Solved ICE/MoneyPak

Whiskeyman · 2013/09/01

[Resolved] ICE/MoneyPak

This PC is running Windows 7 Home Premium x64. It is infected with ICE/MoneyPak. I was able to boot into Safe Mode with Networking to download MBAM and DDS. There were three different anti-virus programs installled. All out of date. Here are the logs.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.01.04

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Tom :: TOM-PC [administrator]

9/1/2013 2:00:14 PM
mbam-log-2013-09-01 (14-00-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215554
Time elapsed: 2 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Tom at 14:03:17 on 2013-09-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1961.1365 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.dell.com
uURLSearchHooks: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe "
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe "
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe "
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe "
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe "
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Tom\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\USKQFL~1.LNK - C:\Windows\System32\rundll32.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{6DAFAD7D-58C0-4DB6-8834-F40222DFED0F} : DHCPNameServer = 192.168.254.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - <orphaned>
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - <orphaned>
AppInit_DLLs= acaptuser32.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - <orphaned>
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\2i5mgpxs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-2-28 55856]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-20 45856]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-28 539240]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2011-11-23 110944]
S2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2011-11-23 70496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
S2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
S2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2013-3-21 86216]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-2-28 1692480]
S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-2-28 69392]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-2-28 317440]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-7 1255736]
SUnknown Amsp;Amsp; [x]
.
=============== Created Last 30 ================
.
2013-09-01 17:51:30 -------- d-----w- C:\dd99654a88ba497a247713bc1a3c
2013-09-01 17:46:39 -------- d-----w- C:\Program Files (x86)\FileASSASSIN
2013-09-01 17:26:00 -------- d-----w- C:\Program Files\CCleaner
2013-09-01 16:37:12 -------- d-----w- C:\Users\Tom\AppData\Roaming\Malwarebytes
2013-09-01 16:37:04 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-01 16:37:03 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-01 16:37:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-01 16:36:46 -------- d-----w- C:\Users\Tom\AppData\Local\Programs
2013-08-31 03:55:41 70 ----a-w- C:\ProgramData\uskqflxpfpqvlqhrubp.bat
2013-08-31 03:55:41 165 ----a-w- C:\ProgramData\uskqflxpfpqvlqhrubp.reg
.
==================== Find3M ====================
.
2013-08-15 01:00:16 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
.
============= FINISH: 14:03:46.46 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/6/2012 6:46:52 PM
System Uptime: 9/1/2013 1:36:01 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0GDG8Y
Processor: Intel(R) Pentium(R) CPU G630 @ 2.70GHz | CPU 1 | 2693/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 169.314 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd
.
==== System Restore Points ===================
.
RP71: 4/18/2013 11:20:07 PM - Scheduled Checkpoint
RP72: 5/3/2013 4:48:52 PM - Scheduled Checkpoint
RP73: 5/13/2013 9:53:36 PM - Scheduled Checkpoint
RP74: 5/21/2013 8:26:20 PM - Scheduled Checkpoint
RP75: 6/10/2013 6:50:12 PM - Scheduled Checkpoint
RP76: 6/18/2013 8:54:52 AM - Scheduled Checkpoint
RP77: 6/20/2013 7:27:17 AM - Windows Update
RP78: 6/28/2013 6:06:15 PM - Scheduled Checkpoint
RP79: 7/16/2013 10:47:23 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Accidental Damage Services Agreement
Adobe Acrobat 9 Pro Extended - English, FranÃ§ais, Deutsch
Adobe Acrobat 9 Pro Extended 64-bit Add-On
Adobe Acrobat 9.2.0 - CPSID_50026
Adobe Flash Player 11 ActiveX 64-bit
Adobe Flash Player 11 Plugin 64-bit
Banctec Service Agreement
BlueStacks (alpha)
CCleaner
Complete Care Business Service Agreement
Conexant HD Audio
Consumer In-Home Service Agreement
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Digital Delivery
Dell Edoc Viewer
Dell Home Systems Service Agreement
Dell Support Center
DirectX 9 Runtime
DVD Shrink 3.2
FileASSASSIN
HP Deskjet 2050 J510 series Basic Device Software
HP Deskjet 2050 J510 series Help
Intel(R) Processor Graphics
Java Auto Updater
Java(TM) 7 Update 1
Java(TM) 7 Update 1 (64-bit)
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PC Matic 1.1.0.50
PC Pitstop Info Center 1.0.0.16
PhotoShowExpress
PowerISO
QualxServ Service Agreement
RBVirtualFolder64Inst
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Sonic CinePlayer Decoder Pack
SopCast 3.5.0
Trend Micro Titanium Internet Security
TVUPlayer 2.5.3.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 2.0.0
WinRAR 4.10 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
9/1/2013 2:00:02 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2013 12:33:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache SASDIFSV SASKUTIL SCDEmu spldr sptd tmtdi Wanarpv6
9/1/2013 12:03:54 PM, Error: Service Control Manager [7034] - The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).
9/1/2013 12:01:31 PM, Error: Service Control Manager [7023] - The BlueStacks Android Service service terminated with the following error: An exception occurred in the service when handling the control request.
9/1/2013 1:37:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments " " in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
9/1/2013 1:37:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments " " in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
9/1/2013 1:36:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/1/2013 1:36:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/1/2013 1:36:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/1/2013 1:36:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/1/2013 1:36:33 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
9/1/2013 1:36:32 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SCDEmu spldr sptd tmtdi Wanarpv6
9/1/2013 1:36:04 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
9/1/2013 1:35:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
9/1/2013 1:19:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL SCDEmu spldr sptd tmtdi Wanarpv6
.
==== End Of File ===========================

broni · 2013/09/01

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

Whiskeyman · 2013/09/01

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-09-2013
Ran by Tom (administrator) on TOM-PC on 01-09-2013 18:21:32
Running from C:\Users\Tom\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

==================== Registry (Whitelisted) ==================

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [168288 2011-11-23] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [312376 2012-02-09] (Power Software Ltd)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [38768 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2009-10-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] - c:\program files (x86)\real\realplayer\Update\realsched.exe [296056 2012-06-03] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Info Center] - C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe [27328 2012-08-31] (PC Pitstop LLC)
AppInit_DLLs: acaptuser64.dll [119160 2008-06-12] (Adobe Systems, Inc.)
AppInit_DLLs-x32: acaptuser32.dll [111992 2009-02-27] (Adobe Systems, Inc.)
Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uskqflxpfpqvlqhrubp.lnk
ShortcutTarget: uskqflxpfpqvlqhrubp.lnk -> C:\Users\Tom\AppData\Local\Temp\pburhqlvqpfpxlfqksu.bfg (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
URLSearchHook: (No Name) - {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {458A6C13-D018-49C9-9FBD-91725B62F098} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3059010
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={0193716E-1C62-494F-BFD0-AEAF40362C60}&mid=e4c0aa2b59f447d1997c05f79f2735db-e70a5fe85e0a699e455db474a0aad12f1ddbd1d8&lang=en&ds=st011&pr=sa&d=2012-03-06 19:37:21&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F} - No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - No File
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - No File
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - No File

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

FireFox:
========
FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\2i5mgpxs.default
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF Plugin-x32: @real.com/nppl3260;version=15.0.4.53 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.4.53 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension\
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

==================== Services (Whitelisted) =================

S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [110944 2011-11-23] (BlueStack Systems, Inc.)
S2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [86216 2012-11-15] (PC Pitstop LLC)

==================== Drivers (Whitelisted) ====================

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-14] (AVG Technologies)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70496 2011-11-23] (BlueStack Systems)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70496 2011-11-23] (BlueStack Systems)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2012-03-09] (Duplex Secure Ltd.)
S2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90896 2011-05-21] (Trend Micro Inc.)
S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144656 2011-05-21] (Trend Micro Inc.)
S2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [69392 2011-05-21] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2011-05-21] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-01 18:20 - 2013-09-01 18:19 - 01951926 _____ (Farbar) C:\Users\Tom\Desktop\FRST64.exe
2013-09-01 18:19 - 2013-09-01 18:19 - 01951926 _____ (Farbar) C:\Users\Tom\Downloads\FRST64.exe
2013-09-01 14:03 - 2013-09-01 14:04 - 00011060 _____ C:\Users\Tom\Desktop\dds.txt
2013-09-01 14:03 - 2013-09-01 14:04 - 00011034 _____ C:\Users\Tom\Desktop\attach.txt
2013-09-01 13:58 - 2013-09-01 13:52 - 00688992 ____R (Swearware) C:\Users\Tom\Desktop\dds.com
2013-09-01 13:52 - 2013-09-01 13:52 - 00688992 _____ (Swearware) C:\Users\Tom\Downloads\dds.com
2013-09-01 13:51 - 2013-09-01 13:51 - 00002243 _____ C:\Windows\epplauncher.mif
2013-09-01 13:50 - 2013-09-01 13:51 - 13813944 _____ (Microsoft Corporation) C:\Users\Tom\Downloads\mseinstall.exe
2013-09-01 13:46 - 2013-09-01 13:46 - 00167105 _____ C:\Users\Tom\Downloads\fa-setup.exe
2013-09-01 13:46 - 2013-09-01 13:46 - 00001065 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk
2013-09-01 13:46 - 2013-09-01 13:46 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN
2013-09-01 13:33 - 2013-09-01 13:33 - 00000074 _____ C:\Users\Tom\Desktop\Malware and Virus Removal - Windows BBS.URL
2013-09-01 13:29 - 2013-09-01 13:43 - 00000000 ____D C:\Users\Tom\Documents\CCleaner Backup
2013-09-01 13:26 - 2013-09-01 13:26 - 00000828 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-01 13:26 - 2013-09-01 13:26 - 00000000 ____D C:\Program Files\CCleaner
2013-09-01 13:25 - 2013-09-01 13:25 - 04454952 _____ (Piriform Ltd) C:\Users\Tom\Downloads\ccsetup405.exe
2013-09-01 12:37 - 2013-09-01 12:37 - 00001119 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-01 12:37 - 2013-09-01 12:37 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Malwarebytes
2013-09-01 12:37 - 2013-09-01 12:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-01 12:37 - 2013-09-01 12:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-01 12:37 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-01 12:36 - 2013-09-01 12:36 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Tom\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-01 12:15 - 2013-09-01 12:16 - 00002944 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Tom
2013-09-01 12:15 - 2013-09-01 12:16 - 00000362 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_Tom.job
2013-09-01 12:15 - 2013-09-01 12:15 - 00003600 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Tom
2013-09-01 12:15 - 2013-09-01 12:15 - 00002940 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Tom
2013-09-01 12:15 - 2013-09-01 12:15 - 00002648 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Tom
2013-09-01 12:15 - 2013-09-01 12:15 - 00000368 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Tom.job
2013-09-01 12:15 - 2013-09-01 12:15 - 00000358 _____ C:\Windows\Tasks\ReclaimerUpdateXML_Tom.job
2013-08-30 23:55 - 2013-08-30 23:55 - 00000165 _____ C:\ProgramData\uskqflxpfpqvlqhrubp.reg
2013-08-30 23:55 - 2013-08-30 23:55 - 00000070 _____ C:\ProgramData\uskqflxpfpqvlqhrubp.bat

==================== One Month Modified Files and Folders =======

2013-09-01 18:20 - 2013-09-01 18:20 - 00000000 ____D C:\FRST
2013-09-01 18:19 - 2013-09-01 18:20 - 01951926 _____ (Farbar) C:\Users\Tom\Desktop\FRST64.exe
2013-09-01 18:19 - 2013-09-01 18:19 - 01951926 _____ (Farbar) C:\Users\Tom\Downloads\FRST64.exe
2013-09-01 18:16 - 2012-03-09 12:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-01 14:04 - 2013-09-01 14:03 - 00011060 _____ C:\Users\Tom\Desktop\dds.txt
2013-09-01 14:04 - 2013-09-01 14:03 - 00011034 _____ C:\Users\Tom\Desktop\attach.txt
2013-09-01 13:52 - 2013-09-01 13:58 - 00688992 ____R (Swearware) C:\Users\Tom\Desktop\dds.com
2013-09-01 13:52 - 2013-09-01 13:52 - 00688992 _____ (Swearware) C:\Users\Tom\Downloads\dds.com
2013-09-01 13:51 - 2013-09-01 13:51 - 00002243 _____ C:\Windows\epplauncher.mif
2013-09-01 13:51 - 2013-09-01 13:50 - 13813944 _____ (Microsoft Corporation) C:\Users\Tom\Downloads\mseinstall.exe
2013-09-01 13:46 - 2013-09-01 13:46 - 00167105 _____ C:\Users\Tom\Downloads\fa-setup.exe
2013-09-01 13:46 - 2013-09-01 13:46 - 00001065 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk
2013-09-01 13:46 - 2013-09-01 13:46 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN
2013-09-01 13:43 - 2013-09-01 13:29 - 00000000 ____D C:\Users\Tom\Documents\CCleaner Backup
2013-09-01 13:38 - 2012-02-28 04:18 - 00000000 ____D C:\Program Files\Trend Micro
2013-09-01 13:33 - 2013-09-01 13:33 - 00000074 _____ C:\Users\Tom\Desktop\Malware and Virus Removal - Windows BBS.URL
2013-09-01 13:28 - 2012-03-13 10:59 - 00000000 ____D C:\Windows\Minidump
2013-09-01 13:28 - 2011-02-10 10:02 - 00000000 ____D C:\Windows\panther
2013-09-01 13:26 - 2013-09-01 13:26 - 00000828 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-01 13:26 - 2013-09-01 13:26 - 00000000 ____D C:\Program Files\CCleaner
2013-09-01 13:25 - 2013-09-01 13:25 - 04454952 _____ (Piriform Ltd) C:\Users\Tom\Downloads\ccsetup405.exe
2013-09-01 12:37 - 2013-09-01 12:37 - 00001119 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-01 12:37 - 2013-09-01 12:37 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Malwarebytes
2013-09-01 12:37 - 2013-09-01 12:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-01 12:37 - 2013-09-01 12:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-01 12:36 - 2013-09-01 12:36 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Tom\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-01 12:32 - 2012-02-28 04:04 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-09-01 12:31 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-01 12:27 - 2012-02-28 04:20 - 00000000 ____D C:\ProgramData\Trend Micro
2013-09-01 12:16 - 2013-09-01 12:15 - 00002944 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Tom
2013-09-01 12:16 - 2013-09-01 12:15 - 00000362 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_Tom.job
2013-09-01 12:16 - 2012-02-28 04:23 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-09-01 12:16 - 2012-02-28 04:23 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-09-01 12:15 - 2013-09-01 12:15 - 00003600 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Tom
2013-09-01 12:15 - 2013-09-01 12:15 - 00002940 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Tom
2013-09-01 12:15 - 2013-09-01 12:15 - 00002648 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Tom
2013-09-01 12:15 - 2013-09-01 12:15 - 00000368 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Tom.job
2013-09-01 12:15 - 2013-09-01 12:15 - 00000358 _____ C:\Windows\Tasks\ReclaimerUpdateXML_Tom.job
2013-09-01 12:14 - 2012-03-08 11:58 - 00000506 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-09-01 12:09 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-01 12:09 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-01 12:02 - 2013-03-21 21:14 - 00000000 ____D C:\ProgramData\PCPitstop
2013-09-01 12:00 - 2012-03-08 11:58 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-08-30 23:56 - 2012-03-08 11:58 - 00003524 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2013-08-30 23:56 - 2012-03-08 11:58 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2013-08-30 23:55 - 2013-08-30 23:55 - 00000165 _____ C:\ProgramData\uskqflxpfpqvlqhrubp.reg
2013-08-30 23:55 - 2013-08-30 23:55 - 00000070 _____ C:\ProgramData\uskqflxpfpqvlqhrubp.bat
2013-08-30 23:55 - 2012-03-06 19:49 - 00000000 ___RD C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-26 20:45 - 2012-03-08 11:58 - 00004260 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2013-08-14 21:00 - 2012-11-20 06:33 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys

Files to move or delete:
====================
C:\ProgramData\uskqflxpfpqvlqhrubp.bat
C:\ProgramData\uskqflxpfpqvlqhrubp.reg
C:\Users\Tom\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Tom\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\CbsProvider.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\CompatProvider.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\DismCore.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\DismCorePS.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\DismHost.exe
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\DismProv.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\DmiProvider.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\FolderProvider.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\IntlProvider.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\LogProvider.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\MsiProvider.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\OSProvider.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\SmiProvider.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\TransmogProvider.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\UnattendProvider.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\wdscore.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\WimProvider.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-07-15 22:33

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-09-2013
Ran by Tom at 2013-09-01 18:22:07
Running from C:\Users\Tom\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Installed Programs =======================

Update for Microsoft Office 2007 (KB2508958) (x32)
Accidental Damage Services Agreement (x32 Version: 2.0.0)
Adobe Acrobat 9 Pro Extended - English, FranÃ§ais, Deutsch (x32 Version: 9.2.0)
Adobe Acrobat 9 Pro Extended 64-bit Add-On (Version: 9.0.0)
Adobe Acrobat 9.2.0 - CPSID_50026 (x32)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.63)
Banctec Service Agreement (x32 Version: 2.0.0)
be Flash Player 11 ActiveX 64-bit (Version: 11.1.102.63)
BlueStacks (alpha) (x32 Version: 0.6.2.0563)
CCleaner (Version: 4.05)
Complete Care Business Service Agreement (x32 Version: 2.0.0)
Conexant HD Audio (Version: 8.50.4.0)
Consumer In-Home Service Agreement (x32 Version: 2.0.0)
Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.61)
Dell DataSafe Local Backup (x32 Version: 9.4.61)
Dell DataSafe Online (x32 Version: 2.1.19634)
Dell Digital Delivery (x32 Version: 1.7.4502.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Home Systems Service Agreement (x32 Version: 2.0.0)
Dell Support Center (Version: 3.1.5907.23)
DirectX 9 Runtime (x32 Version: 1.00.0000)
DVD Shrink 3.2 (x32)
FileASSASSIN (x32 Version: 1.06)
HP Deskjet 2050 J510 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 2050 J510 series Help (x32 Version: 140.0.61.61)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2291)
Java Auto Updater (x32 Version: 2.1.5.1)
Java(TM) 7 Update 1 (64-bit) (Version: 7.0.10)
Java(TM) 7 Update 1 (x32 Version: 7.0.10)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (x32 Version: 4.1.10111.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Mozilla Firefox 12.0 (x86 en-US) (x32 Version: 12.0)
Mozilla Maintenance Service (x32 Version: 12.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
PC Matic 1.1.0.50 (x32 Version: 1.1.0.50)
PC Pitstop Info Center 1.0.0.16 (x32 Version: 1.0.0.16)
PhotoShowExpress (x32 Version: 2.0.063)
PowerISO (x32 Version: 5.0)
QualxServ Service Agreement (x32 Version: 2.0.0)
RBVirtualFolder64Inst (Version: 1.00.0000)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealPlayer (x32 Version: 15.0.4)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Roxio Activation Module (x32 Version: 1.0)
Roxio BackOnTrack (x32 Version: 1.3.3)
Roxio Burn (x32 Version: 1.8)
Roxio Creator Starter (x32 Version: 1.0.439)
Roxio Creator Starter (x32 Version: 12.1.77.0)
Roxio Creator Starter (x32 Version: 5.0.0)
Roxio Express Labeler 3 (x32 Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0)
SopCast 3.5.0 (x32 Version: 3.5.0)
Trend Micro Titanium Internet Security (Version: 3.00)
TVUPlayer 2.5.3.1 (x32 Version: 2.5.3.1)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office Access 2007 Help (KB963663) (x32)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
VLC media player 2.0.0 (x32 Version: 2.0.0)
WinRAR 4.10 (64-bit) (Version: 4.10.0)

==================== Restore Points =========================

19-04-2013 03:20:07 Scheduled Checkpoint
03-05-2013 20:48:52 Scheduled Checkpoint
14-05-2013 01:53:36 Scheduled Checkpoint
22-05-2013 00:26:20 Scheduled Checkpoint
10-06-2013 22:50:12 Scheduled Checkpoint
18-06-2013 12:54:52 Scheduled Checkpoint
20-06-2013 11:27:17 Windows Update
28-06-2013 22:06:15 Scheduled Checkpoint
17-07-2013 02:47:23 Scheduled Checkpoint

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => start w32time task_started
Task: {1F700B2B-3E48-45B9-951F-D19B73FBD5FA} - System32\Tasks\BlueStacks\LogRotator => C:\Program Files (x86)\BlueStacks\HD-LogRotator.exe [2011-11-23] (BlueStack Systems, Inc.)
Task: {45693A77-47C3-4F8F-AA5B-65B746F827E4} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-02-07] (PC-Doctor, Inc.)
Task: {6FA22313-721F-44CE-B601-311811F0C0D8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3675775833-1123371232-2004290866-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {74C68C0F-FB3E-4698-9B24-8DAC244BB9DA} - System32\Tasks\ReclaimerUpdateXML_Tom => C:\Users\Tom\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-01] (RealNetworks, Inc.)
Task: {A5C2D816-8766-46EC-B726-B4A16C52BEF2} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3675775833-1123371232-2004290866-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {AB3AA404-0D03-4BF1-80C8-5D9D458E9BC6} - System32\Tasks\ReclaimerUpdateFiles_Tom => C:\Users\Tom\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-01] (RealNetworks, Inc.)
Task: {B0E0CBBF-775E-4C3C-9B02-D062A029F253} - System32\Tasks\RNUpgradeHelperLogonPrompt_Tom => C:\Users\Tom\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-01] (RealNetworks, Inc.)
Task: {BEE78449-9A52-47E9-88D7-59BBCD7F1C45} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-02-07] (PC-Doctor, Inc.)
Task: {C7FFBB33-DD44-493F-9385-8E7C8AB7F834} - System32\Tasks\JavaUpdateSched => %COMMONPROGRAMFILES(x86)%\Java\Java Update\jusched.exe No File
Task: {CC9D92E8-6D63-42D1-A6E8-91118083BEDD} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-02-07] (PC-Doctor, Inc.)
Task: {D549E8F4-DE9E-4502-A34C-E7586C0F7E9B} - System32\Tasks\RNUpgradeHelperResumePrompt_Tom => C:\Users\Tom\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-01] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Tom.job => ?
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Tom.job => ?
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Tom.job => ?
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2009-07-13 19:30 - 2009-07-13 21:41 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\WINBRAND.dll
2009-07-13 20:29 - 2009-07-13 21:40 - 00072704 _____ (Microsoft Corporation) C:\Windows\System32\HelpPaneProxy.dll
2010-11-20 23:24 - 2010-11-20 23:24 - 00238080 _____ (Microsoft Corporation) C:\Windows\System32\mstask.dll
2012-02-14 18:57 - 2012-02-14 18:57 - 00386048 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2012-02-28 05:14 - 2012-02-14 18:56 - 00110592 _____ (Intel Corporation) C:\Windows\system32\hccutils.DLL
2012-02-14 18:56 - 2012-02-14 18:56 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc
2012-02-28 05:14 - 2012-02-14 18:57 - 00063488 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2012-02-14 18:56 - 2012-02-14 18:56 - 00430080 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2009-02-26 17:00 - 2009-02-26 17:00 - 00107904 _____ (Microsoft Corporation) C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
2009-07-13 20:08 - 2009-07-13 21:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\NetworkItemFactory.dll
2009-07-13 20:08 - 2009-07-13 21:40 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\dtsh.dll
2009-07-13 20:08 - 2009-07-13 21:40 - 00748032 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2009-07-13 19:35 - 2009-07-13 21:40 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\FunDisc.dll
2009-07-13 20:08 - 2009-07-13 21:40 - 00101376 _____ (Microsoft Corporation) C:\Windows\System32\fdwcn.dll
2009-07-13 20:08 - 2009-07-13 21:41 - 00120832 _____ (Microsoft Corporation) C:\Windows\System32\wcnapi.dll
2009-07-13 19:35 - 2009-07-13 21:40 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\fdWNet.dll
2009-07-13 19:53 - 2009-07-13 21:40 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\dfscli.dll
2012-08-21 21:57 - 2012-07-04 18:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2012-03-06 20:31 - 2012-01-09 20:44 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll

==================== Alternate Data Streams (whitelisted) ==========

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: sptd
Description: sptd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: sptd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/01/2013 06:16:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2013 01:54:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1 ".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/01/2013 01:54:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1 ".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/01/2013 01:53:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1 ".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/01/2013 01:53:55 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1 ".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/01/2013 01:51:35 PM) (Source: Microsoft Security Client Setup) (User: Tom-PC)
Description: HRESULT:0x8004FF11
Description:Can’t install Microsoft Security Essentials on a computer running in safe mode. Your computer is currently running in safe mode. To install Security Essentials, your computer must be running in normal mode. Please restart your computer in normal mode, and then try to run the Security Essentials Setup Wizard again. Error code:0x8004FF11.

Error: (09/01/2013 01:38:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2013 01:30:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1 ".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/01/2013 01:30:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1 ".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/01/2013 01:24:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (09/01/2013 06:21:38 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/01/2013 06:21:38 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/01/2013 06:21:38 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/01/2013 06:20:33 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (09/01/2013 06:20:33 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (09/01/2013 06:16:38 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/01/2013 06:16:38 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/01/2013 06:16:38 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/01/2013 06:14:46 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/01/2013 06:14:46 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 1960.64 MB
Available physical RAM: 1509.97 MB
Total Pagefile: 3921.29 MB
Available Pagefile: 3485.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:221.25 GB) (Free:169.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 898522F2)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=221 GB) - (Type=07 NTFS)

==================== End Of Log ============================

broni · 2013/09/01

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Whiskeyman · 2013/09/02

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-09-2013
Ran by Tom at 2013-09-02 05:07:01 Run:1
Running from C:\Users\Tom\Desktop
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM-x32\...\Run: [] - [x]
Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uskqflxpfpqvlqhrubp.lnk
ShortcutTarget: uskqflxpfpqvlqhrubp.lnk -> C:\Users\Tom\AppData\Local\Temp\pburhqlvqpfpxlfqksu.bfg (No File)
C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uskqflxpfpqvlqhrubp.lnk
C:\Users\Tom\AppData\Local\Temp\pburhqlvqpfpxlfqksu.bfg
URLSearchHook: (No Name) - {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - No File
SearchScopes: HKCU - {458A6C13-D018-49C9-9FBD-91725B62F098} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3059010
Toolbar: HKCU - No Name - {B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F} - No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - No File
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - No File
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - No File
Hosts:
C:\ProgramData\uskqflxpfpqvlqhrubp.bat
C:\ProgramData\uskqflxpfpqvlqhrubp.reg
C:\Users\Tom\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Tom\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\CbsProvider.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\CompatProvider.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\DismCore.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\DismCorePS.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\DismHost.exe
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\DismProv.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\DmiProvider.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\FolderProvider.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\IntlProvider.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\LogProvider.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\MsiProvider.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\OSProvider.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\SmiProvider.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\TransmogProvider.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\UnattendProvider.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\wdscore.dll
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\WimProvider.dll
Task: {C7FFBB33-DD44-493F-9385-8E7C8AB7F834} - System32\Tasks\JavaUpdateSched => %COMMONPROGRAMFILES(x86)%\Java\Java Update\jusched.exe No File

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uskqflxpfpqvlqhrubp.lnk => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\pburhqlvqpfpxlfqksu.bfg not found.
"C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uskqflxpfpqvlqhrubp.lnk" => File/Directory not found.
"C:\Users\Tom\AppData\Local\Temp\pburhqlvqpfpxlfqksu.bfg" => File/Directory not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} => Value deleted successfully.
HKCR\CLSID\{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{458A6C13-D018-49C9-9FBD-91725B62F098} => Key deleted successfully.
HKCR\CLSID\{458A6C13-D018-49C9-9FBD-91725B62F098} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F} => Value deleted successfully.
HKCR\CLSID\{B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F} => Key not found.
HKCR\PROTOCOLS\Handler\tmbp => Key deleted successfully.
HKCR\CLSID\{1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} => Key not found.
HKCR\PROTOCOLS\Handler\tmpx => Key deleted successfully.
HKCR\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\tmbp => Key not found.
HKCR\Wow6432Node\CLSID\{1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\tmpx => Key not found.
HKCR\Wow6432Node\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23} => Key not found.
Hosts was reset successfully.
C:\ProgramData\uskqflxpfpqvlqhrubp.bat => Moved successfully.
C:\ProgramData\uskqflxpfpqvlqhrubp.reg => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\UNINSTALL.EXE => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\CbsProvider.dll => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\CompatProvider.dll => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\DismCore.dll => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\DismCorePS.dll => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\DismHost.exe => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\DismProv.dll => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\DmiProvider.dll => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\FolderProvider.dll => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\IntlProvider.dll => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\LogProvider.dll => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\MsiProvider.dll => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\OSProvider.dll => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\SmiProvider.dll => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\TransmogProvider.dll => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\UnattendProvider.dll => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\wdscore.dll => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\2D8FEBD6-0AB9-4A4C-9941-700A75963F1F\WimProvider.dll => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C7FFBB33-DD44-493F-9385-8E7C8AB7F834} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7FFBB33-DD44-493F-9385-8E7C8AB7F834} => Key deleted successfully.
C:\Windows\System32\Tasks\JavaUpdateSched => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JavaUpdateSched => Key deleted successfully.

==== End of Fixlog ====

broni · 2013/09/02

Any problem with running computer in normal mode now?

Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

Close all the running programs

Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

Unzip downloaded file.

Open the folder where the contents were unzipped and run mbar.exe

Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

Click on the Cleanup button to remove any threats and reboot if prompted to do so.

Wait while the system shuts down and the cleanup process is performed.

Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

Whiskeyman · 2013/09/02

The PC is running fine in normal mode. MBAR found no issues and no cleanup was necessary. Here are the RogueKiller logs. I am headed to dialysis and will not be back online until 9 PM EDT.

RogueKiller V8.6.8 _x64_ [Sep 2 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tom [Admin rights]
Mode : Scan -- Date : 09/02/2013 12:43:34
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3250312AS ATA Device +++++
--- User ---
[MBR] c36464c1da9024b0ee8dffd3aa2cbc88
[BSP] daa0ab17fe21c2ebe596cc79dbd7bfc8 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 11868 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24387584 | Size: 226564 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_09022013_124334.txt >>

RogueKiller V8.6.8 _x64_ [Sep 2 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tom [Admin rights]
Mode : Remove -- Date : 09/02/2013 12:44:46
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3250312AS ATA Device +++++
--- User ---
[MBR] c36464c1da9024b0ee8dffd3aa2cbc88
[BSP] daa0ab17fe21c2ebe596cc79dbd7bfc8 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 11868 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24387584 | Size: 226564 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_09022013_124446.txt >>
RKreport[0]_S_09022013_124334.txt

broni · 2013/09/02

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Whiskeyman · 2013/09/02

Here's the ComboFix and rKill logs.

ComboFix 13-09-02.02 - Tom 09/02/2013 21:20:23.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1961.1045 [GMT -4:00]
Running from: c:\users\Tom\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-08-03 to 2013-09-03 )))))))))))))))))))))))))))))))
.
.
2013-09-03 01:24 . 2013-09-03 01:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-02 16:53 . 2013-09-02 17:06 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-09-01 22:20 . 2013-09-01 22:20 -------- d-----w- C:\FRST
2013-09-01 17:46 . 2013-09-01 17:46 -------- d-----w- c:\program files (x86)\FileASSASSIN
2013-09-01 17:26 . 2013-09-01 17:26 -------- d-----w- c:\program files\CCleaner
2013-09-01 16:37 . 2013-09-01 16:37 -------- d-----w- c:\users\Tom\AppData\Roaming\Malwarebytes
2013-09-01 16:37 . 2013-09-01 16:37 -------- d-----w- c:\programdata\Malwarebytes
2013-09-01 16:37 . 2013-09-01 16:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-01 16:37 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-01 16:36 . 2013-09-01 16:36 -------- d-----w- c:\users\Tom\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-15 01:00 . 2012-11-20 10:33 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BlueStacks Agent "= "c:\program files (x86)\BlueStacks\HD-Agent.exe" [2011-11-23 168288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online "= "c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray "= "c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool "= "c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"PWRISOVM.EXE "= "c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-02-09 312376]
"GrooveMonitor "= "c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Acrobat Speed Launcher "= "c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0 "= "c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]
"Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"TkBellExe "= "c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-06-03 296056]
"Info Center "= "c:\program files (x86)\PCPitstop\Info Center\InfoCenter.exe" [2012-09-01 27328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs "=1 (0x1)
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
2013-09-03 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2012-02-14 170264]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2012-02-14 398616]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2012-02-14 440600]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.254.254
FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\2i5mgpxs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-02 21:25:33
ComboFix-quarantined-files.txt 2013-09-03 01:25
.
Pre-Run: 181,616,001,024 bytes free
Post-Run: 182,433,071,104 bytes free
.
- - End Of File - - DD9AAF55936817828B276EE1500DB35D
5C616939100B85E558DA92B899A0FC36

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/02/2013 09:37:02 PM in x64 mode. (Safe Mode)
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Base Filtering Engine (BFE) is not Running.
Startup Type set to: Automatic

* DHCP Client (Dhcp) is not Running.
Startup Type set to: Automatic

* DNS Client (Dnscache) is not Running.
Startup Type set to: Automatic

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Windows Firewall (MpsSvc) is not Running.
Startup Type set to: Automatic

* Network Connections (Netman) is not Running.
Startup Type set to: Manual

* Network Store Interface Service (nsi) is not Running.
Startup Type set to: Automatic

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Ancillary Function Driver for Winsock (AFD) is not Running.
Startup Type set to: System

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* NetBT (NetBT) is not Running.
Startup Type set to: System

* NSI proxy service driver. (nsiproxy) is not Running.
Startup Type set to: System

* NetIO Legacy TDI Support Driver (tdx) is not Running.
Startup Type set to: System

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 09/02/2013 09:38:04 PM
Execution time: 0 hours(s), 1 minute(s), and 2 seconds(s)

broni · 2013/09/02

Looks good.

What's the story with your AV program?
DDS log shows Avast running and some items from TrendMicro.
Now I see nothing.

Whiskeyman · 2013/09/03

The AV programs were outdated so I disabled and removed them. I downloaded MSE, but had to wait until I could boot into the normal desktop before installation. Now that this PC is clean I can install MSE plus all updates. I need to secure this PC so his wife and kids can't mess it up again.

I have updated both IE and Firefox plus downloaded and installed all Windows updates. All outdated and insecure programs have been updated. All that's left is to clear the cache and older restore points.

broni · 2013/09/03

Install MSE now.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Scan button.

When the scan has finished click on Clean button.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Whiskeyman · 2013/09/04

I have several medical appointments for the rest of the week. It will probably be Sunday before I can get back out to Tom's place to run those scans.

broni · 2013/09/04

Thanks for letting me know

broni · 2013/09/09

Still with me?

Whiskeyman · 2013/09/12

He is going to bring the tower to me as soon as he gets a chance. In fact he is my postman and I am waiting for him to drop my mail off. I will ask him today if he can get the tower to me by Saturday.

broni · 2013/09/12

Whiskeyman · 2013/09/14

# AdwCleaner v3.003 - Report created 14/09/2013 at 15:56:34
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Tom - TOM-PC
# Running from : C:\Users\Tom\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Users\Tom\AppData\Local\Conduit
Folder Found C:\Users\Tom\AppData\LocalLow\Conduit
Folder Found C:\Users\Tom\AppData\LocalLow\PriceGong

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://isearch.avg.com/tab?cid={0193716E-1C62-494F-BFD0-AEAF40362C60}&mid=e4c0aa2b59f447d1997c05f79f2735db-e70a5fe85e0a699e455db474a0aad12f1ddbd1d8&lang=en&ds=st011&pr=sa&d=2012-03-06 19:37:21&v=9.0.0.23&sap=nt

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\2i5mgpxs.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [2135 octets] - [14/09/2013 15:56:34]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2195 octets] ##########

# AdwCleaner v3.003 - Report created 14/09/2013 at 15:57:41
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Tom - TOM-PC
# Running from : C:\Users\Tom\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Tom\AppData\Local\Conduit
Folder Deleted : C:\Users\Tom\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Tom\AppData\LocalLow\PriceGong

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\2i5mgpxs.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [2275 octets] - [14/09/2013 15:56:34]
AdwCleaner[S0].txt - [2030 octets] - [14/09/2013 15:57:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2090 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.0 (09.12.2013:1)
OS: Windows 7 Home Premium x64
Ran by Tom on Sat 09/14/2013 at 16:03:39.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\2i5mgpxs.default\minidumps [1 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/14/2013 at 16:08:50.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Whiskeyman · 2013/09/14

OTL logfile created on: 9/14/2013 4:18:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tom\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.91 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 60.77% Memory free
3.83 Gb Paging File | 2.87 Gb Available in Paging File | 74.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.25 Gb Total Space | 184.04 Gb Free Space | 83.18% Space Free | Partition Type: NTFS

Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/14 15:34:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/08 03:17:22 | 000,642,664 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2011/11/23 00:45:54 | 000,168,288 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe
PRC - [2011/09/22 12:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/09/22 12:11:26 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/09/22 12:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/09/21 12:30:12 | 004,109,312 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2010/11/17 12:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

========== Modules (No Company Name) ==========

MOD - [2013/09/13 22:26:11 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c5f2c02bd940c74019ed4a183c7830c0\System.WorkflowServices.ni.dll
MOD - [2013/09/13 22:25:54 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\5126089292f3f953c53f7f7defc0a79f\System.ServiceModel.Web.ni.dll
MOD - [2013/09/13 22:25:15 | 001,084,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c7e65a2dfe8622af6e256cb4a7a3352e\System.IdentityModel.ni.dll
MOD - [2013/09/13 22:25:14 | 017,477,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\c0593e0b0fafb24a15548809f246d9e0\System.ServiceModel.ni.dll
MOD - [2013/09/13 22:21:06 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/09/03 08:57:49 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\1327ad2637aab17189c5461fbf30dc19\SMDiagnostics.ni.dll
MOD - [2013/09/03 08:57:48 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e043ad64456256a8ee5b934e227d9782\System.Runtime.Serialization.ni.dll
MOD - [2013/09/03 08:57:47 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\245d1e603b9f9a15d8934c4f1bbe55ee\System.Xml.Linq.ni.dll
MOD - [2013/09/03 08:57:44 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\9e38ddbb3a90cc3e782a0640788b1fcb\System.Core.ni.dll
MOD - [2013/09/03 08:57:40 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/09/03 08:57:19 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\930e99b2f62cea8c4aa070527d15f748\PresentationFramework.ni.dll
MOD - [2013/09/03 08:57:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/09/03 08:57:03 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/09/03 08:57:01 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\585b8f6cc7ba86886462d0dc9753c98f\PresentationCore.ni.dll
MOD - [2013/09/03 08:56:52 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll
MOD - [2013/09/03 08:56:47 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/09/03 08:56:44 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/09/03 08:56:44 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/09/03 08:56:36 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/21 18:48:15 | 002,052,096 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/07/21 18:48:15 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/07/02 19:09:05 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2013/04/23 18:57:26 | 004,554,752 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2013/02/13 02:04:31 | 000,262,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
MOD - [2012/12/12 01:32:26 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/10/05 06:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/10/05 06:53:24 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/09/22 12:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/11/25 00:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/20 23:24:25 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2010/11/17 12:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/06/10 17:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/07/18 20:33:12 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/07/18 20:33:12 | 000,023,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/09/14 15:51:00 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/02 21:03:32 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/06 21:40:42 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/02/14 19:55:04 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/11/23 00:45:12 | 000,110,944 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2011/10/26 10:58:10 | 000,162,816 | ---- | M] (Dell Products, LP.) [Auto | Stopped] -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2011/09/22 12:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/11/25 07:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 07:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/08/25 22:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/09 12:40:33 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 05:33:56 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/02/28 05:33:56 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/02/14 19:47:38 | 014,692,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/10 18:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/21 04:01:04 | 000,144,656 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2011/05/21 04:01:04 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2011/05/21 04:01:04 | 000,090,896 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2011/05/21 04:01:04 | 000,069,392 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2011/03/10 19:27:32 | 001,576,576 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 04:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/03/19 05:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/11/23 00:46:36 | 000,070,496 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3675775833-1123371232-2004290866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3675775833-1123371232-2004290866-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3675775833-1123371232-2004290866-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3675775833-1123371232-2004290866-1000\..\SearchScopes\{86D7C235-655B-441F-BA25-876A6EB63DC8}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3675775833-1123371232-2004290866-1000\..\SearchScopes\{BC7BCC38-704A-4D77-B40C-726C995AA8AE}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3675775833-1123371232-2004290866-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ "
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/03/12 14:23:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions
[2013/09/03 10:20:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\2i5mgpxs.default\extensions
[2013/09/03 10:20:33 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\2i5mgpxs.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/09/02 21:03:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/09/02 21:03:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/02 21:03:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/09/02 05:07:01 | 000,000,035 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3675775833-1123371232-2004290866-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-3675775833-1123371232-2004290866-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-3675775833-1123371232-2004290866-1000..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3675775833-1123371232-2004290866-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3675775833-1123371232-2004290866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DAFAD7D-58C0-4DB6-8834-F40222DFED0F}: DhcpNameServer = 192.168.254.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Whiskeyman · 2013/09/14

OTL Extras logfile created on: 9/14/2013 4:18:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tom\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.91 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 60.77% Memory free
3.83 Gb Paging File | 2.87 Gb Available in Paging File | 74.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.25 Gb Total Space | 184.04 Gb Free Space | 83.18% Space Free | Partition Type: NTFS

Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3675775833-1123371232-2004290866-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B8DC85D-B533-45CF-A7DD-2792291F8F25}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{204EF197-CEAF-4F28-AD6B-44127D4F5DDD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{216E6A98-5D1D-4FED-B86E-E221B2991FC2}" = rport=138 | protocol=17 | dir=out | app=system |
"{2C1A93AC-9FEC-4E2B-B3C9-8C711CBC1B25}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{37D8AA3C-988D-4C34-9547-0A4BFA478D81}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{38812394-FD7D-4A84-A130-4505D21258CC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3A675EFD-A5BD-4202-B45F-78DAC4CEAC6E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3C35A10A-BB7B-4293-95DC-DB00D3B0BB00}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3F9E2C25-27E9-41D8-BD17-111C15562375}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4189E42D-B22F-4F4D-94D0-C6B15EE5B4D5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41EB1B1D-EE30-4A9C-B212-40B574CEAFA3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{421ABE33-39FB-46CA-BFC0-1DEE7167B48A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{545DB361-B8C9-4F3E-8E73-9CBCB25D6378}" = lport=138 | protocol=17 | dir=in | app=system |
"{663F6AF7-CAFB-49CB-90AF-AF2ABDD02347}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6BCE63DA-955E-443E-837D-96656D6F55AC}" = lport=139 | protocol=6 | dir=in | app=system |
"{7162DA04-268B-427F-A786-FA5A100E8552}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{735560E1-BD7C-463E-8698-2A55FC356D9D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{76AE3308-D1E2-48A0-9054-83402FF5E52D}" = rport=139 | protocol=6 | dir=out | app=system |
"{8A7C2994-FEA8-4DF1-A94C-9D1A7545747E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{932C061C-C1F2-42F1-81A0-28F60293A99F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9CF2D256-663C-4177-99E9-A29947E87334}" = rport=445 | protocol=6 | dir=out | app=system |
"{9EDBF546-F121-4E9E-97F2-EC7426BAF6BC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A3260967-4C67-45F0-8FD7-803EFEBD785C}" = lport=137 | protocol=17 | dir=in | app=system |
"{B4610EC8-390B-4B64-B122-20F0BF681D0D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B498E4C9-950D-4C84-AC00-E52ECB13171D}" = rport=137 | protocol=17 | dir=out | app=system |
"{B61E5E8A-CE0D-4305-B277-8D83CE69C8E9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BC7247AB-76D1-427E-AFE1-3EF4390CA1E9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BD6C3B0A-A56C-41FA-9EBD-F5692F2475A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D4AD88DE-FB55-4743-BA04-753492CD6AC5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D5FFD4C7-EFAC-4A92-BD83-944531F7CB89}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E1E42701-974E-448E-AEF5-FBD02E4A2059}" = lport=445 | protocol=6 | dir=in | app=system |
"{FD94BE42-1902-4C47-BDE9-CDE17323E2DD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C67817-76E4-451E-9FA0-D1E9860153BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{10A2D25D-C60A-4789-88CF-3B8B0A20CC39}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{25535824-6088-4B16-B5A1-EFDA82DE660F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{2F3CCBF5-8D65-4283-9544-482CB2B89D69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3D0693DA-01C8-43C1-A305-C4B941404272}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3DD225A4-AC67-4DC2-B974-0E62565E90AE}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{3E1B6BB0-EFA8-4BD9-8DF5-915D6E67D45F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3EDF4663-5C09-48D5-9F58-21BD6DA1B060}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4570EE90-792C-49EE-8C4A-48C710B3922F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{5342526E-5BBD-4CD5-9D7C-C574AE5BA682}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5E18267C-CF18-46FE-934F-91061D69B5F0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{66CA7C9F-7100-4738-BC71-4979D711620B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{712506FD-D84B-4A77-BEEE-9CECDBDA98CA}" = protocol=6 | dir=out | app=system |
"{77DBF523-6683-47B6-A281-34449BD17EC9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{842BDE08-1E2C-4877-8772-7D6727FBB5E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85C9C8F3-91BD-4D19-8748-44771C106568}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{88105F52-1B76-4545-9F59-1202B694E82B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9C47D537-7C2B-4144-9A01-85D2FF0EC844}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A487C971-C49C-4A3F-9B3E-9F91B0DD9E7A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B551F31D-C7EB-4FAB-A7A2-6C239939FE4B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C465BB42-310E-4F61-BCF1-AEEE42D74DCB}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{C7183F41-4636-4E6D-AC11-0974668C7E7B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D5A711F6-F3D3-4FDF-9E04-67F2BD07BE7A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D8EECADE-1298-4C7A-88F1-A7DBCF7676B9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DA1A5ABB-B253-4B34-8FCC-8ECA003B0510}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E58D89FF-E9E9-48BA-B9EE-A65E10D28258}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{373B90E1-A28C-434C-92B6-7281AFA6115A}" = WOT for Internet Explorer
"{3DB84568-DD0E-401F-BC21-CE24720A0C5B}" = Microsoft Security Client
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{F2C07BE3-0F88-4D0C-957B-3557699981E9}" = HP Deskjet 2050 J510 series Basic Device Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A2B4973B-1ECD-45D0-B010-156DB8DFD201}" = BlueStacks (alpha)
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, FranÃ§ais, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_955" = Adobe Acrobat 9.5.5 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, FranÃ§ais, Deutsch
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.04)
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFC08A81-D3C5-46F4-8F08-876E4BA606EA}" = Dell Digital Delivery
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileASSASSIN" = FileASSASSIN
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SpywareBlaster_is1" = SpywareBlaster 5.0
"VLC media player" = VLC media player 2.0.8

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3675775833-1123371232-2004290866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

< End of report >

Log in or Sign up

Solved ICE/MoneyPak

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Whiskeyman Inactive Alumni Thread Starter

Whiskeyman Inactive Alumni Thread Starter

Whiskeyman Inactive Alumni Thread Starter

Share This Page

Log in or Sign up

Solved ICE/MoneyPak

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Whiskeyman Inactive Alumni Thread Starter

Whiskeyman Inactive Alumni Thread Starter

Whiskeyman Inactive Alumni Thread Starter

Share This Page

Useful Searches