PDA

View Full Version : Max Spyware defender



TechnoDino
2014-02-13, 01:56
Requested information follows. Used 7zip for attach.zip since native windows zip function not working on this desktop. working on some other user accounts; efforts to restart the zip function on this desktop failed. could not figure out how to save just the top portion of the spybot log file. I saved it all in a zip file; it is included in the Everything.zip file. The Everthing.zip folder contains all the informaation. As a side note the security center got turned off. Some dlls in the System 32 directory may also be corrupted. SFC scan run. Not sure if fixed everything.

Edit: http://forums.spybot.info/showthread.php?70172-Max-Spyware-Detector&p=450230#post450230

In an attempt to remove:
Windows Control Panel uninstall
DOS commands (rd and deltree. even with the hidden attribute turned on the directory could not be found)
Microsoft security essentials
Spybot 2.1 - I have a true Adminstrator account and run Spybot while logged in a Administrator
Malware Anti Malware BYtes
Combofix

This is one tough bugger to remove

DDS

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-02-12 15:26:42
-----------------------------
15:26:42.663 OS Version: Windows 6.0.6002 Service Pack 2
15:26:42.663 Number of processors: 4 586 0x202
15:26:42.663 ComputerName: JOHN-PC UserName: John
15:26:43.474 Initialize success
15:27:33.129 AVAST engine defs: 14021202
15:27:44.330 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
15:27:44.330 Disk 0 Vendor: WDC_WD16 08.0 Size: 152627MB BusType: 6
15:27:44.330 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000060
15:27:44.345 Disk 1 Vendor: ST310005 CC38 Size: 953869MB BusType: 6
15:27:44.829 Disk 0 MBR read successfully
15:27:44.844 Disk 0 MBR scan
15:27:44.891 Disk 0 Windows VISTA default MBR code
15:27:44.907 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
15:27:44.969 Disk 0 scanning sectors +312576705
15:27:45.546 Disk 0 scanning C:\Windows\system32\drivers
15:28:29.975 Service scanning
15:28:59.615 Service MpKsl6202fea2 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{23EFF374-4473-4671-B37C-E815B175D789}\MpKsl6202fea2.sys **LOCKED** 32
15:29:34.372 Modules scanning
15:29:43.670 Disk 0 trace - called modules:
15:29:43.716 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
15:29:43.732 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87fcbac8]
15:29:43.748 3 CLASSPNP.SYS[8afc58b3] -> nt!IofCallDriver -> [0x86dc0cc0]
15:29:43.763 5 acpi.sys[83c106bc] -> nt!IofCallDriver -> \Device\0000005f[0x86e04958]
15:29:44.777 AVAST engine scan C:\Windows
15:29:50.846 AVAST engine scan C:\Windows\system32
15:40:16.578 AVAST engine scan C:\Windows\system32\drivers
15:41:37.294 AVAST engine scan C:\Users\John
15:56:33.609 AVAST engine scan C:\ProgramData
16:18:46.078 Scan finished successfully
16:19:30.007 Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat"
16:19:30.039 The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"


aswMBR

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-02-12 15:26:42
-----------------------------
15:26:42.663 OS Version: Windows 6.0.6002 Service Pack 2
15:26:42.663 Number of processors: 4 586 0x202
15:26:42.663 ComputerName: JOHN-PC UserName: John
15:26:43.474 Initialize success
15:27:33.129 AVAST engine defs: 14021202
15:27:44.330 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
15:27:44.330 Disk 0 Vendor: WDC_WD16 08.0 Size: 152627MB BusType: 6
15:27:44.330 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000060
15:27:44.345 Disk 1 Vendor: ST310005 CC38 Size: 953869MB BusType: 6
15:27:44.829 Disk 0 MBR read successfully
15:27:44.844 Disk 0 MBR scan
15:27:44.891 Disk 0 Windows VISTA default MBR code
15:27:44.907 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
15:27:44.969 Disk 0 scanning sectors +312576705
15:27:45.546 Disk 0 scanning C:\Windows\system32\drivers
15:28:29.975 Service scanning
15:28:59.615 Service MpKsl6202fea2 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{23EFF374-4473-4671-B37C-E815B175D789}\MpKsl6202fea2.sys **LOCKED** 32
15:29:34.372 Modules scanning
15:29:43.670 Disk 0 trace - called modules:
15:29:43.716 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
15:29:43.732 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87fcbac8]
15:29:43.748 3 CLASSPNP.SYS[8afc58b3] -> nt!IofCallDriver -> [0x86dc0cc0]
15:29:43.763 5 acpi.sys[83c106bc] -> nt!IofCallDriver -> \Device\0000005f[0x86e04958]
15:29:44.777 AVAST engine scan C:\Windows
15:29:50.846 AVAST engine scan C:\Windows\system32
15:40:16.578 AVAST engine scan C:\Windows\system32\drivers
15:41:37.294 AVAST engine scan C:\Users\John
15:56:33.609 AVAST engine scan C:\ProgramData
16:18:46.078 Scan finished successfully
16:19:30.007 Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat"
16:19:30.039 The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"

Juliet
2014-02-13, 14:01
Let's see what we can do.

Please copy and paste the logs to your replies.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
rkill.pif (http://download.bleepingcomputer.com/grinler/rkill.pif)
WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) <-- to your desktop

(use correct version for your system.....Which system am I using? (http://support.microsoft.com/kb/827218))

and Tutorial
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/



Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

TechnoDino
2014-02-13, 23:01
2 separate posts. one post exceeds the file size limit. Here we go. All the files you requested.

rkill

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/13/2014 02:35:57 PM in x86 mode.
Windows Version: Windows Vista (TM) Home Premium Service Pack 2

Checking for Windows services to stop:

* MaxMerger Stopped. [DoctoAntivirus-PUP]
* MaxWatchDogService Stopped. [DoctoAntivirus-PUP]

2 services stopped!

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Windows Firewall (MpsSvc) is not Running.
Startup Type set to: Disabled

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 02/13/2014 02:37:07 PM
Execution time: 0 hours(s), 1 minute(s), and 9 seconds(s)

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01
Ran by John (administrator) on JOHN-PC on 13-02-2014 14:41:39
Running from C:\Users\John\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxActMon.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxSDTray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxUSBProc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxDBServer.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Abine Inc.) C:\Program Files\DoNotTrackPlus\IE\DNTPService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11004520 2011-09-28] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SDActiveMonitor] - C:\Program Files\Max Spyware Detector\MaxSDTray.exe [1091040 2014-02-07] (Max Secure Software)
HKLM\...\Run: [MaxUSBProc] - C:\Program Files\Max Spyware Detector\MaxUSBProc.exe [447968 2014-02-07] (Max Secure Software)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-164766087-4118575548-873725582-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-164766087-4118575548-873725582-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-164766087-4118575548-873725582-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
SearchScopes: HKCU - DefaultScope {65ACE837-41DC-4A8A-A9A9-B3F9164DF26C} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {65ACE837-41DC-4A8A-A9A9-B3F9164DF26C} URL = http://www.google.com/search?q={searchTerms}
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Do Not Track Me - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files\DoNotTrackPlus\IE\DNTPAddon.dll (Abine Inc)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://webvpn.ben.edu/+CSCOL+/relayp.cab
DPF: {5DD00D19-478E-4086-BE54-616723EB8EC8} http://boa.menulink.net/americasbetterburger/MLInstall.ocx
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

========================== Services (Whitelisted) =================

S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 AdobeActiveFileMonitor8.0; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-06] (Adobe Systems Incorporated)
S4 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.)
S4 Cyphertite; C:\Program Files\Cyphertite\ctd.exe [2406248 2013-09-17] ()
S4 EaseUS Agent; C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe [61064 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd)
S4 Guard Agent; C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe [23176 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd)
S2 MaxMerger; C:\Program Files\Max Spyware Detector\MaxMerger.exe [307168 2014-02-07] (Max Secure Software)
S2 MaxWatchDogService; C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe [651744 2014-02-07] (Max Secure Software)
S4 MSI_SuperCharger; C:\Program Files\MSI\Super-Charger\ChargeService.exe [161776 2013-08-19] (MSI)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S4 OnlineStorageService; C:\Program Files\Trend Micro SafeSync\hrfscore.exe [3947320 2012-07-12] (Trend Micro Inc.)
S4 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S4 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2008-04-24] (ArcSoft, Inc.)
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [50312 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [44680 2011-12-22] ()
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [17032 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [187016 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42648 2011-09-02] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12184 2011-09-02] (Logitech, Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30360 2011-09-02] (Logitech, Inc.)
R0 MaxMgr; C:\Windows\System32\drivers\MaxMgr.sys [72160 2014-02-07] (Max Secure Software)
R1 MaxProtector32; C:\Windows\System32\drivers\MaxProtector32.sys [85984 2014-02-07] (Max Secure Software)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R0 SDActMon; C:\Windows\System32\drivers\SDActMon.sys [123360 2014-02-07] (Max Secure Software)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2010-12-28] (Acronis)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\John\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 mcdbus; system32\DRIVERS\mcdbus.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PTHDRBUS; system32\DRIVERS\PTHDRBUS.sys [X]
S3 PTHDRMDM; system32\DRIVERS\PTHDRMDM.sys [X]
S3 PTHDRVSP; system32\DRIVERS\PTHDRVSP.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-13 14:41 - 2014-02-13 14:42 - 00011558 _____ () C:\Users\John\Desktop\FRST.txt
2014-02-13 14:39 - 2014-02-13 14:41 - 00000000 ____D () C:\FRST
2014-02-13 14:39 - 2014-02-13 14:39 - 01141248 _____ (Farbar) C:\Users\John\Desktop\FRST.exe
2014-02-13 14:35 - 2014-02-13 14:37 - 00002620 _____ () C:\Users\John\Desktop\Rkill.txt
2014-02-13 14:35 - 2014-02-13 14:35 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\John\Desktop\rkill.exe
2014-02-12 18:09 - 2014-02-05 02:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 18:09 - 2014-02-05 02:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 18:09 - 2014-02-05 02:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 18:09 - 2014-02-05 02:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 18:09 - 2014-02-05 02:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 18:09 - 2014-02-05 02:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 18:09 - 2014-02-05 02:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-12 18:09 - 2014-02-05 02:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 18:09 - 2014-02-05 02:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 18:09 - 2014-02-05 02:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 18:09 - 2014-02-05 02:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 18:09 - 2014-02-05 02:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 18:09 - 2014-02-05 02:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 18:09 - 2014-02-05 02:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 18:09 - 2014-02-05 02:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-12 18:09 - 2014-02-05 02:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 17:27 - 2014-02-12 17:27 - 00007453 _____ () C:\Users\Administrator\Desktop\Scan Results.140212-1701.zip
2014-02-12 17:01 - 2014-02-12 17:01 - 00049118 _____ () C:\Users\Administrator\Desktop\Scan Results.140212-1701.txt
2014-02-12 13:51 - 2014-02-12 13:51 - 04745728 _____ (AVAST Software) C:\Users\John\Desktop\aswMBR.exe
2014-02-12 13:47 - 2014-02-12 13:47 - 00688992 ____R (Swearware) C:\Users\John\Desktop\dds.scr
2014-02-12 13:38 - 2014-02-12 13:38 - 00000693 _____ () C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2014-02-12 13:38 - 2014-02-12 13:38 - 00000693 _____ () C:\Users\Mary\Desktop\NTREGOPT.lnk
2014-02-12 13:38 - 2014-02-12 13:38 - 00000693 _____ () C:\Users\Bethany\Desktop\NTREGOPT.lnk
2014-02-12 13:38 - 2014-02-12 13:38 - 00000693 _____ () C:\Users\Administrator\Desktop\NTREGOPT.lnk
2014-02-12 13:38 - 2014-02-12 13:38 - 00000674 _____ () C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2014-02-12 13:38 - 2014-02-12 13:38 - 00000674 _____ () C:\Users\Mary\Desktop\ERUNT.lnk
2014-02-12 13:38 - 2014-02-12 13:38 - 00000674 _____ () C:\Users\John\Desktop\ERUNT.lnk
2014-02-12 13:38 - 2014-02-12 13:38 - 00000674 _____ () C:\Users\Bethany\Desktop\ERUNT.lnk
2014-02-12 13:38 - 2014-02-12 13:38 - 00000674 _____ () C:\Users\Administrator\Desktop\ERUNT.lnk
2014-02-12 13:38 - 2014-02-12 13:38 - 00000000 ____D () C:\Program Files\ERUNT
2014-02-12 13:21 - 2013-12-04 20:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 13:00 - 2014-02-12 13:00 - 00016894 _____ () C:\ComboFix.txt
2014-02-12 12:31 - 2014-02-12 13:42 - 00000000 ____D () C:\Windows\erdnt
2014-02-11 18:21 - 2014-02-11 18:21 - 00000757 _____ () C:\Users\John\Desktop\070428Passwords - Shortcut.lnk
2014-02-09 06:56 - 2014-02-09 06:56 - 00000866 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-09 06:56 - 2014-02-09 06:56 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-09 06:56 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-09 05:49 - 2014-02-13 14:35 - 00000000 ____D () C:\Windows\system32\WaitingForMerge
2014-02-09 05:49 - 2014-02-09 05:58 - 00000000 ____D () C:\Windows\system32\SDLiveupdate
2014-02-09 05:40 - 2014-02-12 18:44 - 00372916 _____ () C:\Windows\PFRO.log
2014-02-08 22:33 - 2014-02-11 15:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\DoNotTrackPlus
2014-02-08 22:31 - 2014-02-12 17:06 - 00108454 _____ () C:\Windows\wininit.ini
2014-02-08 19:37 - 2014-02-08 19:37 - 00001737 _____ () C:\Users\Public\Desktop\Max Spyware Detector.lnk
2014-02-08 19:37 - 2014-02-04 20:04 - 00117248 _____ () C:\Windows\system32\MaxNative.exe
2014-02-08 19:37 - 2013-10-17 08:39 - 00450660 ____R () C:\Windows\system32\Drivers\etc\hosts.backup
2014-02-08 19:36 - 2014-02-08 22:31 - 00000000 ____D () C:\Program Files\Max Spyware Detector
2014-02-08 19:36 - 2014-02-07 11:20 - 00123360 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon.sys
2014-02-08 19:36 - 2014-02-07 11:20 - 00085984 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector32.sys
2014-02-08 19:36 - 2014-02-07 11:20 - 00077792 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector64.sys
2014-02-08 19:36 - 2014-02-07 11:20 - 00074208 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon2K.sys
2014-02-08 19:36 - 2014-02-07 11:20 - 00072160 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxMgr.sys
2014-02-08 19:36 - 2014-02-07 11:20 - 00068576 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProc64.sys
2014-02-08 19:36 - 2014-02-07 11:20 - 00013280 _____ (Max Secure Software) C:\Windows\system32\Drivers\004.sys
2014-02-08 19:33 - 2014-02-08 19:36 - 00000000 ____D () C:\ProgramData\Max Secure
2014-02-08 19:28 - 2014-02-08 19:29 - 232949192 _____ (Max Secure Software ) C:\Users\John\Desktop\MaxSpywaredetector.exe
2014-02-08 19:11 - 2014-02-08 19:11 - 00000000 ____D () C:\Users\John\AppData\Local\Max Secure Software
2014-02-08 19:10 - 2014-02-08 19:11 - 00000000 ____D () C:\Users\John\AppData\Roaming\GetRightToGo
2014-01-24 20:05 - 2014-01-24 20:05 - 00100944 _____ () C:\Users\John\Desktop\SketchUcationTools_v2.5.1.rbz
2014-01-24 08:51 - 2014-01-24 08:53 - 00000000 ____D () C:\Users\John\AdobeLicensingFilesBackup
2014-01-23 21:13 - 2014-02-12 21:09 - 00000000 ____D () C:\Users\John\AppData\Local\DoNotTrackPlus
2014-01-23 21:12 - 2014-01-23 21:12 - 00000000 ____D () C:\Program Files\DoNotTrackPlus
2014-01-23 12:38 - 2014-01-23 12:38 - 00000770 _____ () C:\Users\Public\Desktop\OneNote 2010 Sort Utility.lnk
2014-01-23 12:38 - 2014-01-23 12:38 - 00000000 ____D () C:\Program Files\OneNote
2014-01-17 20:32 - 2014-01-17 20:32 - 00000800 _____ () C:\Users\Public\Desktop\DriverTuner.lnk
2014-01-17 20:32 - 2014-01-17 20:32 - 00000000 ____D () C:\Program Files\DriverTuner
2014-01-14 10:54 - 2014-02-01 17:47 - 00001436 _____ () C:\Windows\LkmdfCoInst.log
2014-01-14 10:54 - 2014-02-01 17:47 - 00000170 _____ () C:\Windows\setupact.log
2014-01-14 10:54 - 2014-01-14 10:54 - 00000000 _____ () C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

2014-02-13 14:42 - 2014-02-13 14:41 - 00011558 _____ () C:\Users\John\Desktop\FRST.txt
2014-02-13 14:41 - 2014-02-13 14:39 - 00000000 ____D () C:\FRST
2014-02-13 14:39 - 2014-02-13 14:39 - 01141248 _____ (Farbar) C:\Users\John\Desktop\FRST.exe
2014-02-13 14:37 - 2014-02-13 14:35 - 00002620 _____ () C:\Users\John\Desktop\Rkill.txt
2014-02-13 14:35 - 2014-02-13 14:35 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\John\Desktop\rkill.exe
2014-02-13 14:35 - 2014-02-09 05:49 - 00000000 ____D () C:\Windows\system32\WaitingForMerge
2014-02-13 14:08 - 2012-04-03 14:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-13 13:14 - 2006-11-02 06:52 - 01502898 _____ () C:\Windows\WindowsUpdate.log
2014-02-13 13:06 - 2013-08-20 10:42 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-02-13 13:06 - 2006-11-02 07:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-13 13:06 - 2006-11-02 06:47 - 00005344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-13 13:06 - 2006-11-02 06:47 - 00005344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-12 21:28 - 2010-07-28 19:21 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-02-12 21:28 - 2006-11-02 07:01 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-12 21:09 - 2014-01-23 21:13 - 00000000 ____D () C:\Users\John\AppData\Local\DoNotTrackPlus
2014-02-12 18:51 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-12 18:44 - 2014-02-09 05:40 - 00372916 _____ () C:\Windows\PFRO.log
2014-02-12 18:20 - 2010-07-23 08:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 18:18 - 2013-07-12 10:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 18:14 - 2006-11-02 04:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-12 18:11 - 2006-11-02 04:33 - 00756898 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-12 18:05 - 2013-06-17 14:54 - 00000000 ____D () C:\Users\John\Desktop\DesktopFolders
2014-02-12 17:27 - 2014-02-12 17:27 - 00007453 _____ () C:\Users\Administrator\Desktop\Scan Results.140212-1701.zip
2014-02-12 17:06 - 2014-02-08 22:31 - 00108454 _____ () C:\Windows\wininit.ini
2014-02-12 17:01 - 2014-02-12 17:01 - 00049118 _____ () C:\Users\Administrator\Desktop\Scan Results.140212-1701.txt
2014-02-12 14:28 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-02-12 13:51 - 2014-02-12 13:51 - 04745728 _____ (AVAST Software) C:\Users\John\Desktop\aswMBR.exe
2014-02-12 13:47 - 2014-02-12 13:47 - 00688992 ____R (Swearware) C:\Users\John\Desktop\dds.scr
2014-02-12 13:42 - 2014-02-12 12:31 - 00000000 ____D () C:\Windows\erdnt
2014-02-12 13:38 - 2014-02-12 13:38 - 00000693 _____ () C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2014-02-12 13:38 - 2014-02-12 13:38 - 00000693 _____ () C:\Users\Mary\Desktop\NTREGOPT.lnk
2014-02-12 13:38 - 2014-02-12 13:38 - 00000693 _____ () C:\Users\Bethany\Desktop\NTREGOPT.lnk
2014-02-12 13:38 - 2014-02-12 13:38 - 00000693 _____ () C:\Users\Administrator\Desktop\NTREGOPT.lnk
2014-02-12 13:38 - 2014-02-12 13:38 - 00000674 _____ () C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2014-02-12 13:38 - 2014-02-12 13:38 - 00000674 _____ () C:\Users\Mary\Desktop\ERUNT.lnk
2014-02-12 13:38 - 2014-02-12 13:38 - 00000674 _____ () C:\Users\John\Desktop\ERUNT.lnk
2014-02-12 13:38 - 2014-02-12 13:38 - 00000674 _____ () C:\Users\Bethany\Desktop\ERUNT.lnk
2014-02-12 13:38 - 2014-02-12 13:38 - 00000674 _____ () C:\Users\Administrator\Desktop\ERUNT.lnk
2014-02-12 13:38 - 2014-02-12 13:38 - 00000000 ____D () C:\Program Files\ERUNT
2014-02-12 13:00 - 2014-02-12 13:00 - 00016894 _____ () C:\ComboFix.txt
2014-02-12 13:00 - 2006-11-02 05:18 - 00000000 ___RD () C:\Users\Public
2014-02-12 12:58 - 2006-11-02 04:23 - 00000215 _____ () C:\Windows\system.ini
2014-02-11 18:21 - 2014-02-11 18:21 - 00000757 _____ () C:\Users\John\Desktop\070428Passwords - Shortcut.lnk
2014-02-11 18:18 - 2012-04-03 14:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-11 18:18 - 2011-05-19 08:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-11 18:16 - 2006-11-02 06:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-02-11 18:14 - 2010-07-23 13:30 - 00000000 ____D () C:\Users\John\AppData\Roaming\Kuuho
2014-02-11 15:23 - 2014-02-08 22:33 - 00000000 ____D () C:\Users\Administrator\AppData\Local\DoNotTrackPlus
2014-02-09 06:57 - 2011-03-11 09:14 - 00000000 ____D () C:\Users\John\AppData\Roaming\Malwarebytes
2014-02-09 06:56 - 2014-02-09 06:56 - 00000866 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-09 06:56 - 2014-02-09 06:56 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-09 06:53 - 2013-12-17 13:38 - 00264224 _____ () C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-09 05:58 - 2014-02-09 05:49 - 00000000 ____D () C:\Windows\system32\SDLiveupdate
2014-02-09 05:40 - 2013-12-17 15:07 - 00798736 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-08 22:31 - 2014-02-08 19:36 - 00000000 ____D () C:\Program Files\Max Spyware Detector
2014-02-08 21:45 - 2013-12-26 11:21 - 00264224 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-08 19:37 - 2014-02-08 19:37 - 00001737 _____ () C:\Users\Public\Desktop\Max Spyware Detector.lnk
2014-02-08 19:36 - 2014-02-08 19:33 - 00000000 ____D () C:\ProgramData\Max Secure
2014-02-08 19:29 - 2014-02-08 19:28 - 232949192 _____ (Max Secure Software ) C:\Users\John\Desktop\MaxSpywaredetector.exe
2014-02-08 19:11 - 2014-02-08 19:11 - 00000000 ____D () C:\Users\John\AppData\Local\Max Secure Software
2014-02-08 19:11 - 2014-02-08 19:10 - 00000000 ____D () C:\Users\John\AppData\Roaming\GetRightToGo
2014-02-07 20:36 - 2010-07-22 21:39 - 00000000 ____D () C:\Users\John
2014-02-07 11:20 - 2014-02-08 19:36 - 00123360 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon.sys
2014-02-07 11:20 - 2014-02-08 19:36 - 00085984 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector32.sys
2014-02-07 11:20 - 2014-02-08 19:36 - 00077792 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector64.sys
2014-02-07 11:20 - 2014-02-08 19:36 - 00074208 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon2K.sys
2014-02-07 11:20 - 2014-02-08 19:36 - 00072160 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxMgr.sys
2014-02-07 11:20 - 2014-02-08 19:36 - 00068576 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProc64.sys
2014-02-07 11:20 - 2014-02-08 19:36 - 00013280 _____ (Max Secure Software) C:\Windows\system32\Drivers\004.sys
2014-02-06 17:19 - 2010-09-02 16:59 - 00000000 ____D () C:\Users\John\AppData\Local\CrashDumps
2014-02-05 02:58 - 2014-02-12 18:09 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 02:56 - 2014-02-12 18:09 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 02:53 - 2014-02-12 18:09 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 02:51 - 2014-02-12 18:09 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 02:50 - 2014-02-12 18:09 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 02:49 - 2014-02-12 18:09 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 02:49 - 2014-02-12 18:09 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 02:48 - 2014-02-12 18:09 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 02:48 - 2014-02-12 18:09 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 02:48 - 2014-02-12 18:09 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 02:48 - 2014-02-12 18:09 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 02:48 - 2014-02-12 18:09 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 02:47 - 2014-02-12 18:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 02:47 - 2014-02-12 18:09 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 02:47 - 2014-02-12 18:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 02:46 - 2014-02-12 18:09 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 20:04 - 2014-02-08 19:37 - 00117248 _____ () C:\Windows\system32\MaxNative.exe
2014-02-01 17:47 - 2014-01-14 10:54 - 00001436 _____ () C:\Windows\LkmdfCoInst.log
2014-02-01 17:47 - 2014-01-14 10:54 - 00000170 _____ () C:\Windows\setupact.log
2014-02-01 17:46 - 2011-06-17 13:21 - 00016400 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-01-24 20:05 - 2014-01-24 20:05 - 00100944 _____ () C:\Users\John\Desktop\SketchUcationTools_v2.5.1.rbz
2014-01-24 08:53 - 2014-01-24 08:51 - 00000000 ____D () C:\Users\John\AdobeLicensingFilesBackup
2014-01-24 08:53 - 2011-04-01 10:39 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-01-23 21:12 - 2014-01-23 21:12 - 00000000 ____D () C:\Program Files\DoNotTrackPlus
2014-01-23 12:38 - 2014-01-23 12:38 - 00000770 _____ () C:\Users\Public\Desktop\OneNote 2010 Sort Utility.lnk
2014-01-23 12:38 - 2014-01-23 12:38 - 00000000 ____D () C:\Program Files\OneNote
2014-01-23 11:24 - 2014-01-09 11:08 - 00000000 ____D () C:\Program Files\OneNote PowerToys
2014-01-21 15:40 - 2013-03-03 19:11 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-01-21 08:56 - 2010-08-08 18:44 - 00000000 ____D () C:\Users\John\AppData\Local\Adobe
2014-01-19 01:32 - 2010-07-25 18:52 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-17 20:32 - 2014-01-17 20:32 - 00000800 _____ () C:\Users\Public\Desktop\DriverTuner.lnk
2014-01-17 20:32 - 2014-01-17 20:32 - 00000000 ____D () C:\Program Files\DriverTuner
2014-01-14 10:54 - 2014-01-14 10:54 - 00000000 _____ () C:\Windows\setuperr.log

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-13 13:15

==================== End Of Log ============================

TechnoDino
2014-02-13, 23:02
U]Additional[/u]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2014 01
Ran by John at 2014-02-13 14:44:44
Running from C:\Users\John\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (Version: - Microsoft)
µTorrent (HKCU Version: 3.3.1.30017 - BitTorrent Inc.)
7-Zip 9.20 (Version: - )
Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 Plugin (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop.com Inspiration Browser (Version: 3.02 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (Version: 3.02 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.9) (Version: 10.1.9 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU Version: - Akamai Technologies, Inc)
Akamai NetSession Interface Service (Version: - )
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (Version: 2.0.11.138 - ArcSoft)
ArcSoft WebCam Companion 3 (Version: 3.0.45.413 - ArcSoft)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (Version: 4.1.5 - Canon Inc.)
Canon Easy-WebPrint EX (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Network Scan Utility (Version: - )
Canon IJ Network Tool (Version: - )
CANON iMAGE GATEWAY MyCamera Download Plugin (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (Version: 1.7.0.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.8.0.5 - Canon Inc.)
Canon MP Navigator EX 1.0 (Version: - )
Canon MX700 series (Version: - )
Canon My Printer (Version: 3.1.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Solution Menu (Version: - )
CCleaner (Version: 4.07 - Piriform)
Click to Call with Skype (Version: 5.6.8153 - Skype Technologies S.A.)
Cyphertite (Version: 1.6.5 - Conformal Systems)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version: - Microsoft)
DesignPro 5 (Version: 5.5.708 - Avery Dennison)
DesignPro 5 (Version: 5.5.708 - Avery Dennison) Hidden
DHTML Editing Component (Version: 6.02.0001 - Microsoft Corporation)
Do Not Track Me Add-on 2.2.9.1112 (Version: 2.2.9.1112 - Abine Inc)
DriverTuner 3.1.0.1 (Version: 3.1.0.1 - LionSea SoftWare)
EaseUS Todo Backup Free 4.0 (Version: 4.0.0.1 - CHENGDU YIWO Tech Development Co., Ltd)
EasyViewer (Version: 1.3.0.9 - MSI)
EasyViewer (Version: 1.3.0.9 - MSI) Hidden
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ERUNT 1.1j (Version: - Lars Hederer)
FileZilla Client 3.7.3 (Version: 3.7.3 - Tim Kosse)
Forms To Go 4.5.4 (Version: - Bebosoft, Inc.)
HP Button Manager (Version: 3.5.00 - Hewlett-Packard)
HP Webcam User's Guide (Version: - Hewlett-Packard)
ImgBurn (Version: 2.5.8.0 - LIGHTNING UK!)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LinkedIn Outlook Connector (Version: 1.1.10.0 - LinkedIn)
Logitech SetPoint 6.32 (Version: 6.32.20 - Logitech)
MailStore Home 5.0.0.6684 (Version: 5.0.0.6684 - deepinvent Software GmbH)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Max Spyware Detector (Version: 19.0.2.045 - Max Secure Software)
MenuLink Client (Version: 3.0.0 - Radiant Systems)
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Easy Assist v2 (Version: 8.1.6416.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Project MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Project Professional 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneNote 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Personal Folders Backup (Version: 1.10.0.0 - Microsoft Corporation)
Microsoft Outlook Social Connector 32-bit (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Project Professional 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Musicnotes Software Suite 1.5.5 (Version: 1.5.5 - Musicnotes Inc.)
NVIDIA 3D Vision Controller Driver (Version: 280.19 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 285.62 (Version: 285.62 - NVIDIA Corporation)
NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Display Control Panel (Version: 6.14.11.9713 - NVIDIA Corporation)
NVIDIA Drivers (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OneNote 2010 Sort Sections (Version: 1.0.0 - OneNote PowerToys)
OneNote 2010 Sort Utility 0.9 (Version: - JR Software)
PCI Soft Data Fax Modem with SmartCP (Version: - )
Print Perfect Clip Art 50,000 DVD (Version: 9.0.23 - Cosmi Corporation)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (Version: 6.250.908.2011 - Realtek)
Realtek High Definition Audio Driver (Version: 6.0.1.6473 - Realtek Semiconductor Corp.)
Serif DrawPlus X4 (Version: 11.0.3.023 - Serif (Europe) Ltd)
Serif PagePlus X4 (Version: 14.0.5.027 - Serif (Europe) Ltd)
Serif PagePlus X4 Resources (Version: 14.0.0.008 - Serif (Europe) Ltd)
Serif Premium Template Pack 1 for WebPlus (Version: 12.0.0.012 - Serif (Europe) Ltd)
Serif Premium Template Pack 2 for WebPlus (Version: 12.0.0.012 - Serif (Europe) Ltd)
Serif Premium Template Pack for PagePlus (Version: 14.0.0.012 - Serif (Europe) Ltd)
Serif WebPlus X6 (Version: 14.0.2.25 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
SketchUp 2013 (Version: 13.0.4812 - Trimble Navigation Limited)
Skype™ 5.10 (Version: 5.10.116 - Skype Technologies S.A.)
Spybot - Search & Destroy (Version: 2.1.21 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (Version: 5.0.0 - BrightFort LLC)
Super-Charger (Version: 1.2.019 - MSI)
System Requirements Lab (Version: - )
Trend Micro SafeSync (Version: 5.1.0.1173 - Trend Micro)
TwInbox (remove only) (Version: - TechHit)
Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (Version: - Microsoft)
Web Buttons (Version: - )

==================== Restore Points =========================

23-01-2014 17:23:56 Removed OneNote 2010 Sort Pages
24-01-2014 02:50:41 Windows Update
03-02-2014 13:49:41 Windows Update
07-02-2014 02:58:02 Windows Update
08-02-2014 06:29:27 Scheduled Checkpoint
09-02-2014 01:38:31 Installed Spyware Detector
09-02-2014 15:45:59 Scheduled Checkpoint
12-02-2014 19:21:29 Windows Update
12-02-2014 20:30:30 Windows Update
13-02-2014 00:08:07 Windows Update

==================== Hosts content: ==========================

2006-11-02 04:23 - 2014-02-12 12:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1755199B-7DF5-414E-97CA-EE62D53193E3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)
Task: {1BDE4B7C-A8E3-4F90-927A-49C2ADC386EE} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1EFA52F6-1A18-459E-B28E-C3C35FF40E4C} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {2EF2C1C5-E2E5-4797-AD33-0CE62F536432} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-11] (Adobe Systems Incorporated)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-18] (Microsoft Corporation)
Task: {478889B8-13BD-4CE0-8C3A-6E4034B65A2B} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {673DAFD4-7AB8-4041-B699-EB4B737A538A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {79A225BD-093D-4B38-887E-C778F5895AA3} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8235DCDD-B9D3-4BC8-BF4A-C488FB4D5975} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {8D83D191-92EE-4F07-B59E-759E2EB10590} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {A32BBB99-F496-486F-8F2A-BA0ACD56BACD} - System32\Tasks\{0E4EE223-21B2-43B9-AAE0-4B6D05A5677B} => C:\Program Files\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {B3DDBF57-8582-402A-84E2-0B0178465B60} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL http://go.microsoft.com/fwlink/?LinkId=116866
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2010-07-27] ()
Task: {F340897F-E6BA-4189-96B0-E589D925B792} - System32\Tasks\{2EBAFCDF-881D-45CB-BDAE-B510D0E5477B} => Iexplore.exe http://ui.skype.com/ui/0/5.3.0.120/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:offered-installed,google-chrome:notoffered;toolbaroffered
Task: {FBEA05BC-44D8-49DB-A4A9-11ED7A6FF7F4} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2013-08-07 13:25 - 2013-08-07 13:25 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2011-10-07 03:41 - 2011-10-07 03:41 - 00879896 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2013-08-20 10:41 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-08-20 10:41 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-01-23 21:12 - 2013-11-12 15:21 - 00614264 _____ () C:\Program Files\DoNotTrackPlus\IE\DNTPContentFilter.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\Bethany\Documents\College_of_DuPage.eml:OECustomProperty
AlternateDataStreams: C:\Users\John\Documents\ProdDevEng.wpp:SummaryInformation
AlternateDataStreams: C:\Users\John\Documents\ProdDevEng.wpp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: AdobeActiveFileMonitor8.0 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 2
MSCONFIG\Services: Akamai => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Cyphertite => 2
MSCONFIG\Services: EaseUS Agent => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: Guard Agent => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: MSI_SuperCharger => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: OnlineStorageService => 3
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: uCamMonitor => 2
MSCONFIG\Services: WcesComm => 2
MSCONFIG\Services: XAudioService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Button Manager.lnk => C:\Windows\pss\HP Button Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk => C:\Windows\pss\Monitor Apache Servers.lnk.Startup
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\John\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: EaseUs Tray => "C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe"
MSCONFIG\startupreg: EaseUs Watch => "C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe"
MSCONFIG\startupreg: IJNetworkScanUtility => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Super-Charger => C:\Program Files\MSI\Super-Charger\Super-Charger.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: Windows Mobile-based device management => %WINDIR%\WindowsMobile\wmdcBase.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Canon MX700 ser Network
Description: Canon MX700 ser Network
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Canon
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/12/2014 01:01:03 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (02/12/2014 00:32:26 PM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\wbem\wmiprvse.exe; Descripton = ComboFix created restore point; Hr = 0x8007043c).

Error: (02/12/2014 00:32:26 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c.


Operation:
Instantiating VSS server

Error: (02/12/2014 00:32:26 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c]


Operation:
Instantiating VSS server

Error: (02/12/2014 00:30:30 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (02/11/2014 03:18:32 PM) (Source: Application Hang) (User: )
Description: The program SDCleaner.exe version 2.1.18.110 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: b24
Start Time: 01cf276ec03cb45b
Termination Time: 0

Error: (02/09/2014 05:44:01 AM) (Source: Application Hang) (User: )
Description: The program SDCleaner.exe version 2.1.18.110 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: f38
Start Time: 01cf258c2027ddaf
Termination Time: 0

Error: (02/08/2014 07:37:59 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {d887b91f-794c-441b-ba43-c7ab05415f97}

Error: (02/06/2014 08:47:15 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16526 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: da8
Start Time: 01cf23aed219767d
Termination Time: 0

Error: (02/06/2014 05:19:56 PM) (Source: Application Error) (User: )
Description: Faulting application Explorer.exe, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module SHELL32.dll, version 6.0.6002.18646, time stamp 0x4fd23a92, exception code 0xc0000005, fault offset 0x0003f2b0,
process id 0x16f8, application start time 0xExplorer.exe0.


System errors:
=============
Error: (02/13/2014 01:07:10 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (02/12/2014 06:46:32 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (02/12/2014 06:19:50 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (02/12/2014 06:19:50 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (02/12/2014 06:19:50 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (02/12/2014 02:31:05 PM) (Source: Microsoft-Windows-Servicing) (User: John-PC)
Description: Windows Servicing failed to complete the process of setting package KB2901113 (Security Update) into Resolved(Resolved) state

Error: (02/12/2014 02:31:05 PM) (Source: Microsoft-Windows-Servicing) (User: John-PC)
Description: Windows Servicing failed to complete the process of setting package KB2901113 (Security Update) into Staging(Staging) state

Error: (02/12/2014 02:31:05 PM) (Source: Microsoft-Windows-Servicing) (User: John-PC)
Description: Windows Servicing failed to complete the process of setting package KB2901113 (Security Update) into Resolved(Resolved) state

Error: (02/12/2014 02:31:05 PM) (Source: Microsoft-Windows-Servicing) (User: John-PC)
Description: Windows Servicing failed to complete the process of setting package KB2901113 (Security Update) into Resolved(Resolved) state

Error: (02/12/2014 02:31:05 PM) (Source: Microsoft-Windows-Servicing) (User: John-PC)
Description: Windows Servicing failed to complete the process of setting package KB2901113 (Security Update) into Resolved(Resolved) state


Microsoft Office Sessions:
=========================
Error: (02/04/2014 03:54:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 508 seconds with 480 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2014-02-13 14:42:45.013
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\MaxProc64.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-13 14:42:43.875
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\MaxProc64.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-13 14:42:42.705
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\MaxProc64.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-13 14:42:41.613
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\MaxProc64.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-13 14:42:40.536
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\MaxProc64.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-13 14:42:39.491
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\MaxProc64.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-13 14:42:38.461
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\MaxProc64.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-13 14:42:37.416
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\MaxProc64.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-12 12:37:22.928
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\MaxProc64.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-12 12:37:22.132
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\MaxProc64.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 2814.32 MB
Available physical RAM: 1697.45 MB
Total Pagefile: 5861.1 MB
Available Pagefile: 4661.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.05 GB) (Free:38.3 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:931.5 GB) (Free:843.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 4CBA4CB9)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 932 GB) (Disk ID: D8FE33D1)
Partition 2: (Active) - (Size=932 GB) - (Type=05)

==================== End Of Log

TechnoDino
2014-02-13, 23:04
U]Additional[/u]

ditional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2014 01
Ran by John at 2014-02-13 14:44:44
Running from C:\Users\John\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (Version: - Microsoft)
µTorrent (HKCU Version: 3.3.1.30017 - BitTorrent Inc.)
7-Zip 9.20 (Version: - )
Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 Plugin (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop.com Inspiration Browser (Version: 3.02 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (Version: 3.02 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.9) (Version: 10.1.9 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU Version: - Akamai Technologies, Inc)
Akamai NetSession Interface Service (Version: - )
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (Version: 2.0.11.138 - ArcSoft)
ArcSoft WebCam Companion 3 (Version: 3.0.45.413 - ArcSoft)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (Version: 4.1.5 - Canon Inc.)
Canon Easy-WebPrint EX (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Network Scan Utility (Version: - )
Canon IJ Network Tool (Version: - )
CANON iMAGE GATEWAY MyCamera Download Plugin (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (Version: 1.7.0.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.8.0.5 - Canon Inc.)
Canon MP Navigator EX 1.0 (Version: - )
Canon MX700 series (Version: - )
Canon My Printer (Version: 3.1.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Solution Menu (Version: - )
CCleaner (Version: 4.07 - Piriform)
Click to Call with Skype (Version: 5.6.8153 - Skype Technologies S.A.)
Cyphertite (Version: 1.6.5 - Conformal Systems)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version: - Microsoft)
DesignPro 5 (Version: 5.5.708 - Avery Dennison)
DesignPro 5 (Version: 5.5.708 - Avery Dennison) Hidden
DHTML Editing Component (Version: 6.02.0001 - Microsoft Corporation)
Do Not Track Me Add-on 2.2.9.1112 (Version: 2.2.9.1112 - Abine Inc)
DriverTuner 3.1.0.1 (Version: 3.1.0.1 - LionSea SoftWare)
EaseUS Todo Backup Free 4.0 (Version: 4.0.0.1 - CHENGDU YIWO Tech Development Co., Ltd)
EasyViewer (Version: 1.3.0.9 - MSI)
EasyViewer (Version: 1.3.0.9 - MSI) Hidden
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ERUNT 1.1j (Version: - Lars Hederer)
FileZilla Client 3.7.3 (Version: 3.7.3 - Tim Kosse)
Forms To Go 4.5.4 (Version: - Bebosoft, Inc.)
HP Button Manager (Version: 3.5.00 - Hewlett-Packard)
HP Webcam User's Guide (Version: - Hewlett-Packard)
ImgBurn (Version: 2.5.8.0 - LIGHTNING UK!)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LinkedIn Outlook Connector (Version: 1.1.10.0 - LinkedIn)
Logitech SetPoint 6.32 (Version: 6.32.20 - Logitech)
MailStore Home 5.0.0.6684 (Version: 5.0.0.6684 - deepinvent Software GmbH)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Max Spyware Detector (Version: 19.0.2.045 - Max Secure Software)
MenuLink Client (Version: 3.0.0 - Radiant Systems)
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Easy Assist v2 (Version: 8.1.6416.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Project MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Project Professional 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneNote 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Personal Folders Backup (Version: 1.10.0.0 - Microsoft Corporation)
Microsoft Outlook Social Connector 32-bit (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Project Professional 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Musicnotes Software Suite 1.5.5 (Version: 1.5.5 - Musicnotes Inc.)
NVIDIA 3D Vision Controller Driver (Version: 280.19 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 285.62 (Version: 285.62 - NVIDIA Corporation)
NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Display Control Panel (Version: 6.14.11.9713 - NVIDIA Corporation)
NVIDIA Drivers (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OneNote 2010 Sort Sections (Version: 1.0.0 - OneNote PowerToys)
OneNote 2010 Sort Utility 0.9 (Version: - JR Software)
PCI Soft Data Fax Modem with SmartCP (Version: - )
Print Perfect Clip Art 50,000 DVD (Version: 9.0.23 - Cosmi Corporation)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (Version: 6.250.908.2011 - Realtek)
Realtek High Definition Audio Driver (Version: 6.0.1.6473 - Realtek Semiconductor Corp.)
Serif DrawPlus X4 (Version: 11.0.3.023 - Serif (Europe) Ltd)
Serif PagePlus X4 (Version: 14.0.5.027 - Serif (Europe) Ltd)
Serif PagePlus X4 Resources (Version: 14.0.0.008 - Serif (Europe) Ltd)
Serif Premium Template Pack 1 for WebPlus (Version: 12.0.0.012 - Serif (Europe) Ltd)
Serif Premium Template Pack 2 for WebPlus (Version: 12.0.0.012 - Serif (Europe) Ltd)
Serif Premium Template Pack for PagePlus (Version: 14.0.0.012 - Serif (Europe) Ltd)
Serif WebPlus X6 (Version: 14.0.2.25 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
SketchUp 2013 (Version: 13.0.4812 - Trimble Navigation Limited)
Skype™ 5.10 (Version: 5.10.116 - Skype Technologies S.A.)
Spybot - Search & Destroy (Version: 2.1.21 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (Version: 5.0.0 - BrightFort LLC)
Super-Charger (Version: 1.2.019 - MSI)
System Requirements Lab (Version: - )
Trend Micro SafeSync (Version: 5.1.0.1173 - Trend Micro)
TwInbox (remove only) (Version: - TechHit)
Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (Version: - Microsoft)
Web Buttons (Version: - )

==================== Restore Points =========================

23-01-2014 17:23:56 Removed OneNote 2010 Sort Pages
24-01-2014 02:50:41 Windows Update
03-02-2014 13:49:41 Windows Update
07-02-2014 02:58:02 Windows Update
08-02-2014 06:29:27 Scheduled Checkpoint
09-02-2014 01:38:31 Installed Spyware Detector
09-02-2014 15:45:59 Scheduled Checkpoint
12-02-2014 19:21:29 Windows Update
12-02-2014 20:30:30 Windows Update
13-02-2014 00:08:07 Windows Update

==================== Hosts content: ==========================

2006-11-02 04:23 - 2014-02-12 12:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1755199B-7DF5-414E-97CA-EE62D53193E3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)
Task: {1BDE4B7C-A8E3-4F90-927A-49C2ADC386EE} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1EFA52F6-1A18-459E-B28E-C3C35FF40E4C} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {2EF2C1C5-E2E5-4797-AD33-0CE62F536432} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-11] (Adobe Systems Incorporated)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-18] (Microsoft Corporation)
Task: {478889B8-13BD-4CE0-8C3A-6E4034B65A2B} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {673DAFD4-7AB8-4041-B699-EB4B737A538A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {79A225BD-093D-4B38-887E-C778F5895AA3} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8235DCDD-B9D3-4BC8-BF4A-C488FB4D5975} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {8D83D191-92EE-4F07-B59E-759E2EB10590} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {A32BBB99-F496-486F-8F2A-BA0ACD56BACD} - System32\Tasks\{0E4EE223-21B2-43B9-AAE0-4B6D05A5677B} => C:\Program Files\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {B3DDBF57-8582-402A-84E2-0B0178465B60} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL http://go.microsoft.com/fwlink/?LinkId=116866
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2010-07-27] ()
Task: {F340897F-E6BA-4189-96B0-E589D925B792} - System32\Tasks\{2EBAFCDF-881D-45CB-BDAE-B510D0E5477B} => Iexplore.exe http://ui.skype.com/ui/0/5.3.0.120/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:offered-installed,google-chrome:notoffered;toolbaroffered
Task: {FBEA05BC-44D8-49DB-A4A9-11ED7A6FF7F4} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2013-08-07 13:25 - 2013-08-07 13:25 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2011-10-07 03:41 - 2011-10-07 03:41 - 00879896 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2013-08-20 10:41 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-08-20 10:41 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-01-23 21:12 - 2013-11-12 15:21 - 00614264 _____ () C:\Program Files\DoNotTrackPlus\IE\DNTPContentFilter.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\Bethany\Documents\College_of_DuPage.eml:OECustomProperty
AlternateDataStreams: C:\Users\John\Documents\ProdDevEng.wpp:SummaryInformation
AlternateDataStreams: C:\Users\John\Documents\ProdDevEng.wpp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: AdobeActiveFileMonitor8.0 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 2
MSCONFIG\Services: Akamai => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Cyphertite => 2
MSCONFIG\Services: EaseUS Agent => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: Guard Agent => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: MSI_SuperCharger => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: OnlineStorageService => 3
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: uCamMonitor => 2
MSCONFIG\Services: WcesComm => 2
MSCONFIG\Services: XAudioService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Button Manager.lnk => C:\Windows\pss\HP Button Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk => C:\Windows\pss\Monitor Apache Servers.lnk.Startup
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\John\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: EaseUs Tray => "C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe"
MSCONFIG\startupreg: EaseUs Watch => "C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe"
MSCONFIG\startupreg: IJNetworkScanUtility => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Super-Charger => C:\Program Files\MSI\Super-Charger\Super-Charger.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: Windows Mobile-based device management => %WINDIR%\WindowsMobile\wmdcBase.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Canon MX700 ser Network
Description: Canon MX700 ser Network
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Canon
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/12/2014 01:01:03 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (02/12/2014 00:32:26 PM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\wbem\wmiprvse.exe; Descripton = ComboFix created restore point; Hr = 0x8007043c).

Error: (02/12/2014 00:32:26 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c.


Operation:
Instantiating VSS server

Error: (02/12/2014 00:32:26 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c]


Operation:
Instantiating VSS server

Error: (02/12/2014 00:30:30 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (02/11/2014 03:18:32 PM) (Source: Application Hang) (User: )
Description: The program SDCleaner.exe version 2.1.18.110 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: b24
Start Time: 01cf276ec03cb45b
Termination Time: 0

Error: (02/09/2014 05:44:01 AM) (Source: Application Hang) (User: )
Description: The program SDCleaner.exe version 2.1.18.110 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: f38
Start Time: 01cf258c2027ddaf
Termination Time: 0

Error: (02/08/2014 07:37:59 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {d887b91f-794c-441b-ba43-c7ab05415f97}

Error: (02/06/2014 08:47:15 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16526 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: da8
Start Time: 01cf23aed219767d
Termination Time: 0

Error: (02/06/2014 05:19:56 PM) (Source: Application Error) (User: )
Description: Faulting application Explorer.exe, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module SHELL32.dll, version 6.0.6002.18646, time stamp 0x4fd23a92, exception code 0xc0000005, fault offset 0x0003f2b0,
process id 0x16f8, application start time 0xExplorer.exe0.


System errors:
=============
Error: (02/13/2014 01:07:10 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (02/12/2014 06:46:32 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (02/12/2014 06:19:50 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (02/12/2014 06:19:50 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (02/12/2014 06:19:50 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (02/12/2014 02:31:05 PM) (Source: Microsoft-Windows-Servicing) (User: John-PC)
Description: Windows Servicing failed to complete the process of setting package KB2901113 (Security Update) into Resolved(Resolved) state

Error: (02/12/2014 02:31:05 PM) (Source: Microsoft-Windows-Servicing) (User: John-PC)
Description: Windows Servicing failed to complete the process of setting package KB2901113 (Security Update) into Staging(Staging) state

Error: (02/12/2014 02:31:05 PM) (Source: Microsoft-Windows-Servicing) (User: John-PC)
Description: Windows Servicing failed to complete the process of setting package KB2901113 (Security Update) into Resolved(Resolved) state

Error: (02/12/2014 02:31:05 PM) (Source: Microsoft-Windows-Servicing) (User: John-PC)
Description: Windows Servicing failed to complete the process of setting package KB2901113 (Security Update) into Resolved(Resolved) state

Error: (02/12/2014 02:31:05 PM) (Source: Microsoft-Windows-Servicing) (User: John-PC)
Description: Windows Servicing failed to complete the process of setting package KB2901113 (Security Update) into Resolved(Resolved) state


Microsoft Office Sessions:
=========================
Error: (02/04/2014 03:54:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 508 seconds with 480 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2014-02-13 14:42:45.013
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\MaxProc64.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-13 14:42:43.875
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\MaxProc64.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-13 14:42:42.705
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\MaxProc64.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-13 14:42:41.613
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\MaxProc64.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-13 14:42:40.536
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\MaxProc64.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-13 14:42:39.491
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\MaxProc64.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-13 14:42:38.461
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\MaxProc64.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-13 14:42:37.416
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\MaxProc64.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-12 12:37:22.928
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\MaxProc64.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-12 12:37:22.132
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\MaxProc64.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 2814.32 MB
Available physical RAM: 1697.45 MB
Total Pagefile: 5861.1 MB
Available Pagefile: 4661.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.05 GB) (Free:38.3 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:931.5 GB) (Free:843.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 4CBA4CB9)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 932 GB) (Disk ID: D8FE33D1)
Partition 2: (Active) - (Size=932 GB) - (Type=05)

==================== End Of Log

Juliet
2014-02-13, 23:35
OK, that thing is in there tight!


Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)



start
C:\Program Files\Max Spyware Detector\MaxActMon.exe
C:\Program Files\Max Spyware Detector\MaxSDTray.exe
C:\Program Files\Max Spyware Detector\MaxUSBProc.exe
C:\Program Files\Max Spyware Detector\MaxDBServer.exe
HKLM\...\Run: [SDActiveMonitor] - C:\Program Files\Max Spyware Detector\MaxSDTray.exe [1091040 2014-02-07] (Max Secure Software)
HKLM\...\Run: [MaxUSBProc] - C:\Program Files\Max Spyware Detector\MaxUSBProc.exe [447968 2014-02-07] (Max Secure Software)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
S2 MaxMerger; C:\Program Files\Max Spyware Detector\MaxMerger.exe [307168 2014-02-07] (Max Secure Software)
S2 MaxWatchDogService; C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe [651744 2014-02-07] (Max Secure Software)
R0 MaxMgr; C:\Windows\System32\drivers\MaxMgr.sys [72160 2014-02-07] (Max Secure Software)
R1 MaxProtector32; C:\Windows\System32\drivers\MaxProtector32.sys [85984 2014-02-07] (Max Secure Software)
R0 SDActMon; C:\Windows\System32\drivers\SDActMon.sys [123360 2014-02-07] (Max Secure Software)
S3 catchme; \??\C:\Users\John\AppData\Local\Temp\catchme.sys [X]
C:\ProgramData\Max Secure
2014-02-08 19:28 - 2014-02-08 19:29 - 232949192 _____ (Max Secure Software ) C:\Users\John\Desktop\MaxSpywaredetector.exe
2014-02-08 19:11 - 2014-02-08 19:11 - 00000000 ____D () C:\Users\John\AppData\Local\Max Secure Software
2014-02-08 19:36 - 2014-02-08 19:33 - 00000000 ____D () C:\ProgramData\Max Secure
2014-02-08 19:29 - 2014-02-08 19:28 - 232949192 _____ (Max Secure Software ) C:\Users\John\Desktop\MaxSpywaredetector.exe
2014-02-08 19:11 - 2014-02-08 19:11 - 00000000 ____D () C:\Users\John\AppData\Local\Max Secure Software
2014-02-07 11:20 - 2014-02-08 19:36 - 00085984 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector32.sys
2014-02-07 11:20 - 2014-02-08 19:36 - 00077792 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector64.sys
2014-02-07 11:20 - 2014-02-08 19:36 - 00072160 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxMgr.sys
2014-02-07 11:20 - 2014-02-08 19:36 - 00068576 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProc64.sys
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.


~~~~~~~~~~~~~~~~~~~
please post
Fixlog.txt)
C:\AdwCleaner[S1].txt
JRT.txt

TechnoDino
2014-02-16, 05:57
Juliet: I copied the material to the notepad and saved to desktop (that was easy). I have no idea what I sneed to do to save the text into the Farbar scan tool. Sorry. I assume you mean copy the file into the directory where Farbar is stored. If true where is Farbar stored? If not what specifically do I need todo o copy the text into the Farbar tool?

Yes, I do agree, the program is in there tight.

John



OK, that thing is in there tight!


Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.


~~~~~~~~~~~~~~~~~~~
please post
Fixlog.txt)
C:\AdwCleaner[S1].txt
JRT.txt

Juliet
2014-02-16, 13:16
Running from C:\Users\John\Desktop
Do you see the FRST icon on your desktop? http://ruipaz.coffeecup.com/storage/Forum/Icons/FRST.gif

After you saved my fix to notepad, and saved as fixlist.txt <--important
move the fixlist.txt next to the icon, It needs to be saved Next to the "Farbar Recovery Scan Tool"

Then open FRST/FRST64 and press the Fix button just once and wait.

if this doesn't work let me know.

TechnoDino
2014-02-18, 04:06
Juliet: Ran FRST tool. Also ran adwCleaner and JRT. You had recommended I run these. I put all the results in the attached zip file. You put a big dent in the beast but I think it is still hanging around. No longer an icon on the desk top or in the notification bar. The program still shows up when I looked in the program list using control panel. A second observation: JRT was denied access to 3 (maybe 4) registry entries while scanning. Sorry this is such a tough one. I do appreciate, very much, your help.

John



Running from C:\Users\John\Desktop
Do you see the FRST icon on your desktop? http://ruipaz.coffeecup.com/storage/Forum/Icons/FRST.gif

After you saved my fix to notepad, and saved as fixlist.txt <--important
move the fixlist.txt next to the icon, It needs to be saved Next to the "Farbar Recovery Scan Tool"

Then open FRST/FRST64 and press the Fix button just once and wait.

if this doesn't work let me know.

Juliet
2014-02-18, 13:03
Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Download ComboFix from here:
Link 1 (http://www.bleepingcomputer.com/download/combofix/)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

Place ComboFix.exe on your Desktop <--Important

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
You may be asked to install or update the Recovery Console (http://en.wikipedia.org/wiki/Recovery_Console) (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
---------------------------------------------------------------------------------------------
If there are Internet issues after running ComboFix:
Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
Safari
Launch Safari
Go to general settings menu
Then in Preferences/ Advanced
Then on line click Proxies change settings ...
Click Internet Options, then click the Connections tab, click Network Settings.
Disable option (uncheck) for the use of proxy server ...

TechnoDino
2014-02-18, 18:45
ComboFix 14-02-16.01 - John 02/18/2014 10:20:55.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1776 [GMT -6:00]
Running from: c:\users\John\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-01-18 to 2014-02-18 )))))))))))))))))))))))))))))))
.
.
2014-02-18 16:30 . 2014-02-18 16:32 -------- d-----w- c:\users\John\AppData\Local\temp
2014-02-18 16:30 . 2014-02-18 16:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-02-18 16:30 . 2014-02-18 16:30 -------- d-----w- c:\users\Mary\AppData\Local\temp
2014-02-18 16:30 . 2014-02-18 16:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-18 16:30 . 2014-02-18 16:30 -------- d-----w- c:\users\Bethany\AppData\Local\temp
2014-02-18 16:30 . 2014-02-18 16:30 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-02-18 01:55 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2FFDC01-864F-4B7D-8170-A4331985CDB0}\mpengine.dll
2014-02-18 01:48 . 2014-02-18 01:48 -------- d-----w- c:\windows\ERUNT
2014-02-18 01:39 . 2014-02-18 01:40 -------- d-----w- C:\AdwCleaner
2014-02-18 01:38 . 2013-10-19 01:55 719224 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5710D0D-C43F-49C6-821A-DFA5E0BB89FE}\gapaengine.dll
2014-02-16 03:36 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-13 20:39 . 2014-02-18 01:24 -------- d-----w- C:\FRST
2014-02-12 19:38 . 2014-02-12 19:38 -------- d-----w- c:\program files\ERUNT
2014-02-12 19:21 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-02-09 12:56 . 2013-04-04 20:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-09 12:56 . 2014-02-09 12:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-09 11:49 . 2014-02-18 01:23 -------- d-----w- c:\windows\system32\WaitingForMerge
2014-02-09 11:49 . 2014-02-09 11:58 -------- d-----w- c:\windows\system32\SDLiveupdate
2014-02-09 04:33 . 2014-02-11 21:23 -------- d-----w- c:\users\Administrator\AppData\Local\DoNotTrackPlus
2014-02-09 01:37 . 2014-02-05 02:04 117248 ----a-w- c:\windows\system32\MaxNative.exe
2014-02-09 01:36 . 2014-02-07 17:20 77792 ----a-w- c:\windows\system32\drivers\MaxProtector64.sys
2014-02-09 01:36 . 2014-02-07 17:20 68576 ----a-w- c:\windows\system32\drivers\MaxProc64.sys
2014-02-09 01:36 . 2014-02-07 17:20 74208 ----a-w- c:\windows\system32\drivers\SDActMon2K.sys
2014-02-09 01:36 . 2014-02-09 04:31 -------- d-----w- c:\program files\Max Spyware Detector
2014-02-09 01:36 . 2014-02-07 17:20 13280 ----a-w- c:\windows\system32\drivers\004.sys
2014-02-09 01:36 . 2014-02-07 17:20 85984 ----a-w- c:\windows\system32\drivers\MaxProtector32.sys
2014-02-09 01:36 . 2014-02-07 17:20 123360 ----a-w- c:\windows\system32\drivers\SDActMon.sys
2014-01-24 14:51 . 2014-01-24 14:53 -------- d-----w- c:\users\John\AdobeLicensingFilesBackup
2014-01-24 03:13 . 2014-02-18 01:16 -------- d-----w- c:\users\John\AppData\Local\DoNotTrackPlus
2014-01-24 03:12 . 2014-01-24 03:12 -------- d-----w- c:\program files\DoNotTrackPlus
2014-01-23 18:38 . 2014-01-23 18:38 -------- d-----w- c:\program files\OneNote
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-12 00:18 . 2012-04-03 20:22 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-12 00:18 . 2011-05-19 14:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-01 23:46 . 2011-06-17 19:21 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-01-19 07:32 . 2010-07-26 00:52 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-25 17:49 . 2011-11-07 02:50 319456 ----a-w- c:\windows\DIFxAPI.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoPaired]
@="{A203F945-39E9-4286-AFA2-F3ADFCD5FAAA}"
[HKEY_CLASSES_ROOT\CLSID\{A203F945-39E9-4286-AFA2-F3ADFCD5FAAA}]
2012-07-12 19:22 1186616 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoPriority]
@="{6F1BB626-1107-4b82-B322-54C5E64461B8}"
[HKEY_CLASSES_ROOT\CLSID\{6F1BB626-1107-4b82-B322-54C5E64461B8}]
2012-07-12 19:22 1186616 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoProblem]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2B}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2B}]
2012-07-12 19:22 1186616 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSynced]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2A}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2A}]
2012-07-12 19:22 1186616 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSyncing]
@="{7479C9AF-DA81-4944-92E5-23E49390BB29}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB29}]
2012-07-12 19:22 1186616 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoUnavailable]
@="{66669544-5639-4922-99C8-CE7A86651364}"
[HKEY_CLASSES_ROOT\CLSID\{66669544-5639-4922-99C8-CE7A86651364}]
2012-07-12 19:22 1186616 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-09-28 11004520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Button Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Button Manager.lnk
backup=c:\windows\pss\HP Button Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2013-06-05 06:01 4489472 ----a-w- c:\users\John\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 02:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 00:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2012-11-05 21:27 89184 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-04 07:43 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2011-12-26 19:06 743560 ----a-w- c:\program files\EASEUS\Todo Backup\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2011-12-23 05:09 70792 ----a-w- c:\program files\EASEUS\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2010-01-19 03:43 124256 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-11-02 06:29 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 08:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 14:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Super-Charger]
2013-08-13 16:16 490480 ----a-w- c:\program files\MSI\Super-Charger\Super-Charger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 04:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe
.
R4 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
LPDService REG_MULTI_SZ
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 00:18]
.
2014-02-18 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-08-20 15:58]
.
2013-08-20 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-08-20 15:57]
.
2013-08-20 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-08-20 15:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
DPF: {5DD00D19-478E-4086-BE54-616723EB8EC8} - hxxp://boa.menulink.net/americasbetterburger/MLInstall.ocx
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-18 10:32
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell = Explorer.exe?
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = c:\windows\system32\userinit.exe,?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD16 rev.08.0 -> Harddisk0\DR0 -> \Device\0000005f
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 312581551 (+0): user != kernel
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID\{0067DBFC-A752-458C-AE6E-B9C7E63D4824}]
@DACL=(02 0000)
@="Device Detection"
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID\{13F5DD10-6E8E-4445-921F-B8D2A61C544E}]
@DACL=(02 0000)
@="IPM.Task.2012 Networking Espenses v2"
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID\{24972B59-2BF7-4146-8C56-066579C4B5BB}]
@DACL=(02 0000)
@="IPM.Contact.SBE"
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID\{33DDB83C-9959-4AC1-990C-00D28FFBB37F}]
@DACL=(02 0000)
@="Device Detection Property Page"
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID\{966D4D0D-0132-4DC7-BD65-88ECB0D618EF}]
@DACL=(02 0000)
@="IPM.Task.2012 Networking Expenses"
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID\{BE016E2F-171F-4FB2-856B-9D460CFE4073}]
@DACL=(02 0000)
@="IPM.Task.Networking Expenses"
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID\{C0095C6F-CF86-44F1-B68C-3B836FC85CCD}]
@DACL=(02 0000)
@="IPM.Task.2012 Networking Expenses v5"
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID\{D7BE6386-03C2-4CE0-B58D-AF2AC1A89EE9}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID\{EFC8504E-5715-4793-B694-4037CC15ED7F}]
@DACL=(02 0000)
@="IPM.Task.2012 Networking Expenses v3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3736)
c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Microsoft Office\Office14\ONENOTEM.EXE
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2014-02-18 10:38:26 - machine was rebooted
ComboFix-quarantined-files.txt 2014-02-18 16:38
ComboFix2.txt 2014-02-12 19:00
.
Pre-Run: 42,224,066,560 bytes free
Post-Run: 42,249,904,128 bytes free
.
- - End Of File - - F3D78AECAC4F7E483ED1E33CD91B576A
5FB38429D5D77768867C76DCBDB35194

Juliet
2014-02-18, 22:15
Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.



Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.


Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.


File::
c:\windows\system32\MaxNative.exe
c:\windows\system32\drivers\MaxProtector64.sys
c:\windows\system32\drivers\MaxProc64.sys
c:\windows\system32\drivers\SDActMon2K.sys
c:\program files\Max Spyware Detector
c:\windows\system32\drivers\004.sys
c:\windows\system32\drivers\SDActMon.sys


http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If there are internet issues afterward:

*In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Malwarebyteshttp://www.malwarebytes.org/forums/style_images/1/bf_new.gif Please download Malwarebytes' Anti-Malware from Here (http://www.malwarebytes.org/mbam-download.php). Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


In your next reply please post:
CFScript.txt
MBAM log

TechnoDino
2014-02-19, 17:04
Both logs pasted below and in the attache3d zip file. I'm optimistic we finally got d no malicious objects. But what do I know.

ComboFix
ComboFix 14-02-18.01 - John 02/19/2014 8:13.3.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1857 [GMT -6:00]
Running from: c:\users\John\Desktop\ComboFix.exe
Command switches used :: c:\users\John\Desktop\CFscript
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-01-19 to 2014-02-19 )))))))))))))))))))))))))))))))
.
.
2014-02-19 14:22 . 2014-02-19 14:22 -------- d-----w- c:\users\John\AppData\Local\temp
2014-02-19 14:22 . 2014-02-19 14:22 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-02-19 14:07 . 2014-02-19 14:07 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B3547B8-7962-4588-A81D-68FDF1B90BAB}\MpKsl960e02d0.sys
2014-02-19 13:55 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B3547B8-7962-4588-A81D-68FDF1B90BAB}\mpengine.dll
2014-02-18 16:42 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-18 01:48 . 2014-02-18 01:48 -------- d-----w- c:\windows\ERUNT
2014-02-18 01:39 . 2014-02-18 01:40 -------- d-----w- C:\AdwCleaner
2014-02-18 01:38 . 2013-10-19 01:55 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5710D0D-C43F-49C6-821A-DFA5E0BB89FE}\gapaengine.dll
2014-02-13 20:39 . 2014-02-19 13:42 -------- d-----w- C:\FRST
2014-02-12 19:38 . 2014-02-12 19:38 -------- d-----w- c:\program files\ERUNT
2014-02-12 19:21 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-02-09 11:49 . 2014-02-18 01:23 -------- d-----w- c:\windows\system32\WaitingForMerge
2014-02-09 11:49 . 2014-02-09 11:58 -------- d-----w- c:\windows\system32\SDLiveupdate
2014-02-09 04:33 . 2014-02-11 21:23 -------- d-----w- c:\users\Administrator\AppData\Local\DoNotTrackPlus
2014-02-09 01:37 . 2014-02-05 02:04 117248 ----a-w- c:\windows\system32\MaxNative.exe
2014-02-09 01:36 . 2014-02-07 17:20 77792 ----a-w- c:\windows\system32\drivers\MaxProtector64.sys
2014-02-09 01:36 . 2014-02-07 17:20 68576 ----a-w- c:\windows\system32\drivers\MaxProc64.sys
2014-02-09 01:36 . 2014-02-07 17:20 74208 ----a-w- c:\windows\system32\drivers\SDActMon2K.sys
2014-02-09 01:36 . 2014-02-09 04:31 -------- d-----w- c:\program files\Max Spyware Detector
2014-02-09 01:36 . 2014-02-07 17:20 13280 ----a-w- c:\windows\system32\drivers\004.sys
2014-02-09 01:36 . 2014-02-07 17:20 85984 ----a-w- c:\windows\system32\drivers\MaxProtector32.sys
2014-02-09 01:36 . 2014-02-07 17:20 123360 ----a-w- c:\windows\system32\drivers\SDActMon.sys
2014-01-24 14:51 . 2014-01-24 14:53 -------- d-----w- c:\users\John\AdobeLicensingFilesBackup
2014-01-24 03:13 . 2014-02-18 01:16 -------- d-----w- c:\users\John\AppData\Local\DoNotTrackPlus
2014-01-24 03:12 . 2014-01-24 03:12 -------- d-----w- c:\program files\DoNotTrackPlus
2014-01-23 18:38 . 2014-01-23 18:38 -------- d-----w- c:\program files\OneNote
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-12 00:18 . 2012-04-03 20:22 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-12 00:18 . 2011-05-19 14:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-01 23:46 . 2011-06-17 19:21 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-01-19 07:32 . 2010-07-26 00:52 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-25 17:49 . 2011-11-07 02:50 319456 ----a-w- c:\windows\DIFxAPI.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoPaired]
@="{A203F945-39E9-4286-AFA2-F3ADFCD5FAAA}"
[HKEY_CLASSES_ROOT\CLSID\{A203F945-39E9-4286-AFA2-F3ADFCD5FAAA}]
2012-07-12 19:22 1186616 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoPriority]
@="{6F1BB626-1107-4b82-B322-54C5E64461B8}"
[HKEY_CLASSES_ROOT\CLSID\{6F1BB626-1107-4b82-B322-54C5E64461B8}]
2012-07-12 19:22 1186616 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoProblem]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2B}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2B}]
2012-07-12 19:22 1186616 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSynced]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2A}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2A}]
2012-07-12 19:22 1186616 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSyncing]
@="{7479C9AF-DA81-4944-92E5-23E49390BB29}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB29}]
2012-07-12 19:22 1186616 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoUnavailable]
@="{66669544-5639-4922-99C8-CE7A86651364}"
[HKEY_CLASSES_ROOT\CLSID\{66669544-5639-4922-99C8-CE7A86651364}]
2012-07-12 19:22 1186616 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-09-28 11004520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Button Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Button Manager.lnk
backup=c:\windows\pss\HP Button Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2013-06-05 06:01 4489472 ----a-w- c:\users\John\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 02:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 00:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2012-11-05 21:27 89184 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-04 07:43 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2011-12-26 19:06 743560 ----a-w- c:\program files\EASEUS\Todo Backup\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2011-12-23 05:09 70792 ----a-w- c:\program files\EASEUS\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2010-01-19 03:43 124256 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-11-02 06:29 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 08:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 14:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Super-Charger]
2013-08-13 16:16 490480 ----a-w- c:\program files\MSI\Super-Charger\Super-Charger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 04:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe
.
R4 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL960E02D0
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
LPDService REG_MULTI_SZ
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 00:18]
.
2014-02-19 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-08-20 15:58]
.
2013-08-20 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-08-20 15:57]
.
2013-08-20 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-08-20 15:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
DPF: {5DD00D19-478E-4086-BE54-616723EB8EC8} - hxxp://boa.menulink.net/americasbetterburger/MLInstall.ocx
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-19 08:22
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell = Explorer.exe?
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = c:\windows\system32\userinit.exe,?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD16 rev.08.0 -> Harddisk0\DR0 -> \Device\0000005e
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 312581551 (+0): user != kernel
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID\{0067DBFC-A752-458C-AE6E-B9C7E63D4824}]
@DACL=(02 0000)
@="Device Detection"
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID\{13F5DD10-6E8E-4445-921F-B8D2A61C544E}]
@DACL=(02 0000)
@="IPM.Task.2012 Networking Espenses v2"
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID\{24972B59-2BF7-4146-8C56-066579C4B5BB}]
@DACL=(02 0000)
@="IPM.Contact.SBE"
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID\{33DDB83C-9959-4AC1-990C-00D28FFBB37F}]
@DACL=(02 0000)
@="Device Detection Property Page"
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID\{966D4D0D-0132-4DC7-BD65-88ECB0D618EF}]
@DACL=(02 0000)
@="IPM.Task.2012 Networking Expenses"
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID\{BE016E2F-171F-4FB2-856B-9D460CFE4073}]
@DACL=(02 0000)
@="IPM.Task.Networking Expenses"
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID\{C0095C6F-CF86-44F1-B68C-3B836FC85CCD}]
@DACL=(02 0000)
@="IPM.Task.2012 Networking Expenses v5"
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID\{D7BE6386-03C2-4CE0-B58D-AF2AC1A89EE9}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID\{EFC8504E-5715-4793-B694-4037CC15ED7F}]
@DACL=(02 0000)
@="IPM.Task.2012 Networking Expenses v3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(252)
c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
Completion time: 2014-02-19 08:25:26
ComboFix-quarantined-files.txt 2014-02-19 14:25
ComboFix2.txt 2014-02-18 16:38
.
Pre-Run: 43,212,247,040 bytes free
Post-Run: 43,157,970,944 bytes free
.
- - End Of File - - 5ECC47076F6268D79D295176ACD108D1
5FB38429D5D77768867C76DCBDB35194



[U]Malware{/U]
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.19.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
John :: JOHN-PC [administrator]

2/19/2014 8:34:09 AM
mbam-log-2014-02-19 (08-34-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 316089
Time elapsed: 9 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Juliet
2014-02-19, 19:25
I'm optimistic we finally got d no malicious objects.
Did you see it delete it?


Thats the same log not the newer one. I needed to see the one where it shows files deleted.

C:\qoobox\quarantined_files.txt <-- is this file present? If so -- please post its contents.

How about c:\Combofix\combofix.txt I'm looking for number 2 <-- is it here?

Juliet
2014-02-22, 13:48
still with me?

Juliet
2014-02-23, 14:26
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.

Juliet
2014-02-26, 12:45
Sorry for your loss.


If you don't mind let's continue here.


I'm optimistic we finally got d no malicious objects.
Did you see it delete it?


Thats the same log not the newer one. I needed to see the one where it shows files deleted.

C:\qoobox\quarantined_files.txt <-- is this file present? If so -- please post its contents.

How about c:\Combofix\combofix.txt I'm looking for number 2 <-- is it here?

TechnoDino
2014-02-27, 18:52
Juliet: Thanks.

qoobox.txt : no; there is a back envvelope folder. Cannot open this one even when I login using my Administrator account. I hate Vista and trying to figure out file permissions (just venting).

Coboxfix #2: no; the latest combo fix file I have was run 2/18 using your CF Script. I think this was #2. I reattached the zip file. Too many files with the same name; I'll be sure to name them including the date when I save them so I can always find the latest file.

Juliet
2014-02-27, 19:29
What I'd like for you to do, to prevent mixing up files.

Locate ComboFix icon, right click and select delete.
Now, Look for the CFScript.txt I had you create earlier and right click and select delete.

We're going to download an updated version. If ComboFix doesn't delete the files this time we'll try something else.


Download ComboFix from here:
Link 1 (http://www.bleepingcomputer.com/download/combofix/)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

Place ComboFix.exe on your Desktop <--Important

Don't click run yet.

Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.



Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.


Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.


File::
c:\windows\system32\MaxNative.exe
c:\windows\system32\drivers\MaxProtector64.sys
c:\windows\system32\drivers\MaxProc64.sys
c:\windows\system32\drivers\SDActMon2K.sys
c:\program files\Max Spyware Detector
c:\windows\system32\drivers\004.sys
c:\windows\system32\drivers\SDActMon.sys


http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If there are internet issues afterward:

*In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Please copy and paste the log it creates.

TechnoDino
2014-02-28, 05:50
:rockon:

Juliet: Sorry, but i figure out 2 cool things prior to writing this post: How to insert lots of smilies and How to use the last key to jump to the last post. I take pleasure in small things.

Anyway, thanks for putting up with me. The log follows.

ComboFix 14-02-24.02 - John 02/27/2014 21:11:47.4.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1402 [GMT -6:00]
Running from: c:\users\John\Desktop\ComboFix.exe
Command switches used :: c:\users\John\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-01-28 to 2014-02-28 )))))))))))))))))))))))))))))))
.
.
2014-02-28 03:24 . 2014-02-28 03:24 -------- d-----w- c:\users\John\AppData\Local\temp
2014-02-28 03:24 . 2014-02-28 03:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-02-28 03:24 . 2014-02-28 03:24 -------- d-----w- c:\users\Mary\AppData\Local\temp
2014-02-28 03:24 . 2014-02-28 03:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-28 03:24 . 2014-02-28 03:24 -------- d-----w- c:\users\Bethany\AppData\Local\temp
2014-02-28 03:24 . 2014-02-28 03:24 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-02-28 03:04 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5783EBC1-28BF-45E6-AA80-18198C71BE27}\mpengine.dll
2014-02-27 21:07 . 2014-02-27 21:07 -------- d-----w- c:\program files\iPod
2014-02-27 21:07 . 2014-02-27 21:08 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-27 21:07 . 2014-02-27 21:08 -------- d-----w- c:\program files\iTunes
2014-02-27 20:51 . 2014-02-27 20:51 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-02-27 20:51 . 2014-02-27 20:51 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-02-27 20:51 . 2014-02-27 20:51 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-02-27 20:51 . 2014-02-27 20:51 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-02-27 20:51 . 2014-02-27 20:51 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-02-27 20:51 . 2014-02-27 20:51 -------- d-----w- c:\program files\QuickTime
2014-02-27 02:33 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-26 14:50 . 2014-02-26 14:51 -------- d-----w- c:\program files\Calibre2
2014-02-21 01:27 . 2014-02-21 03:41 -------- d-----w- c:\users\John\AppData\Local\calibre-cache
2014-02-21 01:25 . 2014-02-21 04:31 -------- d-----w- c:\users\John\AppData\Roaming\calibre
2014-02-20 15:23 . 2014-02-20 15:22 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F01C04CD-A8D8-4505-904C-8BFC6A908AB1}\gapaengine.dll
2014-02-19 14:32 . 2014-02-19 14:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-19 14:32 . 2013-04-04 20:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-18 01:48 . 2014-02-18 01:48 -------- d-----w- c:\windows\ERUNT
2014-02-18 01:39 . 2014-02-18 01:40 -------- d-----w- C:\AdwCleaner
2014-02-13 20:39 . 2014-02-19 13:42 -------- d-----w- C:\FRST
2014-02-12 19:38 . 2014-02-12 19:38 -------- d-----w- c:\program files\ERUNT
2014-02-12 19:21 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-02-09 11:49 . 2014-02-18 01:23 -------- d-----w- c:\windows\system32\WaitingForMerge
2014-02-09 11:49 . 2014-02-09 11:58 -------- d-----w- c:\windows\system32\SDLiveupdate
2014-02-09 04:33 . 2014-02-11 21:23 -------- d-----w- c:\users\Administrator\AppData\Local\DoNotTrackPlus
2014-02-09 01:37 . 2014-02-05 02:04 117248 ----a-w- c:\windows\system32\MaxNative.exe
2014-02-09 01:36 . 2014-02-07 17:20 77792 ----a-w- c:\windows\system32\drivers\MaxProtector64.sys
2014-02-09 01:36 . 2014-02-07 17:20 68576 ----a-w- c:\windows\system32\drivers\MaxProc64.sys
2014-02-09 01:36 . 2014-02-07 17:20 74208 ----a-w- c:\windows\system32\drivers\SDActMon2K.sys
2014-02-09 01:36 . 2014-02-09 04:31 -------- d-----w- c:\program files\Max Spyware Detector
2014-02-09 01:36 . 2014-02-07 17:20 13280 ----a-w- c:\windows\system32\drivers\004.sys
2014-02-09 01:36 . 2014-02-07 17:20 85984 ----a-w- c:\windows\system32\drivers\MaxProtector32.sys
2014-02-09 01:36 . 2014-02-07 17:20 123360 ----a-w- c:\windows\system32\drivers\SDActMon.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 00:32 . 2012-04-03 20:22 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 00:32 . 2011-05-19 14:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-01 23:46 . 2011-06-17 19:21 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-01-19 07:32 . 2010-07-26 00:52 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-17 22:24 . 2014-01-17 22:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-01-17 22:24 . 2014-01-17 22:24 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-12-25 17:49 . 2011-11-07 02:50 319456 ----a-w- c:\windows\DIFxAPI.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoPaired]
@="{A203F945-39E9-4286-AFA2-F3ADFCD5FAAA}"
[HKEY_CLASSES_ROOT\CLSID\{A203F945-39E9-4286-AFA2-F3ADFCD5FAAA}]
2012-07-12 19:22 1186616 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoPriority]
@="{6F1BB626-1107-4b82-B322-54C5E64461B8}"
[HKEY_CLASSES_ROOT\CLSID\{6F1BB626-1107-4b82-B322-54C5E64461B8}]
2012-07-12 19:22 1186616 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoProblem]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2B}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2B}]
2012-07-12 19:22 1186616 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSynced]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2A}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2A}]
2012-07-12 19:22 1186616 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSyncing]
@="{7479C9AF-DA81-4944-92E5-23E49390BB29}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB29}]
2012-07-12 19:22 1186616 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoUnavailable]
@="{66669544-5639-4922-99C8-CE7A86651364}"
[HKEY_CLASSES_ROOT\CLSID\{66669544-5639-4922-99C8-CE7A86651364}]
2012-07-12 19:22 1186616 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-09-28 11004520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Button Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Button Manager.lnk
backup=c:\windows\pss\HP Button Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2013-06-05 06:01 4489472 ----a-w- c:\users\John\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-02-06 06:52 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 00:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2012-11-05 21:27 89184 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-04 07:43 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2011-12-26 19:06 743560 ----a-w- c:\program files\EASEUS\Todo Backup\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2011-12-23 05:09 70792 ----a-w- c:\program files\EASEUS\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2010-01-19 03:43 124256 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-02-21 09:54 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 22:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 14:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Super-Charger]
2013-08-13 16:16 490480 ----a-w- c:\program files\MSI\Super-Charger\Super-Charger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 04:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe
.
R4 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
LPDService REG_MULTI_SZ
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 00:32]
.
2014-02-28 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-08-20 15:58]
.
2013-08-20 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-08-20 15:57]
.
2013-08-20 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-08-20 15:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
DPF: {5DD00D19-478E-4086-BE54-616723EB8EC8} - hxxp://boa.menulink.net/americasbetterburger/MLInstall.ocx
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-27 21:24
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell = Explorer.exe?
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = c:\windows\system32\userinit.exe,?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD16 rev.08.0 -> Harddisk0\DR0 -> \Device\0000005f
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 312581551 (+0): user != kernel
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID\{0067DBFC-A752-458C-AE6E-B9C7E63D4824}]
@DACL=(02 0000)
@="Device Detection"
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID\{13F5DD10-6E8E-4445-921F-B8D2A61C544E}]
@DACL=(02 0000)
@="IPM.Task.2012 Networking Espenses v2"
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID\{24972B59-2BF7-4146-8C56-066579C4B5BB}]
@DACL=(02 0000)
@="IPM.Contact.SBE"
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID\{33DDB83C-9959-4AC1-990C-00D28FFBB37F}]
@DACL=(02 0000)
@="Device Detection Property Page"
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID\{966D4D0D-0132-4DC7-BD65-88ECB0D618EF}]
@DACL=(02 0000)
@="IPM.Task.2012 Networking Expenses"
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID\{BE016E2F-171F-4FB2-856B-9D460CFE4073}]
@DACL=(02 0000)
@="IPM.Task.Networking Expenses"
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID\{C0095C6F-CF86-44F1-B68C-3B836FC85CCD}]
@DACL=(02 0000)
@="IPM.Task.2012 Networking Expenses v5"
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID\{D7BE6386-03C2-4CE0-B58D-AF2AC1A89EE9}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-164766087-4118575548-873725582-1000_Classes\CLSID\{EFC8504E-5715-4793-B694-4037CC15ED7F}]
@DACL=(02 0000)
@="IPM.Task.2012 Networking Expenses v3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3348)
c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
Completion time: 2014-02-27 21:27:56
ComboFix-quarantined-files.txt 2014-02-28 03:27
ComboFix2.txt 2014-02-19 14:25
ComboFix3.txt 2014-02-18 16:38
.
Pre-Run: 42,173,775,872 bytes free
Post-Run: 41,549,623,296 bytes free
.
- - End Of File - - FA7C3EAF8B75C4AC80100652AE3A9C49
5FB38429D5D77768867C76DCBDB35194

Juliet
2014-02-28, 13:43
Do you have the Farbar Recovery Scan Tool icon still on your desktop?

Please, if you do we need to do this:

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)



start
Folder:C:\Documents and Settings\sta\Local Settings\Application Data\Max Secure Software
Folder:c:\program files\Max Spyware Detector
Folder:C:\Program Files\DoctoAntivirus
File:c:\windows\system32\drivers\MaxProtector64.sys
File:c:\windows\system32\drivers\MaxProc64.sys
File:c:\windows\system32\drivers\SDActMon2K.sys
File:C:\Program Files\DoctoAntivirus\MaxWatchDogService.exe
end

After you place the newest Fixlog.txt beside the FRST icon,
Just open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Please post this log when done.

TechnoDino
2014-03-01, 04:54
:rockon:Juliet: Have a nice weekend.

The log follows.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-02-2014 02
Ran by John at 2014-02-28 20:46:15 Run:3
Running from C:\Users\John\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
Folder:C:\Documents and Settings\sta\Local Settings\Application Data\Max Secure Software
Folder:c:\program files\Max Spyware Detector
Folder:C:\Program Files\DoctoAntivirus
File:c:\windows\system32\drivers\MaxProtector64.sys
File:c:\windows\system32\drivers\MaxProc64.sys
File:c:\windows\system32\drivers\SDActMon2K.sys
File:C:\Program Files\DoctoAntivirus\MaxWatchDogService.exe
end
*****************

========================= Folder:C:\Documents and Settings\sta\Local Settings\Application Data\Max Secure Software ========================
Directory Not Found
====== End of Folder: ======

========================= Folder:c:\program files\Max Spyware Detector ========================
Directory Not Found
====== End of Folder: ======

========================= Folder:C:\Program Files\DoctoAntivirus ========================
Directory Not Found
====== End of Folder: ======

========================= File:c:\windows\system32\drivers\MaxProtector64.sys ========================
MD5: 06C061901EC64CD8AA77667124B05A64
Creation and modification date: 2014-02-08 19:36 - 2014-02-07 11:20
Size: 0077792
Attributes: ----A
Company Name: Max Secure Software
Internal Name: MaxProtector64.sys
Original Name: MaxProtector64.sys
Product Name: Max Secure Software Self Protection Driver
Description: Max Secure Software Self Protection Driver
File Version: 2, 0, 1, 1
Product Version: 19, 0, 2, 1
Copyright: (c) Max Secure Software. All rights reserved.
====== End Of File: ======

========================= File:c:\windows\system32\drivers\MaxProc64.sys ========================
MD5: A748B6BBEA5CA57F41168767523C76A3
Creation and modification date: 2014-02-08 19:36 - 2014-02-07 11:20
Size: 0068576
Attributes: ----A
Company Name: Max Secure Software
Internal Name: MaxProc64.sys
Original Name: MaxProc64.sys
Product Name: Max Secure Software Self Protection Driver
Description: Max Secure Software Self Protection Driver
File Version: 1, 0, 0, 1
Product Version: 19, 0, 2, 1
Copyright: (c) Max Secure Software. All rights reserved.
====== End Of File: ======

========================= File:c:\windows\system32\drivers\SDActMon2K.sys ========================
MD5: E65428520D0ED2DEE370B7104B9FE1F5
Creation and modification date: 2014-02-08 19:36 - 2014-02-07 11:20
Size: 0074208
Attributes: ----A
Company Name: Max Secure Software
Internal Name: SDActMon2K
Original Name: SDActMon2K.sys
Product Name: Max Secure Software Active Monitor
Description: Max Secure Software Active Monitor Driver
File Version: 2, 0, 1, 1
Product Version: 19, 0, 2, 1
Copyright: (c) Max Secure Software. All rights reserved.
====== End Of File: ======

========================= File:C:\Program Files\DoctoAntivirus\MaxWatchDogService.exe ========================
"C:\Program Files\DoctoAntivirus\MaxWatchDogService.exe" not found.
====== End Of File: ======

==== End of Fixlog ====

John

Juliet
2014-03-01, 05:18
I want to try this one more time using it a different way.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)



start
c:\windows\system32\drivers\MaxProtector64.sys
C:\Documents and Settings\sta\Local Settings\Application Data\Max Secure Software
c:\program files\Max Spyware Detector
C:\Program Files\DoctoAntivirus
c:\windows\system32\drivers\MaxProc64.sys
c:\windows\system32\drivers\SDActMon2K.sys
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

TechnoDino
2014-03-03, 14:52
:rockon:

Juliet: Not much happened. Farbar ran for less tha 145econds. Ask to reboot and generate the fixlog.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-03-2014
Ran by John at 2014-03-03 06:45:54 Run:4
Running from C:\Users\John\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
c:\windows\system32\drivers\MaxProtector64.sys
C:\Documents and Settings\sta\Local Settings\Application Data\Max Secure Software
c:\program files\Max Spyware Detector
C:\Program Files\DoctoAntivirus
c:\windows\system32\drivers\MaxProc64.sys
c:\windows\system32\drivers\SDActMon2K.sys
end
*****************
Could not move "c:\windows\system32\drivers\MaxProtector64.sys" => Scheduled to move on reboot.
"C:\Documents and Settings\sta\Local Settings\Application Data\Max Secure Software" => File/Directory not found.
c:\program files\Max Spyware Detector => Moved successfully.
"C:\Program Files\DoctoAntivirus" => File/Directory not found.
Could not move "c:\windows\system32\drivers\MaxProc64.sys" => Scheduled to move on reboot.
Could not move "c:\windows\system32\drivers\SDActMon2K.sys" => Scheduled to move on reboot.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-03-03 06:47:20)<=
"c:\windows\system32\drivers\MaxProtector64.sys" => File could not move.
"c:\windows\system32\drivers\MaxProc64.sys" => File could not move.
"c:\windows\system32\drivers\SDActMon2K.sys" => File could not move.
==== End of Fixlog ====


John

Juliet
2014-03-03, 15:24
Ask to reboot and generate the fixlog.
The computer rebooted?

How's the computer now?

TechnoDino
2014-03-04, 03:44
:rockon:

Juliet: Yes, it rebooted. Could not have run for more than 10 seconds beforee the reboot message appeared. As far as I can tell, all is fine. Everything seems to be working.

John

Juliet
2014-03-04, 16:46
what a stinker that was!

Let's run these 2 scans that are quick to check ofr anything that might be left over.


-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.




Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.

TechnoDino
2014-03-04, 19:45
:rockon:

Juliet: Ran both scans. Logs below. One noteworthy observation: while JRT was scanning the Registry ther were 4 access is denied messages.

[u]JRT[\u]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by John on Tue 03/04/2014 at 11:33:52.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/04/2014 at 11:39:03.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



adw

# AdwCleaner v3.020 - Report created 04/03/2014 at 11:18:13
# Updated 27/02/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : John - JOHN-PC
# Running from : C:\Users\John\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16533

*************************
AdwCleaner[R0].txt - [6373 octets] - [17/02/2014 19:39:50]
AdwCleaner[R1].txt - [563 octets] - [04/03/2014 11:18:13]
AdwCleaner[S0].txt - [6710 octets] - [17/02/2014 19:40:45]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [682 octets] ##########

Juliet
2014-03-04, 21:29
Well, looking good so far.

One last scan to check for remnants.
The below can take quite a while to run depending on how full your computer is, also don't be alramed if it finds things since I am expecting this and I feel will already be contained in quarantine folders.

Go here (http://go.eset.com/us/online-scanner) to run an online scanner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish

TechnoDino
2014-03-06, 06:26
:rockon:
Juliet: No kidding about taking a long time. Slightly over 3.5 hours. the log follows. Seems to be some other threats to be removed.

C:\FRST\Quarantine\MaxSpywaredetector.exe17-02-2014_19-23-04 a variant of Win32/MaxPCsecure potentially unwanted application
C:\FRST\Quarantine\Max Spyware Detector03-03-2014_06-45-54\LiveUpdate.exe a variant of Win32/MaxPCsecure potentially unwanted application
C:\Users\Administrator\Desktop\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\e446e9b-7b7048ea a variant of Java/Exploit.Blacole.AF trojan
C:\Users\John\Desktop\DesktopFolders\Desktop Folders & Shortcuts\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

Playing around with the real cool smilies.


John :cool:

Juliet
2014-03-06, 16:20
Seems to be some other threats to be removed.

Not bad. What you see is mostly adware that came bundled with items you downloaded and a couple of files in quarantine.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)



start
C:\Users\Administrator\Desktop\ccsetup407.exe
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\e446e9b-7b7048ea
C:\Users\John\Desktop\DesktopFolders\Desktop Folders & Shortcuts\SetupImgBurn_2.5.7.0.exe
Reboot:
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Let me see this log when it's done.


Please run this security check for my review.

Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe).

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

TechnoDino
2014-03-06, 20:02
:rockon:

:cowboy:


:santa:
Juliet: Even I can read the Fixlog. Frst moved the stuff into quarantine. As you knew it would. You are GOOD!! Ran Security Check. Some out of date stuff (a constant battle to stay up to date) and some other useful stuf - like defrag the disk. Should I turn TeaTimer back on? As I remember things, it really slowed down my system. I'll put some new smilies in so you won't get bored. I know Christmas has come and gone; it is a ice smilie.

Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-03-2014
Ran by John at 2014-03-06 11:40:00 Run:5
Running from C:\Users\John\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
C:\Users\Administrator\Desktop\ccsetup407.exe
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\e446e9b-7b7048ea
C:\Users\John\Desktop\DesktopFolders\Desktop Folders & Shortcuts\SetupImgBurn_2.5.7.0.exe
Reboot:
end
*****************
C:\Users\Administrator\Desktop\ccsetup407.exe => Moved successfully.
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\e446e9b-7b7048ea => Moved successfully.
C:\Users\John\Desktop\DesktopFolders\Desktop Folders & Shortcuts\SetupImgBurn_2.5.7.0.exe => Moved successfully.

The system needed a reboot.
==== End of Fixlog ====


Security Check

Results of screen317's Security Check version 0.99.80
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Max Spyware Detector
SpywareBlaster 5.0
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 45
Java version out of Date!
Adobe Flash Player 11.9.900.117 Flash Player out of Date!
Adobe Reader 10.1.9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 14 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Juliet
2014-03-06, 22:17
Should I turn TeaTimer back on? As I remember things, it really slowed down my system.
Thats up to you, depends on if you want to deal with it or not.



http://get.adobe.com/flashplayer/
The above is for the latest version o Adobe flash, be sure to unclick McAfee security scan.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://get.adobe.com/reader/
Adobe Reader, be sure to unclick McAfee security scan.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Install Java:

Please go here to install Java (http://www.java.com/en/)

click on the Free Java Download Button
click on Agree and start Free download
click on Run
click on run again
click on install
when install is complete click on close


~~~~~~~~~~~~~~~~~~~~~~~~~~

Let's remove quarantine folders and tools used then I'll send you on your way.


Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.




start
DeleteQuarantine:
end



~~~~~~~~~~~~~~~~~~~~~~~~

Download Delfix from here (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
Ensure Remove disinfection tools is ticked
Also tick:
Create registry backup
Purge system restore
http://www.hdrcgb.org.uk/g2g/delfix.jpg

Click Run


Ant tools or files found left over can simply be deleted.

~~~~~~~~~~~~~~~~~

Your good to go, good job!

Please take the time to read over a few of my preventive tips.

Computer Security
http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)

CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)

to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates (http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us) and download all the "Critical Updates" for Windows.


Firefox 3 (http://www.mozilla.com/en-US/firefox/)
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript (http://www.noscript.net) - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

AdblockPlus

AdblockPlus, Surf the web without annoying ads!
Blocks banners, pop-ups and video ads - even on Facebook and YouTube
Protects your online privacy
Two-click installation, It's free!
click the icon that corresponds to your browser and download.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

Green should be good to go
Yellow for caution
Red to stop



~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to prevent Malware: Created by Miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)


WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/
and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/ (null)))


Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter (http://www.fbi.gov/cyberinvest/cyberedletter.htm)
USAToday (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
infoworld (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)

*********************************************
Please read the following safe computing articles..

Secure My Computer: A Layered Approach (http://www.dslreports.com/faq/8463)


Free Antivirus-AntiSpyware-Firewall Software (http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html)

Keep a backup of your important files (http://www.geekstogo.com/2008/06/19/options-for-home-computer-data-backup-part-1/) - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

TechnoDino
2014-03-08, 04:44
:rockon:

Juliet: Sorry. Delfix will not download or run??

Start>Control Panel>Programs and Features and there is still an entry for Spyware max. Should I worry about this?

John

:angel:
:thanks:

Juliet
2014-03-08, 05:23
Your computer security is probably interfering. Drop into safe mode with networking and attemp it again.
If it still wont work we can manually remove those tools.

~~~~~~~~~~~~~~~~~~~~~~

Let's see if we can get rid of that last entry. It's been rendered useless and ineffective.


Please download and install Revo Uninstaller Free (http://www.revouninstaller.com/start_freeware_download.html)
Double click Revo Uninstaller to run it.
From the list of programs double click on Max Spyware Defender
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.

.

TechnoDino
2014-03-11, 03:49
:thanks::thanks:

Juliet: All programs removed. No entry in Control Panel >Programs and Features.

Thanks for sticking with me through this massive effort to remove Spyware.

I'll probably remove Java since I do not think I need it for anything.

Thanks for all the other links.

John
:bigthumb::yahoo:

Juliet
2014-03-11, 03:54
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Juliet
2014-03-12, 16:37
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.