Unwanted hijacking of web pages

therunt · May 7, 2014

I am getting unwanted popup ads in the lower corners of web pages, and occasionally redirects to other sites (only when malware blockers are down).

DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by ross at 22:35:40 on 2014-05-06
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8151.5302 [GMT -4:00]
.
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Broadcom\BPowMon\BPowMon.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe
C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe
C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\WOSVSSSvr.exe
C:\Program Files (x86)\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe
C:\Program Files (x86)\CodeGear\Interbase\bin\ibguard.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\KidMoses\NetUpdate\nuServ.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
C:\Windows\SysWOW64\WinService.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Program Files (x86)\CodeGear\Interbase\bin\ibserver.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [PostgreSQL Data Wizard Agent] C:\Program Files (x86)\SQL Maestro Group\PostgreSQL Data Wizard\PgDataWizardA.exe
uRun: [Akamai NetSession Interface] "C:\Users\ross\AppData\Local\Akamai\netsession_win.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [GoToMeeting] "C:\Users\ross\AppData\Local\Citrix\GoToMeeting\1259\g2mstart.exe" "/Trigger RunAtLogon"
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [StatusAlerts] "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum

n /alerts

n /notifications

n /fl

n /fr

n /appData

n /tmcp

n
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GLADIN~1.LNK - C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\GladLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://74.15.193.185:4433/NELX.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0343D4D5-8432-42F3-ACC7-D878A8A73CB9} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{6B51719F-2F61-4CB7-8AC6-941FDEB4BBCD} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{6B51719F-2F61-4CB7-8AC6-941FDEB4BBCD}\4554C45535F535D6162747F5845726F59303 : DHCPNameServer = 192.168.20.1 192.168.20.1
TCP: Interfaces\{C83E0AD4-3AC8-49F2-951C-0DB2A0B97DDD} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files (x86)\TurboTax 2012\ic2012pp.dll
Handler: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files (x86)\TurboTax 2013\ic2013pp.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
SSODL: WebCheck - <orphaned>
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [SonicWALLNetExtender] C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
x64-Run: [HP LaserJet 200 color MFP M276 Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe "HP LaserJet 200 color MFP M276 Series Fax"
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - <orphaned>
x64-Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - <orphaned>
x64-Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - <orphaned>
x64-Handler: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - <orphaned>
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
x64-SSODL: WebCheck - <orphaned>
Hosts: 109.163.226.208 www.google-analytics.com.
Hosts: 109.163.226.208 ad-emea.doubleclick.net.
Hosts: 109.163.226.208 www.statcounter.com.
Hosts: 67.215.245.19 www.google-analytics.com.
Hosts: 67.215.245.19 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ross\AppData\Roaming\Mozilla\Firefox\Profiles\cldueye9.default\
FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Dimdim\Plugin\Application\npDimDimControl.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\ross\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\ross\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\ross\AppData\Roaming\Mozilla\Firefox\Profiles\cldueye9.default\extensions\npNELaunch@sonicwall.com\plugins\npNELaunch.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2013-9-17 62136]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2011-12-8 132704]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-23 55280]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2011-7-10 25312]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2011-12-8 211040]
R0 vidsflt61;Acronis Disk Storage Filter (61);C:\Windows\System32\drivers\vsflt61.sys [2011-12-8 142944]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2013-9-17 44120]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-9-23 92160]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-12-8 3450832]
R2 BPowMon;Broadcom Power monitoring service;C:\Program Files\Broadcom\BPowMon\BPowMon.exe [2009-8-17 117568]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-9-12 1337752]
R2 EnterpriseDBApachePHP;EnterpriseDB ApachePHP;C:\Program Files (x86)\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe [2010-10-11 18432]
R2 GladFileMonSvc;GladFileMonSvc;C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe [2011-1-6 29032]
R2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2012-5-2 164864]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-23 13336]
R2 IBG_gds_db;InterBase 2009 Guardian gds_db ;C:\Program Files (x86)\CodeGear\Interbase\bin\ibguard.exe -i "C:\Program Files (x86)\CodeGear\Interbase" -p gds_db --> C:\Program Files (x86)\CodeGear\Interbase\bin\ibguard.exe -i C:\Program Files (x86)\CodeGear\Interbase [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-30 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-30 857912]
R2 nuService;NetUpdate;C:\Program Files (x86)\KidMoses\NetUpdate\nuServ.exe [2011-1-17 928768]
R2 OS Selector;Acronis OS Selector activator;C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2011-11-15 2139400]
R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 SCM_Service;SCM_Service;C:\Windows\SysWOW64\WinService.exe [2011-7-10 186848]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-11-10 5890144]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-2-17 4972864]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-12-8 367200]
R3 dfmirage;dfmirage;C:\Windows\System32\drivers\dfmirage.sys [2009-3-28 36432]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-9-23 56344]
R3 IBS_gds_db;InterBase 2009 Server gds_db;C:\Program Files (x86)\CodeGear\Interbase\bin\ibserver.exe -i "C:\Program Files (x86)\CodeGear\Interbase" -p gds_db --> C:\Program Files (x86)\CodeGear\Interbase\bin\ibserver.exe -i C:\Program Files (x86)\CodeGear\Interbase [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-9-23 320040]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-3 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-30 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-30 63192]
R3 NxDrv;SonicWALL NetExtender Adapter;C:\Windows\System32\drivers\NxDrv.sys [2009-10-21 24264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 VMUSBArbService;VMware USB Arbitration Service;"C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe" --> C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S3 HP DS Service;HP DS Service;C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [2011-10-17 13824]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-19 111616]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-9-23 158976]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-8 19456]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\System32\drivers\wg111v2.sys [2011-7-10 450048]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-17 56832]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2013-6-21 106256]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-3 1255736]
.
=============== File Associations ===============
.
FileExt: .chm: chm.file="C:\Windows\hh.exe" %1 [UserChoice]
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-05-06 17:32:13 -------- d-----w- C:\Users\ross\AppData\Roaming\ESET
2014-05-06 17:32:13 -------- d-----w- C:\Users\ross\AppData\Local\ESET
2014-05-06 17:31:11 -------- d-----w- C:\Program Files\ESET
2014-05-06 17:25:05 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2014-05-05 07:32:32 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{01365997-38BA-4A40-A443-EB9A1EAF946C}\offreg.dll
2014-05-04 16:07:11 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-04 16:07:11 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-04 16:06:50 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-04 16:04:43 465408 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-04 16:04:43 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-02 06:44:22 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{01365997-38BA-4A40-A443-EB9A1EAF946C}\mpengine.dll
2014-04-30 12:55:05 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-30 12:52:05 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-30 12:52:05 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-04-30 12:52:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-29 17:19:21 -------- d-sh--w- C:\Users\ross\AppData\Local\EmieUserList
2014-04-29 17:19:21 -------- d-sh--w- C:\Users\ross\AppData\Local\EmieSiteList
2014-04-19 15:52:13 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-04-19 15:52:13 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-04-17 15:10:27 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2014-04-17 15:09:56 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-04-17 15:09:55 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-04-17 14:18:47 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-04-17 14:18:46 484864 ----a-w- C:\Windows\System32\wer.dll
2014-04-17 14:18:46 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-04-17 14:18:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-04-17 14:18:45 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-04-17 14:18:45 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-04-17 14:18:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-04-17 14:18:44 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
.
==================== Find3M ====================
.
2014-04-29 02:07:52 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-29 02:07:52 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-03 13:50:58 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-31 13:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-26 03:05:00 608 --sha-w- C:\Windows\System32\winzvprt5.sys
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH: 22:36:06.86 ===============

aswMBR log

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-05-06 22:53:28
-----------------------------
22:53:28.363 OS Version: Windows x64 6.1.7601 Service Pack 1
22:53:28.363 Number of processors: 8 586 0x1E05
22:53:28.363 ComputerName: SHADOWFAX UserName: ross
22:53:29.128 Initialize success
23:00:19.264 AVAST engine defs: 14050601
23:05:25.774 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:05:25.774 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3
23:05:25.844 Disk 0 MBR read successfully
23:05:25.854 Disk 0 MBR scan
23:05:25.874 Disk 0 Windows VISTA default MBR code
23:05:25.874 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
23:05:25.884 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 750 MB offset 81920
23:05:25.904 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 304454 MB offset 1617920
23:05:25.944 Disk 0 scanning C:\Windows\system32\drivers
23:05:36.774 Service scanning
23:05:58.424 Modules scanning
23:05:58.424 Disk 0 trace - called modules:
23:05:58.434 ntoskrnl.exe fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys vsflt61.sys iaStor.sys hal.dll
23:05:58.434 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e47060]
23:05:58.434 3 CLASSPNP.SYS[fffff8800156443f] -> nt!IofCallDriver -> [0xfffffa8007d148c0]
23:05:58.444 5 vsflt61.sys[fffff880010120fd] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007af4050]
23:05:59.834 AVAST engine scan C:\Windows
23:06:01.564 AVAST engine scan C:\Windows\system32
23:09:14.575 AVAST engine scan C:\Windows\system32\drivers
23:09:27.415 AVAST engine scan C:\Users\ross
23:11:18.836 Disk 0 MBR has been saved successfully to "C:\Users\ross\Desktop\MBR.dat"
23:11:18.851 The log file has been saved successfully to "C:\Users\ross\Desktop\aswMBR.txt"

Juliet · May 7, 2014

Hi and welcome

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

~~~~~~~~~~~~~~~~~~~`

Please download Farbar Recovery Scan Tool
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
(use correct version for your system.....Which system am I using?)

Tutorial http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

therunt · May 7, 2014

Farbar logs

Something odd is that the tools mention HOSTS file entries that I don't see when I view my HOSTS file at C:\Windows\system32\drivers\etc\HOSTS. How is this possible?

This post is too long to hold both logs, so the 2nd log (Addition.txt) will appear in an immediately successive post.

Here is FRST.txt.

------------------
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-05-2014
Ran by ross (administrator) on SHADOWFAX on 07-05-2014 15:37:59
Running from C:\Users\ross\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Broadcom Corp.) C:\Program Files\Broadcom\BPowMon\BPowMon.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Apache Software Foundation) C:\Program Files (x86)\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe
(Gladinet, INC) C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
() C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\WOSVSSSvr.exe
(Apache Software Foundation) C:\Program Files (x86)\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe
(Embarcadero Technologies, Inc.) C:\Program Files (x86)\CodeGear\Interbase\bin\ibguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\KidMoses\NetUpdate\nuServ.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
() C:\Windows\SysWOW64\WinService.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(SonicWALL Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
(Embarcadero Technologies, Inc.) C:\Program Files (x86)\CodeGear\Interbase\bin\ibserver.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
() C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
() C:\Users\ross\Desktop\q_restore\PortableApps\ThunderbirdPortable\ThunderbirdPortable.exe
() C:\Users\ross\Desktop\q_restore\PortableApps\ThunderbirdPortable\App\thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403096 2011-11-10] (Acronis)
HKLM\...\Run: [SonicWALLNetExtender] => C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [1103744 2010-04-01] (SonicWALL Inc.)
HKLM\...\Run: [HP LaserJet 200 color MFP M276 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2011-10-09] (Hewlett-Packard Company)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5954016 2011-11-10] (Acronis)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKU\S-1-5-21-1066971186-801704174-1181733999-1002\...\Run: [PostgreSQL Data Wizard Agent] => C:\Program Files (x86)\SQL Maestro Group\PostgreSQL Data Wizard\PgDataWizardA.exe
HKU\S-1-5-21-1066971186-801704174-1181733999-1002\...\Run: [Akamai NetSession Interface] => "C:\Users\ross\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1066971186-801704174-1181733999-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1066971186-801704174-1181733999-1002\...\Run: [GoToMeeting] => C:\Users\ross\AppData\Local\Citrix\GoToMeeting\1259\g2mstart.exe [40304 2014-02-12] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-1066971186-801704174-1181733999-1002\...\MountPoints2: {525cf8aa-be3f-11e0-a0f2-534e57000000} - I:\AutoLaunch.exe
HKU\S-1-5-21-1066971186-801704174-1181733999-1002\...\MountPoints2: {8fc440da-aa94-11e0-b8ac-534e57000000} - I:\AutoLaunch.exe
HKU\S-1-5-21-1066971186-801704174-1181733999-1002\...\MountPoints2: {cb44cfff-450d-11e1-9338-534e57000000} - J:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gladinet Cloud Desktop.lnk
ShortcutTarget: Gladinet Cloud Desktop.lnk -> C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\GladLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v2 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USSMB/23
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/23
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {D60FEA38-8371-4C9E-938A-11F8A450C0A7} URL =
SearchScopes: HKCU - {9D5B8E15-1FAB-480B-9A42-29844E3E8BC6} URL = http://findgala.com/?&uid=8050&q={searchTerms}
SearchScopes: HKCU - {D60FEA38-8371-4C9E-938A-11F8A450C0A7} URL =
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: HKLM-x32 {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://74.15.193.185:4433/NELX.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
Handler-x32: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files (x86)\TurboTax 2012\ic2012pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files (x86)\TurboTax 2013\ic2013pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\ross\AppData\Roaming\Mozilla\Firefox\Profiles\cldueye9.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @dimdim.com/DimdimPlugin - C:\Program Files (x86)\Dimdim\Plugin\Application\npDimDimControl.dll (Dimdim, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nosltd.com/getPlus+(R),version=1.6.2.91 - C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\ross\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\ross\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\ross\AppData\Roaming\Mozilla\Firefox\Profiles\cldueye9.default\searchplugins\dictionary.xml
FF SearchPlugin: C:\Users\ross\AppData\Roaming\Mozilla\Firefox\Profiles\cldueye9.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\ross\AppData\Roaming\Mozilla\Firefox\Profiles\cldueye9.default\searchplugins\youtube-video-search.xml
FF Extension: NetExtender Launcher - C:\Users\ross\AppData\Roaming\Mozilla\Firefox\Profiles\cldueye9.default\Extensions\npNELaunch@sonicwall.com [2011-03-15]
FF Extension: WebDAV Launcher - C:\Users\ross\AppData\Roaming\Mozilla\Firefox\Profiles\cldueye9.default\Extensions\webdavlauncher@benryan.com.xpi [2011-05-04]
FF Extension: Adblock Plus - C:\Users\ross\AppData\Roaming\Mozilla\Firefox\Profiles\cldueye9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-09]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-05-06]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF HKLM-x32\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files (x86)\Google\Google Gears\Firefox\
FF Extension: Google Gears - C:\Program Files (x86)\Google\Google Gears\Firefox\ []
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-05-06]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (Google Drive) - C:\Users\ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-23]
CHR Extension: (YouTube) - C:\Users\ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-23]
CHR Extension: (Google Search) - C:\Users\ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-23]
CHR Extension: (Gmail) - C:\Users\ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-23]

==================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 EnterpriseDBApachePHP; C:\Program Files (x86)\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe [18432 2010-10-06] (Apache Software Foundation)
R2 GladFileMonSvc; C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe [29032 2011-01-06] (Gladinet, INC)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company)
R2 IBG_gds_db; C:\Program Files (x86)\CodeGear\Interbase\bin\ibguard.exe [36864 2009-08-12] (Embarcadero Technologies, Inc.)
R3 IBS_gds_db; C:\Program Files (x86)\CodeGear\Interbase\bin\ibserver.exe [2887680 2009-08-12] (Embarcadero Technologies, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 nuService; C:\Program Files (x86)\KidMoses\NetUpdate\nuServ.exe [928768 2009-06-11] ()
R2 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139400 2011-11-15] ()
R2 SCM_Service; C:\Windows\SysWOW64\WinService.exe [186848 2010-05-10] ()
R2 SONICWALL_NetExtender; C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe [498560 2010-04-01] (SonicWALL Inc.)
R2 postgresql-8.4; C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/data" -w [X]
S2 VMUSBArbService; "C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe" [X]

==================== Drivers (Whitelisted) ====================

R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [36432 2009-03-28] (DemoForge, LLC)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [24264 2009-10-21] (SonicWALL Inc.)
S3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [450048 2010-04-06] (NETGEAR Inc.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106256 2013-06-21] (Oracle Corporation)
R0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [142944 2011-12-08] (Acronis)
S1 aqIPD7; \??\C:\Windows\system32\drivers\aqIPD7.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
U3 aswMBR; \??\C:\Users\ross\AppData\Local\Temp\aswMBR.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-07 15:37 - 2014-05-07 15:38 - 00021396 _____ () C:\Users\ross\Desktop\FRST.txt
2014-05-07 15:37 - 2014-05-07 15:37 - 00000000 ____D () C:\FRST
2014-05-07 15:36 - 2014-05-07 15:36 - 02063872 _____ (Farbar) C:\Users\ross\Desktop\FRST64.exe
2014-05-07 15:32 - 2014-05-07 15:35 - 00002884 _____ () C:\Users\ross\Desktop\Rkill.txt
2014-05-07 15:32 - 2014-05-07 15:34 - 00002884 _____ () C:\Users\ross\Desktop\Rkill2.txt
2014-05-07 15:32 - 2014-05-07 15:32 - 00003332 _____ () C:\Users\ross\Desktop\Rkill1.txt
2014-05-07 15:31 - 2014-05-07 15:32 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\ross\Desktop\rkill.exe
2014-05-06 23:11 - 2014-05-06 23:11 - 00004105 _____ () C:\Users\ross\Desktop\attach.zip
2014-05-06 23:11 - 2014-05-06 23:11 - 00001933 _____ () C:\Users\ross\Desktop\aswMBR.txt
2014-05-06 23:11 - 2014-05-06 23:11 - 00000512 _____ () C:\Users\ross\Desktop\MBR.dat
2014-05-06 22:36 - 2014-05-06 22:36 - 00024708 _____ () C:\Users\ross\Desktop\dds.txt
2014-05-06 22:36 - 2014-05-06 22:36 - 00012006 _____ () C:\Users\ross\Desktop\attach.txt
2014-05-06 22:31 - 2014-05-06 22:31 - 04745728 _____ (AVAST Software) C:\Users\ross\Desktop\aswMBR.exe
2014-05-06 22:30 - 2014-05-06 22:41 - 00000000 ____D () C:\Users\ross\Desktop\dump
2014-05-06 22:30 - 2014-05-06 22:30 - 00688992 ____R (Swearware) C:\Users\ross\Desktop\dds.scr
2014-05-06 22:16 - 2014-05-06 22:16 - 00000907 _____ () C:\Users\rosstemp\Desktop\ERUNT.lnk
2014-05-06 22:16 - 2014-05-06 22:16 - 00000907 _____ () C:\Users\postgres\Desktop\ERUNT.lnk
2014-05-06 22:16 - 2014-05-06 22:16 - 00000907 _____ () C:\Users\Limited\Desktop\ERUNT.lnk
2014-05-06 22:16 - 2014-05-06 22:16 - 00000000 ____D () C:\Windows\ERDNT
2014-05-06 22:16 - 2014-05-06 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-05-06 22:16 - 2014-05-06 22:16 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-05-06 22:05 - 2014-05-06 22:05 - 00791393 _____ (Lars Hederer ) C:\Users\ross\Desktop\erunt-setup.exe
2014-05-06 13:32 - 2014-05-06 13:32 - 00000000 ____D () C:\Users\ross\AppData\Roaming\ESET
2014-05-06 13:32 - 2014-05-06 13:32 - 00000000 ____D () C:\Users\ross\AppData\Local\ESET
2014-05-06 13:31 - 2014-05-06 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-05-06 13:31 - 2014-05-06 13:31 - 00000000 ____D () C:\ProgramData\ESET
2014-05-06 13:31 - 2014-05-06 13:31 - 00000000 ____D () C:\Program Files\ESET
2014-05-06 13:09 - 2014-05-06 13:09 - 01581896 _____ (ESET) C:\Users\ross\Downloads\eset_smart_security_live_installer.exe
2014-05-04 12:07 - 2014-04-29 10:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-04 12:07 - 2014-04-29 09:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-04 12:07 - 2014-04-29 08:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-04 12:07 - 2014-04-29 08:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-04 12:06 - 2014-05-04 12:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-04 12:04 - 2014-04-13 22:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-04 12:04 - 2014-04-13 22:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-02 20:28 - 2014-05-02 20:28 - 00000081 _____ () C:\Users\ross\Downloads\sudoku14483.txt
2014-04-30 08:55 - 2014-05-07 14:03 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-30 08:52 - 2014-04-30 08:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-30 08:52 - 2014-04-30 08:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-30 08:52 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-30 08:52 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-29 13:19 - 2014-04-29 13:19 - 00000000 __SHD () C:\Users\ross\AppData\Local\EmieUserList
2014-04-29 13:19 - 2014-04-29 13:19 - 00000000 __SHD () C:\Users\ross\AppData\Local\EmieSiteList
2014-04-25 23:38 - 2014-04-26 14:49 - 00044032 _____ () C:\Users\ross\Documents\product_exposures.xls
2014-04-23 23:25 - 2014-04-26 14:46 - 00071680 _____ () C:\Users\ross\Documents\gps_duplication.xls
2014-04-22 23:17 - 2014-04-26 14:51 - 00023552 _____ () C:\Users\ross\Documents\MarketProductParams.xls
2014-04-19 16:41 - 2014-04-19 16:48 - 00000000 ____D () C:\Users\ross\Desktop\KeepersSmall
2014-04-19 11:56 - 2014-03-06 05:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-19 11:56 - 2014-03-06 04:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-19 11:56 - 2014-03-06 04:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-19 11:56 - 2014-03-06 04:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-19 11:56 - 2014-03-06 04:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-19 11:56 - 2014-03-06 04:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-19 11:56 - 2014-03-06 04:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-19 11:56 - 2014-03-06 04:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-19 11:56 - 2014-03-06 04:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-19 11:56 - 2014-03-06 04:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-19 11:56 - 2014-03-06 04:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-19 11:56 - 2014-03-06 04:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-19 11:56 - 2014-03-06 04:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-19 11:56 - 2014-03-06 04:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-19 11:56 - 2014-03-06 04:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-19 11:56 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-19 11:56 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-19 11:56 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-19 11:56 - 2014-03-06 03:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-19 11:56 - 2014-03-06 03:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-19 11:56 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-19 11:56 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-19 11:56 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-19 11:56 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-19 11:56 - 2014-03-06 03:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-19 11:56 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-19 11:56 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-19 11:56 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-19 11:56 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-19 11:56 - 2014-03-06 03:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-19 11:56 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-19 11:56 - 2014-03-06 03:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-19 11:56 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-19 11:56 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-19 11:56 - 2014-03-06 02:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-19 11:56 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-19 11:56 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-19 11:56 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-19 11:56 - 2014-03-06 02:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-19 11:56 - 2014-03-06 01:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-19 11:56 - 2014-03-06 01:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-19 11:56 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-19 11:56 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-19 11:56 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-19 11:52 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-19 11:52 - 2014-01-03 18:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-19 11:51 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-19 11:51 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-19 11:51 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-19 11:51 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-19 11:51 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-19 11:51 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-19 11:51 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-19 11:51 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-19 11:51 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-19 11:51 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-19 11:51 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-19 11:51 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-19 11:51 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-19 11:51 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-19 11:51 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-19 11:51 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-19 11:51 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-18 16:27 - 2014-04-19 16:41 - 00000000 ____D () C:\Users\ross\Desktop\Keepers
2014-04-18 14:59 - 2014-04-18 14:59 - 00000000 ____D () C:\Users\ross\Desktop\LasGaleras
2014-04-17 11:10 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-04-17 11:10 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-17 11:10 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-17 11:10 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-04-17 11:10 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-04-17 11:10 - 2013-10-01 21:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-17 11:10 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-17 11:10 - 2013-10-01 20:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-04-17 11:10 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-04-17 11:10 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-04-17 11:10 - 2013-10-01 20:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-04-17 11:10 - 2013-10-01 20:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-04-17 11:10 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-04-17 11:10 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-04-17 11:10 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-04-17 11:10 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-04-17 11:09 - 2013-09-24 22:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-04-17 11:09 - 2013-09-24 21:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-04-17 10:19 - 2014-04-17 10:19 - 00000000 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-17 10:18 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-17 10:18 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-17 10:18 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-17 10:18 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-04-17 10:18 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-04-17 10:18 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-04-17 10:18 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-04-17 10:18 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

==================== One Month Modified Files and Folders =======

2014-05-07 15:38 - 2014-05-07 15:37 - 00021396 _____ () C:\Users\ross\Desktop\FRST.txt
2014-05-07 15:37 - 2014-05-07 15:37 - 00000000 ____D () C:\FRST
2014-05-07 15:36 - 2014-05-07 15:36 - 02063872 _____ (Farbar) C:\Users\ross\Desktop\FRST64.exe
2014-05-07 15:35 - 2014-05-07 15:32 - 00002884 _____ () C:\Users\ross\Desktop\Rkill.txt
2014-05-07 15:34 - 2014-05-07 15:32 - 00002884 _____ () C:\Users\ross\Desktop\Rkill2.txt
2014-05-07 15:32 - 2014-05-07 15:32 - 00003332 _____ () C:\Users\ross\Desktop\Rkill1.txt
2014-05-07 15:32 - 2014-05-07 15:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\ross\Desktop\rkill.exe
2014-05-07 15:22 - 2010-10-21 22:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-07 15:07 - 2012-08-31 09:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-07 14:54 - 2014-02-12 21:19 - 00000556 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1066971186-801704174-1181733999-1002.job
2014-05-07 14:03 - 2014-04-30 08:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-07 02:23 - 2009-07-14 01:10 - 01891040 _____ () C:\Windows\WindowsUpdate.log
2014-05-06 23:11 - 2014-05-06 23:11 - 00004105 _____ () C:\Users\ross\Desktop\attach.zip
2014-05-06 23:11 - 2014-05-06 23:11 - 00001933 _____ () C:\Users\ross\Desktop\aswMBR.txt
2014-05-06 23:11 - 2014-05-06 23:11 - 00000512 _____ () C:\Users\ross\Desktop\MBR.dat
2014-05-06 22:41 - 2014-05-06 22:30 - 00000000 ____D () C:\Users\ross\Desktop\dump
2014-05-06 22:41 - 2012-07-06 13:05 - 00000000 ____D () C:\Users\ross\AppData\Roaming\Thunderbird
2014-05-06 22:41 - 2012-03-10 10:36 - 00001766 _____ () C:\Users\ross\Desktop\ThunderbirdPortable.exe - Shortcut.lnk
2014-05-06 22:36 - 2014-05-06 22:36 - 00024708 _____ () C:\Users\ross\Desktop\dds.txt
2014-05-06 22:36 - 2014-05-06 22:36 - 00012006 _____ () C:\Users\ross\Desktop\attach.txt
2014-05-06 22:31 - 2014-05-06 22:31 - 04745728 _____ (AVAST Software) C:\Users\ross\Desktop\aswMBR.exe
2014-05-06 22:31 - 2011-01-31 15:21 - 00000000 ____D () C:\Users\ross\AppData\Local\gladinet
2014-05-06 22:30 - 2014-05-06 22:30 - 00688992 ____R (Swearware) C:\Users\ross\Desktop\dds.scr
2014-05-06 22:29 - 2010-10-21 22:44 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-06 22:26 - 2009-07-14 01:13 - 00825514 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-06 22:26 - 2009-07-14 00:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-06 22:26 - 2009-07-14 00:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-06 22:18 - 2010-10-11 21:57 - 00000000 ____D () C:\data
2014-05-06 22:18 - 2010-10-06 09:41 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-05-06 22:18 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-06 22:18 - 2009-07-14 00:51 - 00065583 _____ () C:\Windows\setupact.log
2014-05-06 22:16 - 2014-05-06 22:16 - 00000907 _____ () C:\Users\rosstemp\Desktop\ERUNT.lnk
2014-05-06 22:16 - 2014-05-06 22:16 - 00000907 _____ () C:\Users\postgres\Desktop\ERUNT.lnk
2014-05-06 22:16 - 2014-05-06 22:16 - 00000907 _____ () C:\Users\Limited\Desktop\ERUNT.lnk
2014-05-06 22:16 - 2014-05-06 22:16 - 00000000 ____D () C:\Windows\ERDNT
2014-05-06 22:16 - 2014-05-06 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-05-06 22:16 - 2014-05-06 22:16 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-05-06 22:15 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2014-05-06 22:12 - 2012-12-29 18:26 - 00000000 ____D () C:\Users\ross\AppData\Local\TSVNCache
2014-05-06 22:11 - 2011-10-21 23:07 - 00000000 ____D () C:\Users\postgres
2014-05-06 22:11 - 2011-10-21 16:24 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-06 22:11 - 2010-09-23 11:08 - 00782028 _____ () C:\Windows\PFRO.log
2014-05-06 22:05 - 2014-05-06 22:05 - 00791393 _____ (Lars Hederer ) C:\Users\ross\Desktop\erunt-setup.exe
2014-05-06 18:01 - 2010-11-01 13:24 - 00000292 _____ () C:\Windows\Tasks\next.job
2014-05-06 14:11 - 2011-01-07 09:50 - 00002292 _____ () C:\Users\ross\Documents\Default.rdp
2014-05-06 13:32 - 2014-05-06 13:32 - 00000000 ____D () C:\Users\ross\AppData\Roaming\ESET
2014-05-06 13:32 - 2014-05-06 13:32 - 00000000 ____D () C:\Users\ross\AppData\Local\ESET
2014-05-06 13:31 - 2014-05-06 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-05-06 13:31 - 2014-05-06 13:31 - 00000000 ____D () C:\ProgramData\ESET
2014-05-06 13:31 - 2014-05-06 13:31 - 00000000 ____D () C:\Program Files\ESET
2014-05-06 13:09 - 2014-05-06 13:09 - 01581896 _____ (ESET) C:\Users\ross\Downloads\eset_smart_security_live_installer.exe
2014-05-04 12:06 - 2014-05-04 12:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-02 20:28 - 2014-05-02 20:28 - 00000081 _____ () C:\Users\ross\Downloads\sudoku14483.txt
2014-04-30 08:52 - 2014-04-30 08:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-30 08:52 - 2014-04-30 08:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-30 08:52 - 2011-10-22 00:02 - 00000000 ____D () C:\Users\ross\AppData\Roaming\Malwarebytes
2014-04-30 08:52 - 2011-10-21 15:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-29 13:19 - 2014-04-29 13:19 - 00000000 __SHD () C:\Users\ross\AppData\Local\EmieUserList
2014-04-29 13:19 - 2014-04-29 13:19 - 00000000 __SHD () C:\Users\ross\AppData\Local\EmieSiteList
2014-04-29 10:01 - 2014-05-04 12:07 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 09:40 - 2014-05-04 12:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 08:48 - 2014-05-04 12:07 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 08:34 - 2014-05-04 12:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-28 22:07 - 2012-08-31 09:05 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-28 22:07 - 2012-05-06 15:02 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-28 22:07 - 2011-05-20 20:48 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-27 10:32 - 2014-02-17 23:28 - 00001104 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-04-26 16:41 - 2011-10-06 02:28 - 00000000 ____D () C:\Users\ross\Documents\COMB
2014-04-26 15:12 - 2011-04-07 10:13 - 00000600 _____ () C:\Users\ross\AppData\Roaming\winscp.rnd
2014-04-26 14:51 - 2014-04-22 23:17 - 00023552 _____ () C:\Users\ross\Documents\MarketProductParams.xls
2014-04-26 14:49 - 2014-04-25 23:38 - 00044032 _____ () C:\Users\ross\Documents\product_exposures.xls
2014-04-26 14:46 - 2014-04-23 23:25 - 00071680 _____ () C:\Users\ross\Documents\gps_duplication.xls
2014-04-23 21:40 - 2010-09-30 22:40 - 00299930 _____ () C:\Users\ross\sanct.log
2014-04-23 21:40 - 2010-09-30 21:41 - 00000000 ____D () C:\ProgramData\Embarcadero
2014-04-23 13:52 - 2014-03-24 22:50 - 00000000 ____D () C:\Program Files (x86)\TurboTax 2013
2014-04-19 17:15 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-04-19 16:48 - 2014-04-19 16:41 - 00000000 ____D () C:\Users\ross\Desktop\KeepersSmall
2014-04-19 16:41 - 2014-04-18 16:27 - 00000000 ____D () C:\Users\ross\Desktop\Keepers
2014-04-19 12:36 - 2013-07-04 23:15 - 00000000 ____D () C:\Users\ross\.VirtualBox
2014-04-19 12:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-19 11:57 - 2010-09-30 18:56 - 00000000 ____D () C:\Users\ross\AppData\Local\Adobe
2014-04-19 11:57 - 2010-09-30 18:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-19 11:55 - 2013-07-12 21:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-19 11:53 - 2010-10-14 11:26 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-19 02:50 - 2013-03-13 16:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-19 02:50 - 2013-03-13 16:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-18 14:59 - 2014-04-18 14:59 - 00000000 ____D () C:\Users\ross\Desktop\LasGaleras
2014-04-17 11:05 - 2013-03-13 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-17 10:59 - 2009-07-14 00:45 - 00422792 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-17 10:24 - 2013-10-05 12:54 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-17 10:19 - 2014-04-17 10:19 - 00000000 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-17 10:19 - 2010-09-23 09:23 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-17 10:15 - 2014-03-25 23:04 - 00000000 ____D () C:\Users\ross\AppData\Roaming\HpUpdate
2014-04-17 10:08 - 2012-05-06 15:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-13 22:24 - 2014-05-04 12:04 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-13 22:19 - 2014-05-04 12:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Files to move or delete:
====================
C:\ProgramData\.6b14a35055fac291a0de744e5b9ee9ec.dat

Some content of TEMP:
====================
C:\Users\Limited\AppData\Local\Temp\{74FBA14D-66E1-4C4A-9E1B-4B8E2CF67B61}.exe
C:\Users\Limited\AppData\Local\Temp\{BA8C058F-4BA7-4AD8-AF74-47B16042451D}.exe
C:\Users\Limited\AppData\Local\Temp\{C19E6858-96BF-49B0-A432-9ABCBF872353}.exe
C:\Users\ross\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\ross\AppData\Local\Temp\InstHelper.exe
C:\Users\ross\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\ross\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\ross\AppData\Local\Temp\{92853941-8F89-4763-8B4E-7CFDAF05C532}.exe
C:\Users\rosstemp\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\rosstemp\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-29 10:19

==================== End Of Log ============================

therunt · May 7, 2014

Farbar logs (2 of 2)

...and here is Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-05-2014
Ran by ross at 2014-05-07 15:38:20
Running from C:\Users\ross\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
Acronis Disk Director 11 Home (HKLM-x32\...\{8EFB7927-48AD-4E6D-91B7-6B2BD6C3F380}) (Version: 11.0.2343 - Acronis)
Acronis True Image Home 2012 (HKLM-x32\...\{2186F2E0-7023-453B-B604-0F13C72AFF37}Visible) (Version: 15.0.6131 - Acronis)
Acronis True Image Home 2012 (x32 Version: 15.0.6131 - Acronis) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.91 - NOS Microsystems Ltd.)
Adobe Dreamweaver CS5 (HKLM-x32\...\{C79312BD-3E76-4474-A10C-1435D1856A4B}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AnkhSVN 2.1.8420.8 (HKLM-x32\...\{CA206913-EE9F-495F-AD43-032E5833EE13}) (Version: 2.1.8420.8 - AnkhSVN Team)
ApachePhp 2.2.16-5.3.3 (HKLM-x32\...\ApachePhp 2.2.16-5.3.3-1) (Version: 2.2.16-5.3.3-1 - EnterpriseDB)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AQtime 7 Standard for Embarcadero RAD Studio XE (x32 Version: 7.0.307.86 - AutomatedQA Corp.) Hidden
Artisteer 2 (HKLM-x32\...\Artisteer 2) (Version: 2.4 - Extensoft)
AutomatedQA AQtime 7 Standard for Embarcadero RAD Studio (HKLM-x32\...\InstallShield_{DC700081-9FD8-4445-A578-C52209A90522}) (Version: 7.0.307.86 - AutomatedQA Corp.)
BBM SalesPRO (HKLM-x32\...\BBM SalesPRO) (Version: - BBM Canada / Sondages BBM)
BDE_ENT (x32 Version: 5.1.1 - Borland Software Corp.) Hidden
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Broadcom Management Programs (HKLM\...\{5DB87A63-9420-48CC-9F9A-B8801D38D6B5}) (Version: 12.35.01 - Broadcom Corporation)
Bullzip PDF Printer 7.1.0.1218 (HKLM\...\Bullzip PDF Printer_is1) (Version: 7.1.0.1218 - Bullzip)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
CodeGear InterBase 2009 [instance = gds_db] (HKLM-x32\...\CodeGear InterBase 2009 [instance = gds_db]) (Version: InterBase 2009 - Embarcadero Technologies Inc.)
CodeSite Express 4.6.1 (HKLM-x32\...\CodeSite Express 4.6.1) (Version: 4.0 - Raize Software, Inc.)
CodeSite Studio 4.6.2 (HKLM-x32\...\CodeSite Studio 4.6.2) (Version: 4.0 - Raize Software, Inc.)
CollabNet Subversion Client 1.6.12 (HKLM-x32\...\CollabNet Subversion Client) (Version: 1.6.12 - CollabNet)
COMB DataSuite (HKCU\...\COMB DataSuite) (Version: 1.0 - Canadian Out-of-Home Measurement Bureau)
COMB DataSuite (x32 Version: 1.0 - Canadian Out-of-Home Measurement Bureau) Hidden
COMB DataSuite Beta (HKCU\...\COMB DataSuite Beta) (Version: 1.0 - Canadian Out-of-Home Measurement Bureau)
COMB DataSuite Beta (x32 Version: 1.0 - Canadian Out-of-Home Measurement Bureau) Hidden
COMBDataSuiteSetup (x32 Version: 1.0 - InstallAware Software Corporation) Hidden
COMBNavigator® UserAdmin (HKLM-x32\...\COMBNavigator® UserAdmin) (Version: 1.0 - COMB)
COMBNavigator® UserAdmin (x32 Version: 1.0 - COMB) Hidden
COMBNavigatorSetup (x32 Version: 1.0 - InstallAware Software Corporation) Hidden
COMBSuite (x32 Version: 1.0 - InstallAware Software Corporation) Hidden
DataDirect ODBC driver for InterBase (HKLM-x32\...\DataDirect ODBC driver for InterBase) (Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version: - Microsoft)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Delphi Prism 4.0.25.791 (HKLM-x32\...\{1DA9BC4F-6149-4AC0-A533-49092A33AC9C}_is1) (Version: - Embarcadero Technologies)
Delphi Prism Feature Pack (HKLM-x32\...\Delphi Prism Feature Pack) (Version: - Embarcadero)
Delphi Prism Feature Pack (x32 Version: 8.0 - Embarcadero) Hidden
Devart PgDAC 2.10.0.5 for Delphi XE for Win32 (HKLM-x32\...\PgDAC Delphi 15_is1) (Version: - Devart)
Developer Express VCL Demos v2011 vol 1.5 (HKLM-x32\...\VCL Demos Installer) (Version: - Developer Express Inc.)
Developer Express VCL Products (HKLM-x32\...\Developer Express VCL Products) (Version: 2011.2.9 - Developer Express Inc)
DropMaster 2.2 (HKLM-x32\...\DropMaster 2.2) (Version: 2.0 - Raize Software, Inc.)
Embarcadero Delphi and C++Builder XE Help System (HKLM-x32\...\Embarcadero Delphi and C++Builder XE Help System) (Version: - Embarcadero)
Embarcadero Delphi and C++Builder XE Help System (x32 Version: 8.0 - Embarcadero) Hidden
Embarcadero RAD Studio XE (HKLM-x32\...\Embarcadero RAD Studio XE) (Version: - Embarcadero Technologies)
Embarcadero RAD Studio XE (x32 Version: 8.0 - Embarcadero) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
ESET Smart Security (HKLM\...\{F7C525E7-659A-47F6-A25A-7A63FA10E767}) (Version: 7.0.302.26 - ESET, spol s r. o.)
FinalBuilder 7.0.0.600 Embarcadero Edition (HKLM-x32\...\{4594DEE8-EFDC-4F16-A6DC-AAEAD022DCFF}_is1) (Version: 7.0.0.600 - )
Gladinet Cloud Desktop (HKLM-x32\...\{F19C8C8C-B98A-4482-83ED-915A7873F2B2}) (Version: 2.5.551 - Gladinet)
Google Gears (HKLM-x32\...\{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}) (Version: 0.5.3600 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GoToMeeting 6.2.0.1350 (HKCU\...\GoToMeeting) (Version: 6.2.0.1350 - CitrixOnline)
GPL Ghostscript Lite 8.70 (HKLM-x32\...\GPL Ghostscript Lite_is1) (Version: - )
Gtk# for .Net 2.12.9 (HKLM-x32\...\{3CB70B01-4BC8-4C0F-B28F-7C6E33F913CC}) (Version: 2.12.9 - Novell, Inc.)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{D7716C7E-75F1-4C51-A2D5-C6A1E8311D53}) (Version: 20.0.771.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.55.55 - Hewlett Packard)
HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 5.0.12201.1116 - Hewlett-Packard)
HP LaserJet 200 color MFP M276 Fax (x32 Version: 29.0.84.0 - Hewlett-Packard Co.) Hidden
HP LaserJet 200 color MFP M276 HP Device Toolbox (x32 Version: 29.0.84.0 - Hewlett-Packard Co.) Hidden
HP LJ200 M276 HP Scan (x32 Version: 1.0.302.0 - Hewlett-Packard Co.) Hidden
HP Product FWUpdater (x32 Version: 4.0.0.7242 - Hewlett-Packard Company) Hidden
HP Unified IO (Version: 2.0.0.404 - HP) Hidden
HP Unified IO (x32 Version: 2.0.0.404 - HP) Hidden
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM276DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
HPLaserJet200color-MFPM276_HelpLearnCenter_SI (HKLM-x32\...\{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}) (Version: 1.01.0000 - Hewlett-Packard)
hppFaxDrvM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM276LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
hppSendFaxM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM276 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden
Inspex 2.4 (HKLM-x32\...\Inspex 2.4) (Version: 2.0 - Raize Software, Inc.)
InstallAware 11 (HKLM-x32\...\InstallAware 11) (Version: 11.0.3.2011 - InstallAware Software)
InstallAware 11 (x32 Version: 11.0.3.2011 - InstallAware Software) Hidden
InstallAware 7 (HKLM-x32\...\InstallAware 7) (Version: - InstallAware Software Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
join.me (HKCU\...\JoinMe) (Version: 1.9.1.204 - LogMeIn Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Levels 1, 2 & 3 Spanish Family Edition (HKLM-x32\...\{BB1399D8-2269-4EEE-88A8-703508480EDC}) (Version: 1.1.16 - TOPICS Entertainment)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation)
Microsoft Document Explorer 2008 (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version: - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Shell (Integrated) - ENU (HKLM-x32\...\{012D26C3-E12A-3BDA-8ECE-DF14E721A507}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 (7.0) (HKLM\...\SDKSetup_7.0.7600.16385.40715) (Version: 7.0.7600.16385.40715 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.0) (Version: 7.0.40715 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Common Utilities (40715) (Version: 7.0.40715 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715) (Version: 7.0.40715 - Microsoft Corporation) Hidden
Microsoft Windows SDK Intellisense and Reference Assemblies (40715) (Version: 7.0.40715 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mono for Windows 2.6.1 (HKLM-x32\...\{35e6256f-a352-4bf7-b6f1-998640a4cd53}_is1) (Version: 2.6.1 - Mono)
MonoDevelop 2.4 (HKLM-x32\...\{F54D7643-4D8D-47CD-9CDB-806897BC5142}) (Version: 2.4.0.58990 - Novell)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
NativeXmlEx 3.14 ("Open Source" version) (HKLM-x32\...\NativeXmlEx_is1) (Version: - SimDesign B.V.)
NETGEAR WG111v2 wireless USB 2.0 adapter (HKLM-x32\...\{4102037D-E8E0-48E0-B203-E521D194FB71}) (Version: 1.0.0.133 - NETGEAR)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.8.1 - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
Opengear SDTConnector (HKLM-x32\...\SDTConnector) (Version: - )
Oracle VM VirtualBox 4.3.4 (HKLM\...\{5FB568DF-207C-4B21-AC57-FC0CC2A0B113}) (Version: 4.3.4 - Oracle Corporation)
phpPgAdmin 4.2.3 (HKLM-x32\...\phpPgAdmin 4.2.3-1) (Version: 4.2.3-1 - EnterpriseDB)
Plus Pack for Acronis True Image Home 2012 (HKLM-x32\...\{A8EFC6C1-DF0C-4F51-8779-EAC4CDB440A4}) (Version: 15.0.6131 - Acronis)
PostGIS 1.5.2 for PostgreSQL 8.4 (remove only) (HKLM-x32\...\PostGIS 1.5 for PostgreSQL 8.4) (Version: - )
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
PostgreSQL Maestro 10.12 (HKLM-x32\...\PostgreSQL Maestro_is1) (Version: - SQL Maestro Group)
PostgreSQL OLE DB Provider (HKLM-x32\...\{8BB235BF-8740-48CF-9843-F502F5F07EC1}) (Version: 1.0.0.20 - PostgreSQL Application Installer Team)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
psqlODBC 08.04.0200 (HKLM-x32\...\psqlODBC 08.04.0200-1) (Version: 08.04.0200-1 - EnterpriseDB)
PuTTY version 0.62 (HKLM-x32\...\PuTTY_is1) (Version: 0.62 - Simon Tatham)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RadPHP XE (HKLM-x32\...\{08D4FBE1-2684-4720-B704-B7DF5C7923DB}_is1) (Version: - Embarcadero Technologies, Inc.)
Raize Components 5.4 (HKLM-x32\...\Raize Components 5.4) (Version: 5.0 - Raize Software, Inc.)
Rave Reports 9.0.0 BE (HKLM-x32\...\Rave Reports 9.0.0 BE_is1) (Version: - Nevrona Designs)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
RemObjects Data Abstract for Delphi 6.0.53.935 (HKLM-x32\...\{598D75F4-D4CA-4368-B42C-CD2183B8B238}_is1) (Version: - RemObjects Software)
RemObjects Software Offline Help 1.0.47.843 (HKLM-x32\...\{D6F7CCCB-16D2-4b34-AB1E-0937D235643D}_is1) (Version: - RemObjects Software)
RISE Editor (HKCU\...\371903d13e0dd646) (Version: 4.1.0.2 - RISE To Bloome Software)
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE 10.3 (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Roxio Creator DE 10.3 (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
ScreenSteps 2.9 (HKLM-x32\...\ScreenSteps_is1) (Version: 2.9 - Blue Mango Learning Systems)
SignGUI 1.03 (HKLM-x32\...\SignGUI_is1) (Version: - )
SonicWALL SSL-VPN NetExtender (HKLM-x32\...\SonicWALL SSL-VPN NetExtender) (Version: 4.0.134 - SonicWALL, Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
TortoiseSVN 1.7.10.23359 (64 bit) (HKLM\...\{71EFF430-1A34-423E-8EAF-A80173960A8E}) (Version: 1.7.23359 - TortoiseSVN)
Transit RF (HKCU\...\Transit RF) (Version: 2013.2.0 - SM Research + Richard Jean & Associates)
Transit RF (HKLM-x32\...\Transit RF) (Version: 2013.1.0 - SM Research + Richard Jean & Associates)
Transit RF (x32 Version: 2012.2 - InstallAware Software Corporation) Hidden
Transit RF (x32 Version: 2013.2.0 - SM Research + Richard Jean & Associates) Hidden
TransitRFSetup (x32 Version: 1.0 - InstallAware Software Corporation) Hidden
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TurboTax 2010 (HKLM-x32\...\{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2011 (HKLM-x32\...\{12CAA28E-56CA-4C3D-B3F2-7311540DD410}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2012 (HKLM-x32\...\{726DDC29-79B3-41B4-BDBF-97DF25BF1EA8}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2013 (HKLM-x32\...\{1E0FF98D-4AE4-46CC-B624-E771ABD5EA11}) (Version: 1.00.0000 - Intuit Canada)
TXLSFile 4.0 Demo (Delphi 2011) (HKLM-x32\...\TXLSFile 4.0 Demo (Delphi 2011)) (Version: - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
WebMeeting Plug-in (HKLM-x32\...\WebMeeting Plug-in) (Version: 6.0 - Dimdim, Inc.)
WebMeeting Plug-in (x32 Version: 6.0 - Dimdim, Inc.) Hidden
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows SDK Intellidocs (x32 Version: 9.0.30729 - Microsoft) Hidden
WinSCP 4.3.2 (HKLM-x32\...\winscp3_is1) (Version: 4.3.2 - Martin Prikryl)
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
WinZip Command Line Support Add-On 3.2 (HKLM-x32\...\WZCLINE) (Version: - WinZip Computing, S.L.)

==================== Restore Points =========================

19-04-2014 15:52:52 Windows Update
25-04-2014 09:07:21 Windows Update
29-04-2014 14:17:08 Windows Update
04-05-2014 16:05:16 Windows Update
06-05-2014 17:24:48 avast! antivirus system restore point

==================== Hosts content: ==========================

2009-07-13 22:34 - 2012-04-24 13:05 - 00001399 __RAH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
109.163.226.208 www.google-analytics.com.
109.163.226.208 ad-emea.doubleclick.net.
109.163.226.208 www.statcounter.com.
67.215.245.19 www.google-analytics.com.
67.215.245.19 ad-emea.doubleclick.net.
67.215.245.19 www.statcounter.com.

==================== Scheduled Tasks (whitelisted) =============

Task: {3A5DB456-879C-4891-ADE3-9B122D964390} - System32\Tasks\task1635882425 => C:\Users\ross\AppData\Roaming\AV Security Essentials\ScanDisk_.exe
Task: {6CFDA0F4-6925-45F3-A6F1-AEE65571F16B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated)
Task: {71376A97-40C2-47D9-BBAD-CB4932255B5A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21] (Google Inc.)
Task: {7614D903-4389-4F48-9FDB-665796D499F0} - System32\Tasks\G2MUpdateTask-S-1-5-21-1066971186-801704174-1181733999-1002 => C:\Users\ross\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe [2014-03-11] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {99E6C86E-0258-440A-B347-A45B2CC0E0BC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {BE1E7B17-59DF-4B68-9726-5088CBBCF1F8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {D4771CA7-E8B9-4C9A-B8E4-64C6D848BF0F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {D82881F4-3325-472F-AB77-8FAFB9202F85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21] (Google Inc.)
Task: {E7F56C4F-DB6D-4C6F-BC79-C66BA8C8E5EF} - System32\Tasks\AdobeAAMUpdater-1.0-ShadowFax-ross => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {F31C5ECB-9C88-4538-A3B5-E071DB237E6E} - System32\Tasks\next => C:\ProgramData\Dimdim\Updater\next.exe [2010-11-11] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1066971186-801704174-1181733999-1002.job => C:\Users\ross\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\next.job => C:\ProgramData\Dimdim\Updater\next.exe

==================== Loaded Modules (whitelisted) =============

2011-01-06 22:25 - 2011-01-06 22:25 - 00219496 _____ () C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\WOSVSSSvr.exe
2011-01-17 04:32 - 2009-06-11 13:20 - 00928768 _____ () C:\Program Files (x86)\KidMoses\NetUpdate\nuServ.exe
2011-07-10 10:33 - 2010-05-10 12:14 - 00186848 _____ () C:\Windows\SysWOW64\WinService.exe
2011-11-15 18:30 - 2011-11-15 18:30 - 02139400 _____ () C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
2012-10-08 22:10 - 2012-10-08 22:10 - 00088968 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2009-11-24 19:36 - 2009-11-24 19:36 - 00125440 _____ () C:\Program Files (x86)\Notepad++\NppShell_01.dll
2011-07-10 10:33 - 2010-05-10 12:13 - 01268192 _____ () C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
2010-10-11 22:10 - 2010-10-06 16:12 - 00160256 _____ () C:\Program Files (x86)\PostgreSQL\EnterpriseDB-ApachePhp\php\LIBPQ.dll
2010-11-29 11:47 - 2010-11-29 11:47 - 00503202 _____ () C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\sqlite3.dll
2010-11-29 11:47 - 2010-11-29 11:47 - 00059904 _____ () C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\zlib1.dll
2011-01-06 22:16 - 2011-01-06 22:16 - 00013160 _____ () C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\WOSMui.dll
2011-01-17 04:32 - 2008-11-16 18:58 - 00384000 _____ () C:\Program Files (x86)\KidMoses\NetUpdate\nu.dll
2011-10-21 23:06 - 2010-10-03 17:29 - 00172032 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\LIBPQ.dll
2011-10-21 23:06 - 2009-02-12 15:01 - 00976384 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\libxml2.dll
2011-10-21 23:06 - 2005-07-20 06:48 - 00059904 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\zlib1.dll
2011-11-10 07:16 - 2011-11-10 07:16 - 00435552 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2010-09-30 23:13 - 2008-05-12 17:27 - 00389120 _____ () C:\Program Files (x86)\CodeGear\Interbase\bin\sanctuarylib.dll
2014-02-20 02:02 - 2014-02-20 02:02 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\bfd5296be62268bc7a31a424f0d1ad5f\IsdiInterop.ni.dll
2010-09-23 09:24 - 2010-03-03 21:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-10-08 20:42 - 2012-10-08 20:42 - 00070536 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2014-05-06 22:41 - 2014-05-06 22:41 - 00008704 _____ () C:\Users\ross\AppData\Local\Temp\nsi5DCA.tmp\newadvsplash.dll
2014-05-06 22:41 - 2014-05-06 22:41 - 00011264 _____ () C:\Users\ross\AppData\Local\Temp\nsi5DCA.tmp\System.dll
2014-05-06 22:41 - 2014-05-06 22:41 - 00029696 _____ () C:\Users\ross\AppData\Local\Temp\nsi5DCA.tmp\registry.dll
2014-04-30 18:37 - 2014-04-30 18:38 - 03019888 _____ () C:\Users\ross\Desktop\dump\q_restore\PortableApps\ThunderbirdPortable\App\thunderbird\mozjs.dll
2014-04-30 18:37 - 2014-04-30 18:38 - 00158832 _____ () C:\Users\ross\Desktop\dump\q_restore\PortableApps\ThunderbirdPortable\App\thunderbird\NSLDAP32V60.dll
2014-04-30 18:37 - 2014-04-30 18:38 - 00023152 _____ () C:\Users\ross\Desktop\dump\q_restore\PortableApps\ThunderbirdPortable\App\thunderbird\NSLDAPPR32V60.dll
2014-03-30 00:21 - 2014-03-30 00:21 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-11-10 07:51 - 2011-11-10 07:51 - 00018784 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:56804229

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/07/2014 01:06:28 AM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/06/2014 07:29:22 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/05/2014 11:51:15 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: The program wmplayer.exe version 12.0.7601.18150 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1544

Start Time: 01cf68dd743ec68f

Termination Time: 6785

Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe

Report Id: a1231587-d4d1-11e3-bb95-a4badbfe2c56

Error: (05/05/2014 04:04:02 AM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/01/2014 00:33:47 AM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/30/2014 09:33:39 AM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/30/2014 08:52:15 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7
Faulting module name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7
Exception code: 0x40000015
Fault offset: 0x0007d28a
Faulting process id: 0x1988
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3

Error: (04/29/2014 10:22:40 AM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/27/2014 10:46:17 AM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/26/2014 01:24:58 AM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (05/06/2014 10:30:37 PM) (Source: BROWSER) (User: ) (EventID: 8032)
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{C83E0AD4-3AC8-49F2-951C-0DB2A0B97DDD}.
The backup browser is stopping.

Error: (05/06/2014 10:19:11 PM) (Source: Service Control Manager) (User: ) (EventID: 7026)
Description: The following boot-start or system-start driver(s) failed to load:
aqIPD7

Error: (05/06/2014 10:19:10 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: The VMware USB Arbitration Service service failed to start due to the following error:
%%2

Error: (05/06/2014 10:17:35 PM) (Source: Service Control Manager) (User: ) (EventID: 7016)
Description: The NVIDIA Display Driver Service service has reported an invalid current state 32.

Error: (05/06/2014 10:12:37 PM) (Source: Service Control Manager) (User: ) (EventID: 7026)
Description: The following boot-start or system-start driver(s) failed to load:
aqIPD7

Error: (05/06/2014 10:12:31 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: The VMware USB Arbitration Service service failed to start due to the following error:
%%2

Error: (05/06/2014 10:10:13 PM) (Source: Service Control Manager) (User: ) (EventID: 7016)
Description: The NVIDIA Display Driver Service service has reported an invalid current state 32.

Error: (05/06/2014 01:31:13 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (05/05/2014 11:53:04 PM) (Source: cdrom) (User: ) (EventID: 7)
Description: The device, \Device\CdRom0, has a bad block.

Error: (05/05/2014 11:52:57 PM) (Source: cdrom) (User: ) (EventID: 7)
Description: The device, \Device\CdRom0, has a bad block.

Microsoft Office Sessions:
=========================
Error: (05/07/2014 01:06:28 AM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files (x86)\InstallAware\InstallAware 11\Plug-Ins\DIFx\Localized\ia64\dpinst.exe

Error: (05/06/2014 07:29:22 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files (x86)\InstallAware\InstallAware 11\Plug-Ins\DIFx\Localized\ia64\dpinst.exe

Error: (05/05/2014 11:51:15 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: wmplayer.exe12.0.7601.18150154401cf68dd743ec68f6785C:\Program Files (x86)\Windows Media Player\wmplayer.exea1231587-d4d1-11e3-bb95-a4badbfe2c56

Error: (05/05/2014 04:04:02 AM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files (x86)\InstallAware\InstallAware 11\Plug-Ins\DIFx\Localized\ia64\dpinst.exe

Error: (05/01/2014 00:33:47 AM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files (x86)\InstallAware\InstallAware 11\Plug-Ins\DIFx\Localized\ia64\dpinst.exe

Error: (04/30/2014 09:33:39 AM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files (x86)\InstallAware\InstallAware 11\Plug-Ins\DIFx\Localized\ia64\dpinst.exe

Error: (04/30/2014 08:52:15 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: mbamservice.exe2.1.9.0530619b7mbamservice.exe2.1.9.0530619b7400000150007d28a198801cf6473010f872eC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe4124a261-d066-11e3-92e1-a4badbfe2c56

Error: (04/29/2014 10:22:40 AM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files (x86)\InstallAware\InstallAware 11\Plug-Ins\DIFx\Localized\ia64\dpinst.exe

Error: (04/27/2014 10:46:17 AM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files (x86)\InstallAware\InstallAware 11\Plug-Ins\DIFx\Localized\ia64\dpinst.exe

Error: (04/26/2014 01:24:58 AM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files (x86)\InstallAware\InstallAware 11\Plug-Ins\DIFx\Localized\ia64\dpinst.exe

CodeIntegrity Errors:
===================================
Date: 2013-10-08 12:31:50.828
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2013-10-08 12:02:09.712
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2013-10-08 11:52:40.505
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2013-10-08 09:32:29.404
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2013-10-08 08:47:35.588
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2013-09-16 13:05:20.054
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2013-09-16 12:51:50.260
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2013-09-13 12:54:55.932
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2013-09-05 12:42:27.903
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2013-09-05 12:33:50.317
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 8151.11 MB
Available physical RAM: 5214.56 MB
Total Pagefile: 16300.41 MB
Available Pagefile: 13004.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:297.32 GB) (Free:9.93 GB) NTFS
Drive q: (PORTABLEJRT) (Removable) (Total:14.92 GB) (Free:2.06 GB) FAT32
Drive y: (private) (Network) (Total:915.66 GB) (Free:91.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 259D4594)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=297 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================

Juliet · May 7, 2014

Something odd is that the tools mention HOSTS file entries that I don't see when I view my HOSTS file at C:\Windows\system32\drivers\etc\HOSTS. How is this possible?

If you have a custom host file builder like SpyBot you likely wont see it.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKCU - {9D5B8E15-1FAB-480B-9A42-29844E3E8BC6} URL = http://findgala.com/?&uid=8050&q={searchTerms}
SearchScopes: HKCU - {D60FEA38-8371-4C9E-938A-11F8A450C0A7} URL =
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
C:\ProgramData\.6b14a35055fac291a0de744e5b9ee9ec.dat
C:\Users\Limited\AppData\Local\Temp\{74FBA14D-66E1-4C4A-9E1B-4B8E2CF67B61}.exe
C:\Users\Limited\AppData\Local\Temp\{BA8C058F-4BA7-4AD8-AF74-47B16042451D}.exe
C:\Users\Limited\AppData\Local\Temp\{C19E6858-96BF-49B0-A432-9ABCBF872353}.exe
C:\Users\ross\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\ross\AppData\Local\Temp\InstHelper.exe
C:\Users\ross\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\ross\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\ross\AppData\Local\Temp\{92853941-8F89-4763-8B4E-7CFDAF05C532}.exe
C:\Users\rosstemp\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\rosstemp\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
Reboot:
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

The above script will reboot your computer, please don't be alarmed.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

~~~~~~~~~~~~~~~~~~

AdwCleaner by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

Close all open windows and browsers.

Right click the AdwCleaner icon

on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

*****
Click the Scan button and wait for the scan to finish.

After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Please don't delete anything at this time.
Click the Report button to get the log
Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

~~~~~~~~~~~~~~~~~~~~~~~

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Please post the following logs
Fixlog.txt
AdwCleaner[R0].txt
JRT.txt

therunt · May 8, 2014

3 more logs

Note that FRST64 didn't find one of the registry keys.

Log 1 of 3
----------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-05-2014
Ran by ross at 2014-05-07 22:26:38 Run:1
Running from C:\Users\ross\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKCU - {9D5B8E15-1FAB-480B-9A42-29844E3E8BC6} URL = http://findgala.com/?&uid=8050&q={searchTerms}
SearchScopes: HKCU - {D60FEA38-8371-4C9E-938A-11F8A450C0A7} URL =
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
C:\ProgramData\.6b14a35055fac291a0de744e5b9ee9ec.dat
C:\Users\Limited\AppData\Local\Temp\{74FBA14D-66E1-4C4A-9E1B-4B8E2CF67B61}.exe
C:\Users\Limited\AppData\Local\Temp\{BA8C058F-4BA7-4AD8-AF74-47B16042451D}.exe
C:\Users\Limited\AppData\Local\Temp\{C19E6858-96BF-49B0-A432-9ABCBF872353}.exe
C:\Users\ross\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\ross\AppData\Local\Temp\InstHelper.exe
C:\Users\ross\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\ross\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\ross\AppData\Local\Temp\{92853941-8F89-4763-8B4E-7CFDAF05C532}.exe
C:\Users\rosstemp\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\rosstemp\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
Reboot:
end
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9D5B8E15-1FAB-480B-9A42-29844E3E8BC6} => Key deleted successfully.
HKCR\CLSID\{9D5B8E15-1FAB-480B-9A42-29844E3E8BC6} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D60FEA38-8371-4C9E-938A-11F8A450C0A7} => Key deleted successfully.
HKCR\CLSID\{D60FEA38-8371-4C9E-938A-11F8A450C0A7} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
C:\ProgramData\.6b14a35055fac291a0de744e5b9ee9ec.dat => Moved successfully.
C:\Users\Limited\AppData\Local\Temp\{74FBA14D-66E1-4C4A-9E1B-4B8E2CF67B61}.exe => Moved successfully.
C:\Users\Limited\AppData\Local\Temp\{BA8C058F-4BA7-4AD8-AF74-47B16042451D}.exe => Moved successfully.
C:\Users\Limited\AppData\Local\Temp\{C19E6858-96BF-49B0-A432-9ABCBF872353}.exe => Moved successfully.
C:\Users\ross\AppData\Local\Temp\G2MInstallerExtractor.exe => Moved successfully.
C:\Users\ross\AppData\Local\Temp\InstHelper.exe => Moved successfully.
C:\Users\ross\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\ross\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Users\ross\AppData\Local\Temp\{92853941-8F89-4763-8B4E-7CFDAF05C532}.exe => Moved successfully.
C:\Users\rosstemp\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\rosstemp\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe => Moved successfully.

The system needed a reboot.

==== End of Fixlog ====

Log 2 of 3
-----------------

# AdwCleaner v3.207 - Report created 07/05/2014 at 22:35:11
# Updated 05/05/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : ross - SHADOWFAX
# Running from : C:\Users\ross\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Users\Limited\AppData\Local\~0
Folder Found : C:\Users\Limited\AppData\Local\PackageAware
Folder Found : C:\Users\ross\AppData\Local\~0
Folder Found : C:\Users\ross\AppData\Local\PackageAware

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Limited\AppData\Roaming\Mozilla\Firefox\Profiles\qm2lvuio.default\prefs.js ]

[ File : C:\Users\ross\AppData\Roaming\Mozilla\Firefox\Profiles\cldueye9.default\prefs.js ]

[ File : C:\Users\rosstemp\AppData\Roaming\Mozilla\Firefox\Profiles\257ioee1.default\prefs.js ]

Line Found : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Found : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

-\\ Google Chrome v

[ File : C:\Users\ross\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2085 octets] - [07/05/2014 22:35:11]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2145 octets] ##########

Log 3 of 3
--------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by ross on 07/05/2014 at 22:41:25.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted: [File] C:\Users\ross\AppData\Roaming\mozilla\firefox\profiles\cldueye9.default\searchplugins\youtube-video-search.xml
Emptied folder: C:\Users\ross\AppData\Roaming\mozilla\firefox\profiles\cldueye9.default\minidumps [42 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/05/2014 at 22:46:30.24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Juliet · May 8, 2014

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

~~~~~~~~~~~~~~~~~~~~~~~`

Please Run TFC by OldTimer to clear temporary files:

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe
and save it to your desktop.

Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

~~~~~~~~~~~~~~~~~~~~~~`

Go here to run an online scanner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish

Can you give me an update on how the computer is running now?

therunt · May 8, 2014

Final Log Entry

The ADWCleaner log is included below. ESET found no threats, hence no list from it.

The symptoms (iframes in the lower left corner of FF, unwanted redirection) appears to be gone.

Do you know what the infection was? And why no AV programs could seem to detect it (I tried most of the major free and non-free anti-virus and anti-spyware programs)

Thank you for your time and assistance, it is greatly appreciated.

------------------

# AdwCleaner v3.207 - Report created 08/05/2014 at 11:52:15
# Updated 05/05/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : ross - SHADOWFAX
# Running from : C:\Users\ross\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Limited\AppData\Local\~0
Folder Deleted : C:\Users\Limited\AppData\Local\PackageAware
Folder Deleted : C:\Users\ross\AppData\Local\~0
Folder Deleted : C:\Users\ross\AppData\Local\PackageAware

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Limited\AppData\Roaming\Mozilla\Firefox\Profiles\qm2lvuio.default\prefs.js ]

[ File : C:\Users\ross\AppData\Roaming\Mozilla\Firefox\Profiles\cldueye9.default\prefs.js ]

[ File : C:\Users\rosstemp\AppData\Roaming\Mozilla\Firefox\Profiles\257ioee1.default\prefs.js ]

Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

-\\ Google Chrome v

[ File : C:\Users\ross\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2241 octets] - [07/05/2014 22:35:11]
AdwCleaner[R1].txt - [2201 octets] - [08/05/2014 11:49:49]
AdwCleaner[S0].txt - [2132 octets] - [08/05/2014 11:52:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2192 octets] ##########

Juliet · May 8, 2014

The symptoms (iframes in the lower left corner of FF, unwanted redirection) appears to be gone.

Do you know what the infection was? And why no AV programs could seem to detect it (I tried most of the major free and non-free anti-virus and anti-spyware programs)

Glad to hear we got that straightened up.

I don't know that I can give it a name, what alerted me were the redirections. It's possible the malware that was responsible for the redirections was also responsible for the iframes?, very hard to say.

I do know that malware can be quite complicated in what it is designed to do. And as of today there is still not 1 antivirus program that can completely protect your computer. What we suggest is that you have layered protection on the machine so that what one can't find another might. More about this to come in my prevention steps.

Samples of infections have to be tested then submitted to the anitivirus companies to be downloaded and installed into the virus definition database. So what one finds today can take possibly days for another to be detected and distributed. Sounds weird maybe but thats typically the way it advances to the best of my knowledge.

Let's clean up now.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.

start
DeleteQuarantine:
end

~~~~~~~~~~~~~~

Download Delfix from here
Ensure Remove disinfection tools is ticked
Also tick:
- Create registry backup
- Purge system restore
Click Run

Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.

~~~~~~~~~~~~~~~~~~~~~~

Your good to go, good job!

Please take the time to read over a few of my preventive tips.

Computer Security
http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know

CryptoLocker Ransomware Information Guide and FAQ

to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.

Firefox 3
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

AdblockPlus

AdblockPlus, Surf the web without annoying ads!
Blocks banners, pop-ups and video ads - even on Facebook and YouTube.
Protects your online privacy
Two-click installation, It's free!
click the icon that corresponds to your browser and download.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

Green should be good to go
Yellow for caution
Red to stop

~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to prevent Malware: Created by Miekiemoes

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/
and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser ([url]http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/))[/url]

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.
- FBI Cyber Education Letter
  USAToday
  infoworld
*********************************************
Please read the following safe computing articles..

Secure My Computer: A Layered Approach

Free Antivirus-AntiSpyware-Firewall Software

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

therunt · May 9, 2014

It's baaaack

The iframes issue is still with me. Not sure why I didn't see it the first time I opened the browser. I have not been using the PC in the mean time, so it's not a 2nd infection.

I ran FRST64.exe, but not delfix, since I figure we might need those tools again.

Juliet · May 9, 2014

Did the iframes start with the infection or had they been there for a while?
Might be your computer is having hardware issues, let's hope not.

You may or may not already have this tool on your computer, if so following the below. If this is the first time you have used this tool just follow the instructions.

Malwarebytes AntiMalware recently had a program update.
You can download the newest version over the top of the one you have or download and install again.

http://www.malwarebytes.org/update/

Please get the new version and let's run another scan.

Please download Malwarebytes Anti-Malware to your desktop
(If uninstalling and doing a reinstall the link is below)
http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

Go back to the Dashboard and select Scan Now

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Juliet · May 9, 2014

Also

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application
Then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Get the report by selecting Reports
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

therunt · May 12, 2014

more logs

No threats were found by either tool. Here is the MBAM log. The TDSS log is over the limit to quote or attach, so I'll skip chunking it if you're ok with that.

Here is what is I think is happening:
First, it's not a hardware issue (e.g. a wonky touchscreen, as there isn't one). Something is overlaying a transparent frame over the bottom left corner of IE and FF. When not blocked by AV or AS software, clicking on this transparent area would take the browser to bad sites. This was clearly done by malware, which has since been cleaned from the PC. Since removal, clicking the transparent area does nothing except make part of the website unusable, which is why it is still desirable to fix. The transparent frame appears on most websites and not others, but I think it used to be on all websites until recently, although I can't be sure.

What I think the malware did was likely the injection of CSS or JavaScript into a global template (a configuration file) of some kind, but since these can be legitimately modified by users, they are not altered ('fixed') by cleaning tools.

---------------
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/05/2014
Scan Time: 12:34:55 PM
Logfile: mbam_scan.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.12.05
Rootkit Database: v2014.03.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: ross

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 369799
Time Elapsed: 18 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Juliet · May 12, 2014

Looking back over the logs it appears you have the most current version of Java, then possibly older versions still on the machine.
The recent is 7.51, please check and see if there are others and let's remove those.

Next
Clearing the Java Plug-in cache forces the browser to load the latest versions of web pages and programs.
Clear Java cache by deleting Temporary Files through the Java Control Panel.

Click on the Start button and then click on the Control Panel option.
In the Control Panel Search enter Java Control Panel.
Click on the Java icon to open the Java Control Panel.
Delete Temporary Files through the Java Control Panel

In the Java Control Panel, under the General tab, click Settings under the Temporary Internet Files section.
The Temporary Files Settings dialog box appears.
Click Delete Files on the Temporary Files Settings dialog.
The Delete Files and Applications dialog box appears.

Click OK on the Delete Files and Applications dialog. This deletes all the Downloaded Applications and Applets from the cache.
Click OK on the Temporary Files Settings dialog. If you want to delete a specific application and applet from the cache, click on View Application and View Applet options respectively.

NEXT
If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.
Emergency Backup Procedure - Tech Support Forum

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

How to use ComboFix

Download ComboFix from here:
Link 1
Link 2
Link 3

Place ComboFix.exe on your Desktop <--Important

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.
You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
---------------------------------------------------------------------------------------------
If there are Internet issues after running ComboFix:
Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
Safari
Launch Safari
Go to general settings menu
Then in Preferences/ Advanced
Then on line click Proxies change settings ...
Click Internet Options, then click the Connections tab, click Network Settings.
Disable option (uncheck) for the use of proxy server ...

~~~~~~~~~~~~~~~~~~`

Open Task Manager and look for the following ComboFix related processes (some have a .3XE extension):
• PEV.exe
• NirCmd.3XE
• PEV.3XE
• SED
• GREP
• any file that has the extension *.3XE

One at a time, right-click and select End Process. If doing that did not free ComboFix, then you will need to reboot the computer manually.

Juliet · May 13, 2014

Also let's do this

Reset Firefox to default settings
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

http://malwaretips.com/blogs/reset-internet-explorer-settings/
Reset Internet Explorer to its default settings

therunt · May 13, 2014

After ComboFix

I ran ComboFix and reset the browsers. Since then I haven't seen the problem, although I will test again in a couple days.

Thanks.

Juliet · May 13, 2014

Glad to hear that helped.

May I see the log ComboFix created?

How about c:\Combofix\combofix.txt <-- is it here?
C:\qoobox\quarantined_files.txt <-- is this file present? If so -- please post its contents.

therunt · May 13, 2014

ComboFix log

ComboFix 14-05-13.01 - ross 13/05/2014 15:15:54.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8151.5997 [GMT -4:00]
Running from: c:\users\ross\Desktop\ComboFix.exe
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\restore
c:\users\ross\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
c:\users\ross\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys
c:\users\ross\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll
c:\users\ross\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe
c:\users\ross\AppData\Roaming\Microsoft\Windows\Recent\eb.drv
c:\users\ross\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\ross\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
c:\users\ross\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\ross\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\ross\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp
c:\users\ross\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
c:\users\ross\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\ross\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\ross\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\ross\Documents\~WRL1918.tmp
c:\users\ross\g2mdlhlpx.exe
J:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2014-04-13 to 2014-05-13 )))))))))))))))))))))))))))))))
.
.
2014-05-13 19:21 . 2014-05-13 19:21 -------- d-----w- c:\users\rosstemp\AppData\Local\temp
2014-05-13 07:40 . 2014-05-13 07:40 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4AFC4AFE-88C0-4996-9EBC-308672C611F7}\offreg.dll
2014-05-13 07:39 . 2014-04-17 09:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4AFC4AFE-88C0-4996-9EBC-308672C611F7}\mpengine.dll
2014-05-13 02:58 . 2012-05-04 23:29 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2014-05-13 02:58 . 2012-05-04 23:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2014-05-08 16:03 . 2014-05-08 16:03 -------- d-----w- c:\program files (x86)\ESET
2014-05-08 02:41 . 2014-05-08 02:41 -------- d-----w- c:\windows\ERUNT
2014-05-08 02:35 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-08 02:35 . 2014-05-08 15:52 -------- d-----w- C:\AdwCleaner
2014-05-07 19:37 . 2014-05-09 17:38 -------- d-----w- C:\FRST
2014-05-07 02:16 . 2014-05-07 02:16 -------- d-----w- c:\program files (x86)\ERUNT
2014-05-06 17:32 . 2014-05-06 17:32 -------- d-----w- c:\users\ross\AppData\Local\ESET
2014-05-06 17:31 . 2014-05-06 17:31 -------- d-----w- c:\program files\ESET
2014-05-06 17:25 . 2014-05-06 17:25 -------- d-s---w- c:\windows\SysWow64\Microsoft
2014-05-04 16:07 . 2014-04-29 14:01 23547904 ----a-w- c:\windows\system32\mshtml.dll
2014-05-04 16:07 . 2014-04-29 13:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-04 16:07 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-04 16:06 . 2014-05-04 16:06 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-04 16:04 . 2014-04-14 02:24 465408 ----a-w- c:\windows\system32\aepdu.dll
2014-05-04 16:04 . 2014-04-14 02:19 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-04-30 12:55 . 2014-05-13 18:05 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-30 12:52 . 2014-04-30 12:52 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-30 12:52 . 2014-04-03 13:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-30 12:52 . 2014-04-03 13:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-29 17:19 . 2014-04-29 17:19 -------- d-sh--w- c:\users\ross\AppData\Local\EmieUserList
2014-04-29 17:19 . 2014-04-29 17:19 -------- d-sh--w- c:\users\ross\AppData\Local\EmieSiteList
2014-04-19 15:52 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-04-19 15:52 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-04-17 15:10 . 2013-10-02 01:10 44544 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-04-17 15:09 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-04-17 15:09 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-04-17 14:18 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-04-17 14:18 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2014-04-17 14:18 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-04-17 14:18 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-04-17 14:18 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-04-17 14:18 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-04-17 14:18 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-04-17 14:18 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-29 02:07 . 2012-05-06 19:02 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-29 02:07 . 2011-05-21 00:48 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-19 15:53 . 2010-10-14 15:26 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-04-03 13:50 . 2012-09-03 13:35 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-31 13:35 . 2010-10-01 01:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-26 03:05 . 2014-03-26 03:05 608 --sha-w- c:\windows\system32\winzvprt5.sys
2014-03-04 09:17 . 2014-04-19 15:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
2011-01-07 02:42 193896 ----a-w- c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GlOverlayIcon32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
2011-01-07 02:45 193896 ----a-w- c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GlOverlayIconU32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoToMeeting"="c:\users\ross\AppData\Local\Citrix\GoToMeeting\1259\g2mstart.exe" [2014-02-13 40304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-11-10 5954016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"StatusAlerts"="c:\program files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" [2012-07-18 313248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Gladinet Cloud Desktop.lnk - c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GladLauncher.exe [2011-1-6 87400]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WG111v2\WG111v2.exe [2011-7-10 1268192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R1 aqIPD7;aqIPD7;c:\windows\system32\drivers\aqIPD7.sys;c:\windows\SYSNATIVE\drivers\aqIPD7.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 nuService;NetUpdate;c:\program files (x86)\KidMoses\NetUpdate\nuServ.exe;c:\program files (x86)\KidMoses\NetUpdate\nuServ.exe [x]
R2 SCM_Service;SCM_Service;c:\windows\SysWOW64\WinService.exe;c:\windows\SysWOW64\WinService.exe [x]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
R3 HP DS Service;HP DS Service;c:\program files (x86)\HP\HPBDSService\HPBDSService.exe;c:\program files (x86)\HP\HPBDSService\HPBDSService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys;c:\windows\SYSNATIVE\DRIVERS\wg111v2.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt61.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe;c:\program files\Broadcom\BPowMon\BPowMon.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 EnterpriseDBApachePHP;EnterpriseDB ApachePHP;c:\program files (x86)\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe;c:\program files (x86)\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe [x]
S2 GladFileMonSvc;GladFileMonSvc;c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe;c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IBG_gds_db;InterBase 2009 Guardian gds_db ;c:\program files (x86)\CodeGear\Interbase\bin\ibguard.exe;c:\program files (x86)\CodeGear\Interbase\bin\ibguard.exe [x]
S2 OS Selector;Acronis OS Selector activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [x]
S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/data -w;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/data -w [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys;c:\windows\SYSNATIVE\DRIVERS\dfmirage.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 IBS_gds_db;InterBase 2009 Server gds_db;c:\program files (x86)\CodeGear\Interbase\bin\ibserver.exe;c:\program files (x86)\CodeGear\Interbase\bin\ibserver.exe [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\DRIVERS\NxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\NxDrv.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 20455723
*Deregistered* - 20455723
*Deregistered* - MBAMWebAccessControl
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 02:07]
.
2014-05-13 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-1066971186-801704174-1181733999-1002.job
- c:\users\ross\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe [2014-03-11 04:37]
.
2014-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-22 02:44]
.
2014-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-22 02:44]
.
2014-05-12 c:\windows\Tasks\next.job
- c:\programdata\Dimdim\Updater\next.exe [2010-11-11 14:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
2011-01-07 02:43 191848 ----a-w- c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GlOverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
2011-01-07 02:45 194920 ----a-w- c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GlOverlayIconU.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-19 8067616]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-11-10 403096]
"SonicWALLNetExtender"="c:\program files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2010-04-02 1103744]
"HP LaserJet 200 color MFP M276 Series Fax"="c:\program files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe" [2011-10-10 3706424]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5618456]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files (x86)\TurboTax 2011\ic2011pp.dll
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - c:\program files (x86)\TurboTax 2012\ic2012pp.dll
Handler: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - c:\program files (x86)\TurboTax 2013\ic2013pp.dll
FF - ProfilePath - c:\users\ross\AppData\Roaming\Mozilla\Firefox\Profiles\cldueye9.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-PostgreSQL Data Wizard Agent - c:\program files (x86)\SQL Maestro Group\PostgreSQL Data Wizard\PgDataWizardA.exe
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\ross\AppData\Local\Akamai\netsession_win.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
AddRemove-InstallAware 7 - c:\programdata\{352395E2-F49E-4AA6-9473-921A27B079EE}\myahe_bds.exe
AddRemove-NativeXmlEx_is1 - q:\delphitools\NativeXmlEx314\unins000.exe
AddRemove-Transit RF - c:\programdata\{D3B4E0F9-F818-458B-AB39-DB5B399A321F}\TransitRFSetup.exe
AddRemove-TXLSFile 4.0 Demo (Delphi 2011) - q:\delphitools\XLSFileUnReg\uninstall.exe
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files (x86)\NOS\bin\getPlus_Helper_3004.dll
AddRemove-{AD0BF38F-C50B-4390-93A8-E971BB745D6D} - c:\users\ross\AppData\Local\{A6132C1B-A10E-4D03-AD3D-F385FE903548}\UserAdminSetup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-13 15:24:29
ComboFix-quarantined-files.txt 2014-05-13 19:24
.
Pre-Run: 15,798,001,664 bytes free
Post-Run: 15,620,366,336 bytes free
.
- - End Of File - - E15255C595C15A9729BD29F26D3D3510

therunt · May 13, 2014

QooBox

This is the contents of ComboFix-qurantined-files.txt

2014-05-13 19:23:31 . 2014-05-13 19:23:31 536 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{AD0BF38F-C50B-4390-93A8-E971BB745D6D}.reg.dat
2014-05-13 19:23:24 . 2014-05-13 19:23:24 225 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellIconOverlayIdentifiers-.reg.dat
2014-05-13 19:23:24 . 2014-05-13 19:23:24 232 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24}.reg.dat
2014-05-13 19:23:23 . 2014-05-13 19:23:23 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2014-05-13 19:23:22 . 2014-05-13 19:23:22 377 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47}.reg.dat
2014-05-13 19:23:15 . 2014-05-13 19:23:15 176 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-Akamai NetSession Interface.reg.dat
2014-05-13 19:23:15 . 2014-05-13 19:23:15 199 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-PostgreSQL Data Wizard Agent.reg.dat
2014-05-13 19:23:14 . 2014-05-13 19:23:14 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat
2014-05-13 19:21:55 . 2014-05-13 19:21:55 335 ----a-w- C:\Qoobox\Quarantine\J\av1.zip
2014-05-13 19:21:55 . 2012-07-16 07:33:02 32 ----a-w- C:\Qoobox\Quarantine\J\Autorun.inf.vir
2014-05-13 19:19:41 . 2014-05-13 19:19:41 11,317 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2014-05-13 18:40:35 . 2014-05-13 19:14:47 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-02-10 13:52:40 . 2012-02-10 13:52:40 69 ----a-w- C:\Qoobox\Quarantine\C\Users\ross\AppData\Roaming\Microsoft\Windows\Recent\energy.dll.vir
2012-02-10 13:52:40 . 2012-02-10 13:52:40 11 ----a-w- C:\Qoobox\Quarantine\C\Users\ross\AppData\Roaming\Microsoft\Windows\Recent\PE.dll.vir
2012-02-10 13:52:40 . 2012-02-10 13:52:40 70 ----a-w- C:\Qoobox\Quarantine\C\Users\ross\AppData\Roaming\Microsoft\Windows\Recent\energy.drv.vir
2012-02-10 13:52:39 . 2012-02-10 13:52:39 58 ----a-w- C:\Qoobox\Quarantine\C\Users\ross\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv.vir
2012-02-10 13:52:39 . 2012-02-10 13:52:39 80 ----a-w- C:\Qoobox\Quarantine\C\Users\ross\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp.vir
2012-02-10 13:52:39 . 2012-02-10 13:52:40 2 ----a-w- C:\Qoobox\Quarantine\C\Users\ross\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe.vir
2012-02-10 13:52:39 . 2012-02-10 13:52:39 46 ----a-w- C:\Qoobox\Quarantine\C\Users\ross\AppData\Roaming\Microsoft\Windows\Recent\eb.drv.vir
2012-02-10 13:52:39 . 2012-02-10 13:52:39 47 ----a-w- C:\Qoobox\Quarantine\C\Users\ross\AppData\Roaming\Microsoft\Windows\Recent\eb.sys.vir
2012-02-10 13:52:22 . 2012-02-10 13:52:40 24 ----a-w- C:\Qoobox\Quarantine\C\Users\ross\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll.vir
2012-02-10 13:52:19 . 2012-02-10 13:52:39 16 ----a-w- C:\Qoobox\Quarantine\C\Users\ross\AppData\Roaming\Microsoft\Windows\Recent\pal.sys.vir
2012-02-10 13:52:19 . 2012-02-10 13:52:19 73 ----a-w- C:\Qoobox\Quarantine\C\Users\ross\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys.vir
2012-02-10 13:52:19 . 2012-02-10 13:52:19 47 ----a-w- C:\Qoobox\Quarantine\C\Users\ross\AppData\Roaming\Microsoft\Windows\Recent\exec.exe.vir
2012-02-10 13:52:06 . 2012-02-10 13:52:06 35 ----a-w- C:\Qoobox\Quarantine\C\Users\ross\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp.vir
2012-02-10 13:52:02 . 2012-02-10 13:52:19 48 ----a-w- C:\Qoobox\Quarantine\C\Users\ross\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe.vir
2011-06-13 16:49:41 . 2011-06-13 16:49:41 15,808 ----a-w- C:\Qoobox\Quarantine\C\Users\ross\Documents\~WRL1918.tmp.vir
2010-11-08 13:44:52 . 2013-04-24 23:57:38 60,864 ----a-w- C:\Qoobox\Quarantine\C\Users\ross\g2mdlhlpx.exe.vir

Juliet · May 13, 2014

Looks good. I think it was some type type of left over residue from the infection. Running ComboFix took out what remained.

Ready to uninstall and see preventive tips?

Unwanted hijacking of web pages

New member

Attachments

Security Expert-emeritus

New member

New member

Security Expert-emeritus

New member

Security Expert-emeritus

New member

Security Expert-emeritus

New member

Security Expert-emeritus

Security Expert-emeritus

New member

Security Expert-emeritus

Security Expert-emeritus

New member

Security Expert-emeritus

New member

New member

Security Expert-emeritus