 - 00262144 ____N () C:\Windows\Minidump\020914-44319-01.dmp
2014-02-09 19:36 - 2014-02-09 19:36 - 00262144 ____N () C:\Windows\Minidump\020914-45630-01.dmp
2014-02-08 22:32 - 2014-02-08 22:32 - 00002016 _____ () C:\Users\Thaedon\Desktop\aswMBR.txt
2014-02-08 22:32 - 2014-02-08 22:32 - 00000512 _____ () C:\Users\Thaedon\Desktop\MBR.dat
2014-02-08 18:34 - 2014-02-08 18:34 - 04745728 _____ (AVAST Software) C:\Users\Thaedon\Downloads\aswMBR.exe
2014-02-08 18:32 - 2014-02-08 18:32 - 00004019 _____ () C:\Users\Thaedon\Desktop\attach.zip
2014-02-08 18:25 - 2014-02-08 18:25 - 00018420 _____ () C:\Users\Thaedon\Desktop\dds.txt
2014-02-08 18:25 - 2014-02-08 18:25 - 00011561 _____ () C:\Users\Thaedon\Desktop\attach.txt
2014-02-08 18:23 - 2014-02-08 18:23 - 00688992 ____R (Swearware) C:\Users\Thaedon\Downloads\dds.scr
2014-02-08 18:23 - 2014-02-08 18:23 - 00000000 ____D () C:\Windows\ERDNT
2014-02-08 18:22 - 2014-02-08 18:22 - 00791393 _____ (Lars Hederer ) C:\Users\Thaedon\Downloads\erunt-setup.exe
2014-02-08 18:22 - 2014-02-08 18:22 - 00000928 _____ () C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2014-02-08 18:22 - 2014-02-08 18:22 - 00000928 _____ () C:\Users\Thaedon\Desktop\NTREGOPT.lnk
2014-02-08 18:22 - 2014-02-08 18:22 - 00000928 _____ () C:\Users\QBDataServiceUser23\Desktop\NTREGOPT.lnk
2014-02-08 18:22 - 2014-02-08 18:22 - 00000909 _____ () C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2014-02-08 18:22 - 2014-02-08 18:22 - 00000909 _____ () C:\Users\Thaedon\Desktop\ERUNT.lnk
2014-02-08 18:22 - 2014-02-08 18:22 - 00000909 _____ () C:\Users\QBDataServiceUser23\Desktop\ERUNT.lnk
2014-02-08 18:22 - 2014-02-08 18:22 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-02-08 18:22 - 2011-12-30 12:13 - 00000000 ___RD () C:\Users\Thaedon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-08 18:19 - 2014-02-08 18:19 - 00011353 _____ () C:\Users\Thaedon\Desktop\OWNER FINANCE.xlsx
2014-02-08 12:26 - 2014-02-08 12:26 - 00262144 ____N () C:\Windows\Minidump\020814-38641-01.dmp
2014-02-08 12:13 - 2014-02-08 12:13 - 00000000 ____D () C:\Users\Thaedon\AppData\Local\Macromedia
2014-02-08 12:11 - 2014-02-08 12:10 - 00000000 ____D () C:\Users\Thaedon\AppData\Local\Mozilla
2014-02-08 12:10 - 2014-02-08 12:10 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-08 12:10 - 2014-02-08 12:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-08 12:10 - 2014-02-08 12:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-08 12:02 - 2014-02-08 12:02 - 00282960 _____ (Mozilla) C:\Users\Thaedon\Downloads\Firefox Setup Stub 27.0.exe
2014-02-07 20:12 - 2014-02-07 20:12 - 00000000 ____D () C:\Users\Thaedon\Documents\Games for Windows - LIVE Demos
2014-02-07 16:22 - 2014-02-07 16:22 - 00262144 ____N () C:\Windows\Minidump\020714-65536-01.dmp
2014-02-06 11:14 - 2014-02-06 11:14 - 00020028 _____ () C:\Users\Thaedon\Desktop\Export.CSV
2014-02-06 06:16 - 2014-02-11 13:31 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 05:30 - 2014-02-11 13:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 05:30 - 2014-02-11 13:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 05:12 - 2014-02-11 13:31 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 05:07 - 2014-02-11 13:31 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 05:06 - 2014-02-11 13:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-11 13:31 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 04:56 - 2014-02-11 13:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 04:52 - 2014-02-11 13:31 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 04:49 - 2014-02-11 13:31 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 04:48 - 2014-02-11 13:31 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 04:48 - 2014-02-11 13:31 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 04:38 - 2014-02-11 13:31 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 04:32 - 2014-02-11 13:31 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 04:20 - 2014-02-11 13:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 04:17 - 2014-02-11 13:31 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 04:11 - 2014-02-11 13:31 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 04:01 - 2014-02-11 13:31 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 04:00 - 2014-02-11 13:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 03:57 - 2014-02-11 13:31 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 03:57 - 2014-02-11 13:31 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 03:52 - 2014-02-11 13:31 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 03:52 - 2014-02-11 13:31 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 03:50 - 2014-02-11 13:31 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 03:49 - 2014-02-11 13:31 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 03:47 - 2014-02-11 13:31 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 03:46 - 2014-02-11 13:31 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 03:25 - 2014-02-11 13:31 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 03:25 - 2014-02-11 13:31 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 03:24 - 2014-02-11 13:31 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 03:22 - 2014-02-11 13:31 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 03:13 - 2014-02-11 13:31 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 03:09 - 2014-02-11 13:31 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 03:03 - 2014-02-11 13:31 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 02:55 - 2014-02-11 13:31 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 02:41 - 2014-02-11 13:31 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 02:40 - 2014-02-11 13:31 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 02:36 - 2014-02-11 13:31 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 02:34 - 2014-02-11 13:31 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 16:30 - 2012-05-03 19:39 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 16:30 - 2012-05-03 19:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 16:30 - 2011-12-31 09:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 19:04 - 2014-02-04 19:04 - 00055808 _____ () C:\Users\Thaedon\Desktop\Fix-Flip-Checklist.xls
2014-01-30 18:15 - 2013-12-06 14:31 - 00000090 _____ () C:\Windows\QBChanUtil_Trigger.ini
2014-01-30 12:19 - 2013-12-04 14:50 - 00000000 ____D () C:\Users\Thaedon\AppData\Local\Microsoft Help
2014-01-30 12:07 - 2014-01-30 12:06 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-30 12:07 - 2013-10-20 18:29 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-30 12:07 - 2012-11-11 13:24 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-29 09:15 - 2014-01-29 09:15 - 00000000 ____D () C:\Program Files (x86)\FreeMind
2014-01-29 09:15 - 2014-01-29 09:14 - 38068733 _____ ( ) C:\Users\Thaedon\Downloads\FreeMind-Windows-Installer-1.0.0-max.exe
2014-01-27 16:27 - 2014-01-27 16:27 - 00262144 ____N () C:\Windows\Minidump\012714-38267-01.dmp
2014-01-27 09:30 - 2014-01-27 09:30 - 00000000 ____D () C:\Users\Thaedon\AppData\Local\eLicenser
2014-01-27 09:06 - 2014-01-27 09:06 - 00000000 ____D () C:\Windows\pss
2014-01-27 08:49 - 2011-12-31 01:37 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-01-24 23:01 - 2014-01-21 13:14 - 00000000 ____D () C:\Users\Thaedon\AppData\Roaming\Skype
2014-01-24 21:03 - 2014-01-24 20:53 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-01-24 21:03 - 2012-01-05 20:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-24 21:02 - 2014-01-24 21:01 - 70015304 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Thaedon\Downloads\KiesSetup.exe
2014-01-24 21:00 - 2014-01-24 21:00 - 00000000 ____D () C:\Users\Thaedon\Documents\SelfMV
2014-01-24 21:00 - 2014-01-24 21:00 - 00000000 ____D () C:\Users\Thaedon\Documents\samsung
2014-01-24 21:00 - 2014-01-24 21:00 - 00000000 ____D () C:\Users\Thaedon\AppData\Roaming\Samsung
2014-01-24 21:00 - 2014-01-24 21:00 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-01-24 20:28 - 2014-01-24 20:31 - 11634004 _____ () C:\Users\Thaedon\Desktop\TwWallpaperChooser.zip
2014-01-24 20:21 - 2014-01-24 20:21 - 00000000 ____D () C:\Users\Thaedon\AppData\Local\Downloaded Installations
2014-01-24 20:13 - 2014-01-24 20:11 - 37141984 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Thaedon\Downloads\Kies3Setup.exe
2014-01-24 19:29 - 2014-01-24 19:26 - 00000000 ____D () C:\Users\Thaedon\Desktop\Photos
2014-01-24 19:27 - 2014-01-24 19:21 - 557720573 _____ (TODO: <Company name>) C:\Users\Thaedon\Downloads\SPH-D710_FL24_CL1173404_REV2_Rooted_Nodata.exe
2014-01-23 09:12 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-01-21 20:22 - 2014-01-21 20:22 - 04973244 _____ () C:\Users\Thaedon\Desktop\AttendeeViewerImage002.bmp
2014-01-21 20:21 - 2014-01-21 20:21 - 04973244 _____ () C:\Users\Thaedon\Desktop\AttendeeViewerImage001.bmp
2014-01-21 19:22 - 2014-01-21 19:22 - 04973244 _____ () C:\Users\Thaedon\Desktop\AttendeeViewerImage000.bmp
2014-01-21 18:47 - 2013-10-30 12:02 - 00000000 ____D () C:\Users\Thaedon\AppData\Local\Citrix
2014-01-21 13:14 - 2014-01-21 13:14 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-01-21 13:14 - 2014-01-21 13:14 - 00000000 ____D () C:\ProgramData\Skype
2014-01-21 13:14 - 2014-01-21 13:13 - 35095200 _____ (Skype Technologies S.A.) C:\Users\Thaedon\Downloads\SkypeSetupFull.exe
2014-01-21 13:13 - 2014-01-21 13:13 - 00003180 _____ () C:\Windows\System32\Tasks\{8AF6B1DD-81C6-4691-8871-9EC122AC37D6}
2014-01-21 13:12 - 2014-01-21 13:12 - 01551008 _____ (Skype Technologies S.A.) C:\Users\Thaedon\Downloads\SkypeSetup.exe
2014-01-17 21:01 - 2014-01-17 21:01 - 00000000 ___RD () C:\Users\QBDataServiceUser23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-17 21:01 - 2013-12-06 14:31 - 00000000 ____D () C:\ProgramData\SQL Anywhere 11
2014-01-17 09:04 - 2009-07-13 22:45 - 00431664 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-17 08:07 - 2013-12-04 14:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
Files to move or delete:
====================
C:\ProgramData\hash.dat
Some content of TEMP:
====================
C:\Users\Thaedon\AppData\Local\Temp\Abspdf.exe
C:\Users\Thaedon\AppData\Local\Temp\acfpdfu.dll
C:\Users\Thaedon\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Thaedon\AppData\Local\Temp\acfpdfui.dll
C:\Users\Thaedon\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Thaedon\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Thaedon\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Thaedon\AppData\Local\Temp\bridj.dll7796725762234905513.dll
C:\Users\Thaedon\AppData\Local\Temp\cdintf.dll
C:\Users\Thaedon\AppData\Local\Temp\DE1021.dll
C:\Users\Thaedon\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Thaedon\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Thaedon\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Thaedon\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\Thaedon\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\Thaedon\AppData\Local\Temp\ICReinstall_FirefoxSetup.exe
C:\Users\Thaedon\AppData\Local\Temp\InstallAX.exe
C:\Users\Thaedon\AppData\Local\Temp\ITPx64_1033.exe
C:\Users\Thaedon\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Thaedon\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Thaedon\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Thaedon\AppData\Local\Temp\PCCheckupInstaller.exe
C:\Users\Thaedon\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Thaedon\AppData\Local\Temp\Quarantine.exe
C:\Users\Thaedon\AppData\Local\Temp\Social Club v1.1.0.1 Setup.exe
C:\Users\Thaedon\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Thaedon\AppData\Local\Temp\xmllite.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-18 11:21
==================== End Of Log ============================
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-02-2014
Ran by Thaedon at 2014-02-16 23:54:52
Running from C:\Users\Thaedon\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}
==================== Installed Programs ======================
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Photoshop 7.0.1 (x32 Version: 7.0.1 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Alien Swarm (x32 Version: - Valve)
Anodyne (x32 Version: - Sean Hogan and Jonathan Kittaka)
Another World (x32 Version: - Eric Chahi)
Apple Application Support (x32 Version: 2.3 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Artemis Spaceship Bridge Simulator (x32 Version: - )
AVG 2014 (Version: 14.0.3705 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
Awesomenauts (x32 Version: - Ronimo Games)
Batman: Arkham Asylum GOTY Edition (x32 Version: - Rocksteady Studios)
Batman: Arkham City GOTY (x32 Version: - Rocksteady Studios)
Battlefield: Bad Company 2 (x32 Version: - DICE)
Beat Hazard (x32 Version: - )
Bloodline Champions (x32 Version: - Stunlock Studios)
Booster Trooper (x32 Version: - DnS Development)
Borderlands (x32 Version: - Gearbox Software)
Borderlands 2 (x32 Version: - Gearbox Software)
calibre (x32 Version: 0.8.44 - Kovid Goyal)
Champions Online: Free For All (x32 Version: - Cryptic Studios)
Citrix Online Launcher (x32 Version: 1.0.135 - Citrix)
ClickCharts Diagram Flowchart Software (x32 Version: 1.03 - NCH Software)
Command and Conquer: Red Alert 3 - Uprising (x32 Version: - EA Los Angeles)
Company of Heroes (New Steam Version) (x32 Version: - )
Company of Heroes (x32 Version: - Relic)
Contagion (x32 Version: - Monochrome LLC)
Creative System Information (x32 Version: 1.10 - Creative Technology Limited)
Dark Souls: Prepare to Die Edition (x32 Version: - FromSoftware)
Deer Hunter 5 v1.2 (x32 Version: 1.02.0000 - Infogrames)
Deer Hunter 5 v1.2 (x32 Version: 1.02.0000 - Infogrames) Hidden
Defiance (x32 Version: - Trion Worlds)
DefianceRuntimes (x32 Version: 1.0.2 - Trion Worlds, Inc.)
Demigod (x32 Version: - Gas Powered Games)
Diablo III (x32 Version: 1.0.6.13644 - Blizzard Entertainment)
Doom 3 (x32 Version: 1.00.0000 - Activision)
Doom 3 (x32 Version: 1.00.0000 - Activision) Hidden
Download Navigator (x32 Version: 1.1.0 - SEIKO EPSON CORPORATION)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
Dungeon Defenders (x32 Version: - )
eLicenser Control (x32 Version: - Steinberg Media Technologies GmbH)
Endless Space (x32 Version: - Amplitude Studios)
EPSON Connect version 1.0 (x32 Version: 1.0 - Epson America Inc.)
Epson Customer Participation (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (x32 Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (x32 Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (x32 Version: - )
EPSON Scan (x32 Version: - Seiko Epson Corporation)
EPSON WF-2540 Series Printer Uninstall (Version: - SEIKO EPSON Corporation)
EpsonNet Print (x32 Version: 2.5.00 - SEIKO EPSON CORPORATION)
ERUNT 1.1j (x32 Version: - Lars Hederer)
EverQuest II (x32 Version: - Sony Online Entertainment)
Forge (x32 Version: - )
FreeMind (x32 Version: 1.0.0 - )
Google Chrome (HKCU Version: 32.0.1700.107 - Google Inc.)
Google Drive (x32 Version: 1.14.6059.644 - Google, Inc.)
Google Talk Plugin (x32 Version: 5.1.4.17398 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Gotham City Impostors: Free To Play (x32 Version: - Monolith Productions, Inc. )
GoToMeeting 6.0.0.1259 (HKCU Version: 6.0.0.1259 - CitrixOnline)
Grand Theft Auto IV (x32 Version: - Rockstar)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto: Episodes from Liberty City (x32 Version: - Rockstar)
Greed Corp (x32 Version: - W!Games)
Guardians of Middle-earth (x32 Version: - Zombie Studios)
Guns of Icarus Online (x32 Version: - )
Half-Life Dedicated Server Update Tool (x32 Version: - )
HandBrake 0.9.8 (x32 Version: 0.9.8 - )
Hi-Rez Studios Authenticate and Update Service (x32 Version: 3.0.0.0 - Hi-Rez Studios)
HOARD (x32 Version: - Big Sandwich Games)
Homefront (x32 Version: - THQ)
Incredipede (x32 Version: - Colin Northway with art by Thomas Shahan)
Iron Grip: Marauders (x32 Version: - )
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
L.A. Noire (x32 Version: - Rockstar)
Lara Croft and the Guardian of Light (x32 Version: - Crystal Dynamics Inc.)
League of Legends (x32 Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Left 4 Dead (x32 Version: - Valve)
Left 4 Dead 2 (x32 Version: - Valve)
Magic: The Gathering — Duels of the Planeswalkers 2012 (x32 Version: - )
Magicka (x32 Version: - Arrowhead Game Studios)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Marvel Heroes (x32 Version: - Gazillion Entertainment)
Max Payne 3 (x32 Version: - Rockstar)
Medal of Honor(TM) Multiplayer (x32 Version: - Electronic Arts)
Memoir '44 Online (x32 Version: - )
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (x32 Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0 - Microsoft Corporation)
Mortal Kombat Kollection (x32 Version: - Other Ocean Interactive)
Mozilla Firefox 27.0 (x86 en-US) (x32 Version: 27.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 27.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Nation Red (x32 Version: - Diezel Power)
Natural Selection 2 (x32 Version: - Unknown Worlds Entertainment)
Neverwinter (x32 Version: - Cryptic Studios)
Novel Writing Software 2.0 (x32 Version: - Marshall/Jewett)
NVIDIA 3D Vision Driver 331.65 (Version: 331.65 - NVIDIA Corporation)
NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Drivers (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Update 1.15.2 (Version: 1.15.2 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
Omerta - City of Gangsters (x32 Version: - Haemimont Games)
Origin (x32 Version: 9.3.1.4482 - Electronic Arts, Inc.)
Panzar (x32 Version: - Troxit Service)
Path of Exile (x32 Version: - Grinding Gear Games)
Pdf995 (x32 Version: - )
PDFtoEPUB (x32 Version: 1.5.0 - DNAML Pty Ltd.)
PHASE 88 ControlPanel (x32 Version: 5.40 - )
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
PlanetSide 2 (x32 Version: - Sony Online Entertainment)
Portal 2 (x32 Version: - Valve)
PunkBuster Services (x32 Version: 0.988 - Even Balance, Inc.)
QuickBooks (x32 Version: 23.0.4012.2305 - Intuit Inc.) Hidden
QuickBooks Premier Edition 2013 (x32 Version: 23.0.4001.2305 - Intuit Inc.)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
RAGE (x32 Version: - id Software)
Red Faction (x32 Version: - )
Renaissance Heroes (x32 Version: - ChangYou.com (US), Inc. (GameFuse.com))
Rise of the Triad (x32 Version: - Interceptor Entertainment)
RISK Factions (x32 Version: - Electronic Arts)
Rockstar Games Social Club (x32 Version: 1.1.0.6 - Rockstar Games)
Sacred 2 Gold (x32 Version: - )
Saints Row: The Third (x32 Version: - Volition)
Sanctum (x32 Version: - )
Scribblenauts Unlimited (x32 Version: - 5th Cell Media)
Sid Meier's Civilization V (x32 Version: - 2K Games, Inc.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Sound Blaster Tactic(3D) Alpha (x32 Version: 1.0 - Creative Technology Limited)
Spiral Knights (x32 Version: - SEGA)
Star Conflict (x32 Version: - Star Gem Inc.)
Star Trek Online (x32 Version: - Cryptic Studios)
Star Wars Republic Commando (x32 Version: - LucasArts)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Steinberg Cubase 6 64bit (Version: 6.0.0 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (x32 Version: 2.0.0.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (x32 Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Vintage Beatboxes (x32 Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE 64bit (Version: 1.5.0 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content (x32 Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (x32 Version: 2.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content 2 (x32 Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (x32 Version: 2.0.1.000 - Steinberg Media Technologies GmbH)
Steinberg VST Amp Rack Content 01 (x32 Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Team Fortress 2 (x32 Version: - Valve)
The Incredible Adventures of Van Helsing (x32 Version: - NeocoreGames)
The Sims™ 3 (x32 Version: 1.42.130 - Electronic Arts)
The Swapper (x32 Version: - Olli Harjola, Otto Hantula, Tom Jubert, Carlo Castellano)
Ticket to Ride (x32 Version: - Days of Wonder)
Titan Quest (x32 Version: - IronLore)
Titan Quest: Immortal Throne (x32 Version: - IronLore)
Torchlight II (x32 Version: - )
Tower Wars (x32 Version: - SuperVillain Studios)
Tribes: Ascend (x32 Version: - )
Trine 2 (x32 Version: - Frozenbyte)
Tropico 4 (x32 Version: - )
Turba (x32 Version: - Binary Takeover)
Unity Web Player (HKCU Version: - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (x32 Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32 Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32 Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)
Ventrilo Client for Windows x64 (Version: 3.0.8.0 - Flagship Industries, Inc.)
Virtual Audio Cable 4.9 (Version: - )
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (x32 Version: 1 - Microsoft Corporation)
Warframe (x32 Version: - Digital Extremes)
Warhammer® 40,000™: Dawn of War® II (x32 Version: - Relic)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)
ZoneAlarm Firewall (x32 Version: 10.2.074.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (x32 Version: 10.2.074.000 - Check Point)
ZoneAlarm Security (x32 Version: 10.2.074.000 - Check Point Software Technologies Ltd.) Hidden
==================== Restore Points =========================
25-01-2014 02:52:55 Installed Samsung Kies3
25-01-2014 03:02:49 Removed Samsung Kies3
30-01-2014 18:05:02 Installed Java 7 Update 51
10-02-2014 02:00:58 Installed DirectX
11-02-2014 19:30:40 Windows Update
==================== Hosts content: ==========================
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {054F7F90-FB94-49F6-BAB4-A7A339CBD1FF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {1D78ACD2-8792-4227-B192-2C1D7DE3486D} - System32\Tasks\{9D2BE2B1-A6F3-4E92-A403-B097BE5CFD57} => C:\Program Files (x86)\Novel Writing Software\Novel Writing Software.exe [2013-04-07] (Evan Marshall and Martha Jewett)
Task: {5BC0E102-D147-42C8-B73B-6F85A1E5903E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-24] (Google Inc.)
Task: {72118408-9C36-4117-A14F-FE6B9CDA9209} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1026113764-1157268055-2123133849-1000UA => C:\Users\Thaedon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-31] (Google Inc.)
Task: {9EE254ED-1CC1-48FE-8482-7684AF3F10E3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CAB2AFE4-2F8E-43F8-8D6F-C3FC7F624D2C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1026113764-1157268055-2123133849-1000Core => C:\Users\Thaedon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-31] (Google Inc.)
Task: {D5D6EC48-5B41-4F56-A7D0-D977BF783DCB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-24] (Google Inc.)
Task: {E0FEA76C-8F8B-499C-80D6-B4566FBB05C8} - System32\Tasks\{8AF6B1DD-81C6-4691-8871-9EC122AC37D6} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.11.0.102&LastError=12002
Task: {EFE85C4B-EC27-40C1-B987-5699D7773079} - System32\Tasks\NCH Software\ClickChartsSevenDays => C:\Program Files (x86)\NCH Software\ClickCharts\ClickCharts.exe [2013-11-06] (NCH Software)
Task: {F9EA1C36-719F-474A-AA5B-C4722FF1A758} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-16] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1026113764-1157268055-2123133849-1000Core.job => C:\Users\Thaedon\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1026113764-1157268055-2123133849-1000UA.job => C:\Users\Thaedon\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
==================== Loaded Modules (whitelisted) =============
2012-01-08 14:52 - 2012-01-08 14:52 - 00075064 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-18 17:55 - 2013-10-18 17:55 - 25100288 _____ () C:\Users\Thaedon\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-04 05:20 - 2014-02-01 17:42 - 04055368 _____ () C:\Users\Thaedon\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 05:20 - 2014-02-01 17:42 - 00399688 _____ () C:\Users\Thaedon\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 05:20 - 2014-02-01 17:41 - 01634632 _____ () C:\Users\Thaedon\AppData\Local\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
2013-11-13 20:58 - 2013-11-13 20:58 - 04591616 _____ () C:\Users\Thaedon\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll
2013-11-13 20:58 - 2013-11-13 20:58 - 00112128 _____ () C:\Users\Thaedon\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: ABBYY.Licensing.FineReader.Sprint.9.0 => 2
MSCONFIG\Services: EpsonCustomerParticipation => 2
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: EPSON_PM_RPCV4_05 => 2
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: QBCFMonitorService => 2
MSCONFIG\Services: QBFCService => 3
MSCONFIG\Services: QBVSS => 2
MSCONFIG\Services: QuickBooksDB23 => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/16/2014 11:47:04 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/16/2014 11:38:53 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/16/2014 06:51:30 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
System errors:
=============
Error: (02/16/2014 11:46:47 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (02/16/2014 11:39:04 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (02/16/2014 06:51:38 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Microsoft Office Sessions:
=========================
Error: (12/19/2013 08:59:52 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 61090 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-02-16 23:32:37.346
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-16 23:00:34.011
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-16 22:49:04.829
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-16 22:18:40.582
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-16 19:19:54.340
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-16 18:35:11.118
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-16 17:18:21.563
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-16 17:02:15.140
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-16 16:43:33.916
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-16 15:48:37.332
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 30%
Total physical RAM: 8191.16 MB
Available physical RAM: 5675.39 MB
Total Pagefile: 16380.51 MB
Available Pagefile: 13734.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:269.2 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 7E355409)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
==================== End Of Log ============================
It also seems the computer is booting much faster. Earlier, dropbox would take several minutes to sync. Now it is almost instant.
yes!
Running from C:\Users\Thaedon\Downloads <-- needs to be moved/placed on desktop to ensure the fix runs correctly.
You can go to downloads folder, right click and select Send to....chose desktop.
Or you can delete the FRST program, download it again, then save to desktop.
Firefox
you press the orange Firefox button in the top left corner >> Options
Beneath where it shows homepage, click on save files to desktop
Chrome --
Press the Customize and Control Google button (three horizontal lines in top right corner of screen) >> Settings >> Show Advanced Settings >> Downloads, Download location, click on save to desktop
Then follow these instructions below
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
start
HKU\S-1-5-21-1026113764-1157268055-2123133849-1006\...\RunOnce: [CTPostBootSequencer] - "C:\Users\Thaedon\AppData\Local\Temp\CTPBSeq.exe" /reglaunch /self_destruct
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File
C:\ProgramData\hash.dat
C:\Users\Thaedon\AppData\Local\Temp\Abspdf.exe
C:\Users\Thaedon\AppData\Local\Temp\acfpdfu.dll
C:\Users\Thaedon\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Thaedon\AppData\Local\Temp\acfpdfui.dll
C:\Users\Thaedon\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Thaedon\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Thaedon\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Thaedon\AppData\Local\Temp\bridj.dll7796725762234905513.dll
C:\Users\Thaedon\AppData\Local\Temp\cdintf.dll
C:\Users\Thaedon\AppData\Local\Temp\DE1021.dll
C:\Users\Thaedon\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Thaedon\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Thaedon\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Thaedon\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\Thaedon\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\Thaedon\AppData\Local\Temp\ICReinstall_FirefoxSetup.exe
C:\Users\Thaedon\AppData\Local\Temp\InstallAX.exe
C:\Users\Thaedon\AppData\Local\Temp\ITPx64_1033.exe
C:\Users\Thaedon\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Thaedon\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Thaedon\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Thaedon\AppData\Local\Temp\PCCheckupInstaller.exe
C:\Users\Thaedon\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Thaedon\AppData\Local\Temp\Quarantine.exe
C:\Users\Thaedon\AppData\Local\Temp\Social Club v1.1.0.1 Setup.exe
C:\Users\Thaedon\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Thaedon\AppData\Local\Temp\xmllite.dll
end
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
~~~~~~~~~~~~~~~~~~~~~~~~~~`
Depending how full your computer is this scan can take quite a bit of time to run and complete. Please be patient also, if it finds items don't be alarmed because we do expect to see hits on malicious files already in quarantine folders from other scanners.
Go here (http://go.eset.com/us/online-scanner) to run an online scanner from ESET.
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish
Fixlog
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-02-2014
Ran by Thaedon at 2014-02-17 10:48:35 Run:1
Running from C:\Users\Thaedon\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
HKU\S-1-5-21-1026113764-1157268055-2123133849-1006\...\RunOnce: [CTPostBootSequencer] - "C:\Users\Thaedon\AppData\Local\Temp\CTPBSeq.exe" /reglaunch /self_destruct
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File
C:\ProgramData\hash.dat
C:\Users\Thaedon\AppData\Local\Temp\Abspdf.exe
C:\Users\Thaedon\AppData\Local\Temp\acfpdfu.dll
C:\Users\Thaedon\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Thaedon\AppData\Local\Temp\acfpdfui.dll
C:\Users\Thaedon\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Thaedon\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Thaedon\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Thaedon\AppData\Local\Temp\bridj.dll7796725762234905513.dll
C:\Users\Thaedon\AppData\Local\Temp\cdintf.dll
C:\Users\Thaedon\AppData\Local\Temp\DE1021.dll
C:\Users\Thaedon\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Thaedon\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Thaedon\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Thaedon\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\Thaedon\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\Thaedon\AppData\Local\Temp\ICReinstall_FirefoxSetup.exe
C:\Users\Thaedon\AppData\Local\Temp\InstallAX.exe
C:\Users\Thaedon\AppData\Local\Temp\ITPx64_1033.exe
C:\Users\Thaedon\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Thaedon\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Thaedon\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Thaedon\AppData\Local\Temp\PCCheckupInstaller.exe
C:\Users\Thaedon\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Thaedon\AppData\Local\Temp\Quarantine.exe
C:\Users\Thaedon\AppData\Local\Temp\Social Club v1.1.0.1 Setup.exe
C:\Users\Thaedon\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Thaedon\AppData\Local\Temp\xmllite.dll
end
*****************
HKU\S-1-5-21-1026113764-1157268055-2123133849-1006\Software\Microsoft\Windows\CurrentVersion\RunOnce\\CTPostBootSequencer => Value deleted successfully.
HKCR\PROTOCOLS\Handler\intu-help-qb6 => Key deleted successfully.
HKCR\CLSID\{6898B29B-BF49-43cb-A0B1-D0B9496AF491} => Key not found.
HKCR\PROTOCOLS\Handler\qbwc => Key deleted successfully.
HKCR\CLSID\{FC598A64-626C-4447-85B8-53150405FD57} => Key not found.
C:\ProgramData\hash.dat => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\Abspdf.exe => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\acfpdfu.dll => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\acfpdfuamd64.dll => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\acfpdfui.dll => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\acfpdfuia64.dll => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\acfpdfuiamd64.dll => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\acfpdfuiia64.dll => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\bridj.dll7796725762234905513.dll => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\cdintf.dll => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\DE1021.dll => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\drm_dyndata_7370014.dll => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\drm_dyndata_7380014.dll => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\drm_dyndata_7410004.dll => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\HiRezLauncherControls.dll => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\ICReinstall_FirefoxSetup.exe => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\InstallAX.exe => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\ITPx64_1033.exe => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\PCCheckupInstaller.exe => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\PDFPRT400.exe => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\Social Club v1.1.0.1 Setup.exe => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\swt-win32-3349.dll => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\xmllite.dll => Moved successfully.
==== End of Fixlog ====
ESETSCAN
C:\$Recycle.Bin\S-1-5-21-1026113764-1157268055-2123133849-1000\$RMFRY11.exe a variant of Win32/InstallCore.IK potentially unwanted application
C:\FRST\Quarantine\ICReinstall_FirefoxSetup.exe17-02-2014_10-48-35 a variant of Win32/InstallCore.IK potentially unwanted application
C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Users\Thaedon\AppData\Local\Temp\nsf8603.tmp\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Thaedon\AppData\Local\Temp\nsf8603.tmp\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Thaedon\Downloads\cbsidlm-cbsi134-DisplayShare-SEO-10908740 (1).exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Thaedon\Downloads\cbsidlm-cbsi134-DisplayShare-SEO-10908740.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Thaedon\Downloads\cbsidlm-cbsi176-VSDC_Free_Video_Editor-ORG-75764187.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Thaedon\Downloads\PFPortChecker (1).exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Thaedon\Downloads\PFPortChecker.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Thaedon\Downloads\zafwSetupWeb_102_074_000.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Users\Thaedon\Downloads\zafwSetupWeb_110_000_038.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Users\Thaedon\Downloads\zaSetupWeb_101_079_000.exe Win32/Toolbar.Conduit potentially unwanted application
OK, let's remove those bad files.
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
start
C:\$Recycle.Bin\S-1-5-21-1026113764-1157268055-2123133849-1000\$RMFRY11.exe
C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe
C:\Users\Thaedon\AppData\Local\Temp\nsf8603.tmp\ApnIC.dll
C:\Users\Thaedon\AppData\Local\Temp\nsf8603.tmp\ApnToolbarInstaller.exe
C:\Users\Thaedon\Downloads\cbsidlm-cbsi134-DisplayShare-SEO-10908740 (1).exe
C:\Users\Thaedon\Downloads\cbsidlm-cbsi134-DisplayShare-SEO-10908740.exe
C:\Users\Thaedon\Downloads\cbsidlm-cbsi176-VSDC_Free_Video_Editor-ORG-75764187.exe
C:\Users\Thaedon\Downloads\PFPortChecker (1).exe
C:\Users\Thaedon\Downloads\PFPortChecker.exe
C:\Users\Thaedon\Downloads\zafwSetupWeb_102_074_000.exe
C:\Users\Thaedon\Downloads\zafwSetupWeb_110_000_038.exe
C:\Users\Thaedon\Downloads\zaSetupWeb_101_079_000.exe
end
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
**************
Please post the Fixlog.txt and give me comments on how the computer is at the moment.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-02-2014
Ran by Thaedon at 2014-02-18 09:54:30 Run:2
Running from C:\Users\Thaedon\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
C:\$Recycle.Bin\S-1-5-21-1026113764-1157268055-2123133849-1000\$RMFRY11.exe
C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe
C:\Users\Thaedon\AppData\Local\Temp\nsf8603.tmp\ApnIC.dll
C:\Users\Thaedon\AppData\Local\Temp\nsf8603.tmp\ApnToolbarInstaller.exe
C:\Users\Thaedon\Downloads\cbsidlm-cbsi134-DisplayShare-SEO-10908740 (1).exe
C:\Users\Thaedon\Downloads\cbsidlm-cbsi134-DisplayShare-SEO-10908740.exe
C:\Users\Thaedon\Downloads\cbsidlm-cbsi176-VSDC_Free_Video_Editor-ORG-75764187.exe
C:\Users\Thaedon\Downloads\PFPortChecker (1).exe
C:\Users\Thaedon\Downloads\PFPortChecker.exe
C:\Users\Thaedon\Downloads\zafwSetupWeb_102_074_000.exe
C:\Users\Thaedon\Downloads\zafwSetupWeb_110_000_038.exe
C:\Users\Thaedon\Downloads\zaSetupWeb_101_079_000.exe
end
*****************
C:\$Recycle.Bin\S-1-5-21-1026113764-1157268055-2123133849-1000\$RMFRY11.exe => Moved successfully.
C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\nsf8603.tmp\ApnIC.dll => Moved successfully.
C:\Users\Thaedon\AppData\Local\Temp\nsf8603.tmp\ApnToolbarInstaller.exe => Moved successfully.
C:\Users\Thaedon\Downloads\cbsidlm-cbsi134-DisplayShare-SEO-10908740 (1).exe => Moved successfully.
C:\Users\Thaedon\Downloads\cbsidlm-cbsi134-DisplayShare-SEO-10908740.exe => Moved successfully.
C:\Users\Thaedon\Downloads\cbsidlm-cbsi176-VSDC_Free_Video_Editor-ORG-75764187.exe => Moved successfully.
C:\Users\Thaedon\Downloads\PFPortChecker (1).exe => Moved successfully.
C:\Users\Thaedon\Downloads\PFPortChecker.exe => Moved successfully.
C:\Users\Thaedon\Downloads\zafwSetupWeb_102_074_000.exe => Moved successfully.
C:\Users\Thaedon\Downloads\zafwSetupWeb_110_000_038.exe => Moved successfully.
C:\Users\Thaedon\Downloads\zaSetupWeb_101_079_000.exe => Moved successfully.
==== End of Fixlog ====
give me comments on how the computer is at the moment.
Well, I was thinking everything was okay. Computer still boots much quicker, I have not had any crashes, and I have had no problems with Chrome.
BUT FireFox just now opened two windows underneath the Chrome window I was using. I should have paid more attention to what they said before closing them. They weren't web pages, but a white screen with two columns of text, probably 8 lines each with checkboxes next to them. Another program, ClickCharts, also opened and ZoneAlarm stopped it from accessing the internet. I could not have accidentally opened these because I was typing an email at the time. :confused:
ClickCharts <== look in add remove programs list for this. From what I've found it's a legit application.
Wish you could had read some sort of text for the Firefox pop up.
Might be we will have to uninstall then reinstall.....
Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.
How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Download ComboFix from here:
Link 1 (http://www.bleepingcomputer.com/download/combofix/)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
Place ComboFix.exe on your Desktop <--Important
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
You may be asked to install or update the Recovery Console (http://en.wikipedia.org/wiki/Recovery_Console) (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer
---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.
Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
---------------------------------------------------------------------------------------------
If there are Internet issues after running ComboFix:
Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
Safari
Launch Safari
Go to general settings menu
Then in Preferences/ Advanced
Then on line click Proxies change settings ...
Click Internet Options, then click the Connections tab, click Network Settings.
Disable option (uncheck) for the use of proxy server ...
ComboFix 14-02-18.01 - Thaedon 02/18/2014 22:02:39.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.5636 [GMT -6:00]
Running from: c:\users\Thaedon\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\2880RobinetteLeasingpffcenter.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\2880RobinetteLeasingreviewDialog.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\2880RobinetteLeasingreviewNotesPopUp.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\2880RobinetteLeasingtaskNotesDialog.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\3248RobinetteLeasingpffcenter.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\3248RobinetteLeasingreviewDialog.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\3248RobinetteLeasingreviewNotesPopUp.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\3248RobinetteLeasingtaskNotesDialog.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\3528BlankFilepffcenter.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\3528BlankFilereviewDialog.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\3528BlankFilereviewNotesPopUp.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\3528BlankFiletaskNotesDialog.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\3528RobinettePropertiespffcenter.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\3528RobinettePropertiesreviewDialog.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\3528RobinettePropertiesreviewNotesPopUp.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\3528RobinettePropertiestaskNotesDialog.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\5944PersonalRealEstatepffcenter.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\5944PersonalRealEstatereviewDialog.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\5944PersonalRealEstatereviewNotesPopUp.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\5944PersonalRealEstatetaskNotesDialog.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\5944RobinetteLeasingpffcenter.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\5944RobinetteLeasingreviewDialog.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\5944RobinetteLeasingreviewNotesPopUp.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\5944RobinetteLeasingtaskNotesDialog.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\7072PersonalRealEstatepffcenter.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\7072PersonalRealEstatereviewDialog.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\7072PersonalRealEstatereviewNotesPopUp.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\7072PersonalRealEstatetaskNotesDialog.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\7072RobinetteLeasingpffcenter.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\7072RobinetteLeasingreviewDialog.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\7072RobinetteLeasingreviewNotesPopUp.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\7072RobinetteLeasingtaskNotesDialog.html
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\mootools.svn.js
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\pffCenter.css
c:\users\Thaedon\AppData\Local\Microsoft\Windows\Temporary Internet Files\pffCenter.js
c:\users\Thaedon\AppData\Roaming\mm
c:\users\Thaedon\AppData\Roaming\mm\cache\.cache
c:\users\Thaedon\AppData\Roaming\mm\cache\ImageLoader\0D51E9900D2C17AA30F9D5B537BA8FCE
c:\users\Thaedon\AppData\Roaming\mm\cache\ImageLoader\F722CF962F4FCDC6D9D98B6BDE3E35D8
.
.
((((((((((((((((((((((((( Files Created from 2014-01-19 to 2014-02-19 )))))))))))))))))))))))))))))))
.
.
2014-02-19 04:15 . 2014-02-19 04:15 -------- d-----w- c:\users\QBDataServiceUser23\AppData\Local\temp
2014-02-19 04:15 . 2014-02-19 04:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-17 16:53 . 2014-02-17 16:53 -------- d-----w- c:\program files (x86)\ESET
2014-02-17 05:53 . 2014-02-18 15:54 -------- d-----w- C:\FRST
2014-02-17 05:07 . 2014-02-17 05:07 -------- d-----w- c:\users\Thaedon\AppData\Roaming\Malwarebytes
2014-02-17 05:07 . 2014-02-17 05:07 -------- d-----w- c:\programdata\Malwarebytes
2014-02-17 05:07 . 2014-02-17 05:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-17 05:07 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-16 23:04 . 2014-02-16 23:04 -------- d-----w- c:\windows\ERUNT
2014-02-16 22:45 . 2014-02-16 23:23 -------- d-----w- C:\AdwCleaner
2014-02-11 19:33 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-11 19:33 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-11 19:30 . 2013-12-04 02:16 658432 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-02-11 19:29 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-11 19:29 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-11 19:29 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-02-11 19:29 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-02-11 19:29 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-11 19:29 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-11 19:29 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-11 19:29 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-02-11 19:29 . 2013-11-26 23:29 5693440 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-02-11 19:29 . 2013-11-26 22:49 6573056 ----a-w- c:\windows\system32\mstscax.dll
2014-02-11 18:46 . 2014-02-11 18:46 -------- d-----w- c:\programdata\NCH Software
2014-02-11 18:46 . 2014-02-11 18:46 -------- d-----w- c:\program files (x86)\NCH Software
2014-02-11 18:43 . 2014-02-11 19:33 -------- d-----w- c:\program files (x86)\MeeSoft
2014-02-09 00:22 . 2014-02-09 00:22 -------- d-----w- c:\program files (x86)\ERUNT
2014-02-08 18:13 . 2014-02-08 18:13 -------- d-----w- c:\users\Thaedon\AppData\Local\Macromedia
2014-02-08 18:10 . 2014-02-08 18:11 -------- d-----w- c:\users\Thaedon\AppData\Local\Mozilla
2014-02-08 18:10 . 2014-02-08 18:10 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-01-30 18:07 . 2013-12-19 03:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-29 15:16 . 2014-02-12 04:04 -------- d-----w- c:\users\Thaedon\.freemind
2014-01-29 15:15 . 2014-01-29 15:15 -------- d-----w- c:\program files (x86)\FreeMind
2014-01-27 15:30 . 2014-01-27 15:30 -------- d-----w- c:\users\Thaedon\AppData\Local\eLicenser
2014-01-25 03:00 . 2014-01-25 03:00 -------- d-----w- c:\users\Thaedon\AppData\Roaming\Samsung
2014-01-25 02:53 . 2014-01-25 03:03 -------- d-----w- c:\program files (x86)\Samsung
2014-01-25 02:21 . 2014-01-25 02:21 -------- d-----w- c:\users\Thaedon\AppData\Local\Downloaded Installations
2014-01-22 14:52 . 2014-01-22 14:52 206080 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2014-01-22 14:52 . 2014-01-22 14:52 108800 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2014-01-21 19:14 . 2014-01-25 05:01 -------- d-----w- c:\users\Thaedon\AppData\Roaming\Skype
2014-01-21 19:14 . 2014-01-21 19:14 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-01-21 19:14 . 2014-01-21 19:14 -------- d-----r- c:\program files (x86)\Skype
2014-01-21 19:14 . 2014-01-21 19:14 -------- d-----w- c:\programdata\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-11 19:41 . 2011-12-31 14:47 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-05 22:30 . 2012-05-04 01:39 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-05 22:30 . 2011-12-31 15:35 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-13 22:49 . 2013-12-13 22:35 40448 ----a-w- c:\windows\SysWow64\pdf995mon64.dll
2013-11-27 01:41 . 2014-01-17 14:01 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:41 . 2014-01-17 14:01 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:41 . 2014-01-17 14:01 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:41 . 2014-01-17 14:01 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:41 . 2014-01-17 14:01 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:41 . 2014-01-17 14:01 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:41 . 2014-01-17 14:01 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 11:40 . 2014-01-17 14:01 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2013-11-26 10:32 . 2014-01-17 14:01 3156480 ----a-w- c:\windows\system32\win32k.sys
2013-11-23 18:26 . 2013-12-11 19:39 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 19:39 465920 ----a-w- c:\windows\system32\WMPhoto.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Thaedon\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Thaedon\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Thaedon\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-08-03 73392]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-11-08 4956176]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-01-26 1058400]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2014-01-16 3774776]
.
c:\users\Thaedon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Thaedon\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2013-3-9 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 QuickBooksDB23;QuickBooksDB23;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 synusb64;eLicenser;c:\windows\system32\DRIVERS\synusb64.sys;c:\windows\SYSNATIVE\DRIVERS\synusb64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
R4 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
R4 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
R4 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
R4 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]
S3 ews88mt;EWS88 WDM Audio;c:\windows\system32\drivers\ews88wdm.sys;c:\windows\SYSNATIVE\drivers\ews88wdm.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
S3 XENfiltv;XENfiltv;c:\windows\system32\drivers\XENfiltv.sys;c:\windows\SYSNATIVE\drivers\XENfiltv.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 22:30]
.
2014-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-25 02:11]
.
2014-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-25 02:11]
.
2014-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1026113764-1157268055-2123133849-1000Core.job
- c:\users\Thaedon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-31 06:59]
.
2014-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1026113764-1157268055-2123133849-1000UA.job
- c:\users\Thaedon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-31 06:59]
.
2013-01-20 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-20 16:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 21:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 21:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 21:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 21:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 21:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://idp.mls.ntreis.net/idp/Authn/UserPassword
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Thaedon\AppData\Roaming\Mozilla\Firefox\Profiles\5fgiqjc6.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - hxxp://duckduckgo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-ROC_ROC_APR2013_AV - c:\users\Thaedon\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe
Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_0913a - c:\users\Thaedon\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-ISW - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1026113764-1157268055-2123133849-1000\Software\SecuROM\License information*]
"datasecu"=hex:3f,5c,61,ec,08,7b,dd,a2,25,f2,cd,98,46,e6,fa,76,cb,7b,54,18,c4,
09,e8,ec,64,87,68,1c,19,2c,36,da,07,43,3b,aa,32,35,3b,a0,10,30,b7,d2,49,de,\
"rkeysecu"=hex:52,04,ad,27,49,63,02,11,10,c0,17,91,94,63,e2,53
.
[HKEY_USERS\S-1-5-21-1026113764-1157268055-2123133849-1000_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1026113764-1157268055-2123133849-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}]
@DACL=(02 0000)
@="Dropbox Autoplay COM Server"
.
[HKEY_USERS\S-1-5-21-1026113764-1157268055-2123133849-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}]
@DACL=(02 0000)
@="GoToMeeting Outlook COM Addin"
.
[HKEY_USERS\S-1-5-21-1026113764-1157268055-2123133849-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-1026113764-1157268055-2123133849-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-1026113764-1157268055-2123133849-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-1026113764-1157268055-2123133849-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-18 22:18:40
ComboFix-quarantined-files.txt 2014-02-19 04:18
.
Pre-Run: 287,977,254,912 bytes free
Post-Run: 297,304,547,328 bytes free
.
- - End Of File - - 3EFB820A5B3DE76D6CD18808B4E8F853
--RogueKiller--
Download & SAVE to your Desktop RogueKiller for 32bit (http://www.adlice.com/softs/roguekiller/RogueKiller.exe) or Roguekiller for 64bit (http://www.adlice.com/softs/roguekiller/RogueKillerX64.exe)
Quit all programs that you may have started.
Please disconnect any external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
When the scan completes > Close out the program > Don't Fix anything!
Click on "Report" and copy/paste the content of the Notepad into your next reply.
the scan will make two reports the one I would like to see is called RKreport[1].txt on your Desktop
Exit/Close RogueKiller+
It only saved one report. Here it is:
RogueKiller V8.8.8 _x64_ [Feb 19 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Thaedon [Admin rights]
Mode : Scan -- Date : 02/19/2014 15:41:44
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND
[V2][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) NVIDIA MIRROR 931.51G +++++
--- User ---
[MBR] d5a7931d9563003b797a74651f65f04c
[BSP] 9e22efed6aa7660d74542ab8a54dbe1a : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )
Finished : << RKreport[0]_S_02192014_154144.txt >>
Chrome is now back to the original problem of only displaying a white page when pressing the back or refresh buttons. :sad:
We need to reset Chrome back to defaults to completely clear out what is going on.
We can keep the bookmarks by exporting them - Export Bookmarks (http://support.google.com/chrome/bin/answer.py?hl=en&answer=96816)
Then I need you to go Google Sync (https://www.google.com/settings/chrome/sync) and sign into your account
scroll down untill you see the "Stop and Clear" button and click on button
At the prompt click on "Ok"
Now we need to uninstall chrome
I want you to uninstall Chrome and if asked about user data or settings then remove this also restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome (https://www.google.com/intl/en/chrome/browser/)
After you have Chrome reinstalled please check things out and let me know how it is doing.
Run RogueKiller again and click Scan
When the scan completes > this time allow it to fix/delete
Post back the report which should be located on your desktop.
I'm still seeing the same problem with Chrome after uninstall/reboot/reinstall.
RKreport
RogueKiller V8.8.8 _x64_ [Feb 19 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Thaedon [Admin rights]
Mode : DNSFix -- Date : 02/19/2014 21:18:53
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 0 ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
Finished : << RKreport[0]_DN_02192014_211853.txt >>
RKreport[0]_D_02192014_211837.txt;RKreport[0]_H_02192014_211849.txt;RKreport[0]_S_02192014_154144.txt
RKreport[0]_S_02192014_155008.txt;RKreport[0]_S_02192014_211756.txt
I don't think it's a malware problem but rather an application issue.
Read over the below link and try a couple of suggestions there.
https://support.mozilla.org/en-US/questions/970863
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif
Since this issue appears resolved ... this Topic is closed.