Solved Computer acting "strangely"

frayedknotarts · 2015/02/07

[Solved] Computer acting "strangely "

WinPatrol came up suddenly with an unknown startup addition showing no company or program name: 1423336500. Searching for that (File Locator Lite) causes the locator program to freeze with the GIF "working" circle running until manually shut down.

Superantispyware has been hanging up on daily scan and not completing on this computer: Other programs either will not start from their .exe files or show the .exe files are not findable by Win7.

All other computers are running fine and having no problems starting or finding their .exe's

Specs:
Win7 PRO 64, Toshiba laptop, Comcast cable, 8GB RAM, 750GB drive. MBAM run after a new download (old .exe was undiscoverable) and Windows Essentials run with latest updates.

Confused.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/7/2015
Scan Time: 9:47:00 AM
Logfile: mbam020715.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.07.05
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: frayedknots

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359234
Time Elapsed: 36 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

........................................

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 10.51.2
Run by frayedknots at 10:34:36 on 2015-02-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8140.5933 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\CISVC.EXE
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\Program Files (x86)\PDF Architect\HelperService.exe
C:\Program Files (x86)\PDF Architect\ConversionService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\igfxext.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\PrintKey2000\Printkey2000.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe
C:\Program Files (x86)\Autorun Eater\billy.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Microsoft Security Client\msseces.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\Explorer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyOverride = <local>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: PDF Architect Toolbar: {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [WinPatrol] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe "
mRun: [Autorun Eater] C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe
mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
StartupFolder: C:\Users\FRAYED~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PRINTK~1.LNK - C:\Program Files (x86)\PrintKey2000\Printkey2000.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{06FD2D28-E00E-4631-A4D8-67498282C9EE} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{389DBE9A-DB59-42CF-BF3C-67CAD0A15F46} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{389DBE9A-DB59-42CF-BF3C-67CAD0A15F46}\25F6375605564716C637 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{389DBE9A-DB59-42CF-BF3C-67CAD0A15F46}\3507563602F40737 : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\frayedknots\AppData\Roaming\Mozilla\Firefox\Profiles\935x86vm.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=219247&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\frayedknots\AppData\Roaming\Mozilla\Firefox\Profiles\935x86vm.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Users\frayedknots\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2013-6-22 56336]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R1 DVDHelp;DVD Video Region CSS free Filter Driver;C:\windows\System32\drivers\DVDHelp.sys [2012-10-13 28696]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 172344]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2011-4-27 125584]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-8-3 126392]
R2 PDF Architect Helper Service;PDF Architect Helper Service;C:\Program Files (x86)\PDF Architect\HelperService.exe [2013-4-8 1320496]
R2 PDF Architect Service;PDF Architect Service;C:\Program Files (x86)\PDF Architect\ConversionService.exe [2013-4-8 799280]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-3 2656280]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2014-12-2 1042808]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2014-12-2 296312]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2011-8-3 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-2-9 77424]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-8-3 38096]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\drivers\rtwlane.sys [2013-5-2 1514568]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-8-3 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe --> C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 GSVDRIVE;GSVDRIVE Driver;C:\windows\System32\drivers\GSVDRIVE.sys [2012-10-13 28568]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-12-24 114688]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-12-28 19456]
S3 RoxMediaDB13;RoxMediaDB13;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2012-6-2 1095824]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-8-3 243712]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-8-3 1109096]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-3-31 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-12-28 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-10-5 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-02-07 13:15:16 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6ABD56D-D5D1-44F8-8551-F9396E8E7B86}\mpengine.dll
2015-02-07 13:14:36 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{925C6EA4-7579-5366-4594-A1ED2CE30414}\GapaEngine.dll
2015-02-07 13:12:01 -------- dcsh--w- C:\$RECYCLE.BIN
2015-02-07 13:08:06 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B6224E59-5ED3-DC64-ED95-85881867794D}\GapaEngine.dll
2015-02-07 13:07:36 -------- dcs---w- C:\ComboFix
2015-02-05 23:42:04 210432 ----a-w- C:\windows\System32\profsvc.dll
2015-02-05 23:42:03 303616 ----a-w- C:\windows\System32\nlasvc.dll
2015-02-05 23:42:03 156672 ----a-w- C:\windows\SysWow64\ncsi.dll
2015-02-05 23:42:02 52224 ----a-w- C:\windows\SysWow64\nlaapi.dll
2015-02-05 23:41:57 5553592 ----a-w- C:\windows\System32\ntoskrnl.exe
2015-02-05 23:41:57 3971512 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2015-02-05 23:41:56 3916728 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2015-02-05 23:41:54 503808 ----a-w- C:\windows\System32\srcore.dll
2015-02-05 23:41:54 296960 ----a-w- C:\windows\System32\rstrui.exe
2015-02-05 23:41:43 50176 ----a-w- C:\windows\System32\srclient.dll
2015-02-05 23:41:43 43008 ----a-w- C:\windows\SysWow64\srclient.dll
2015-02-05 23:41:35 141312 ----a-w- C:\windows\System32\drivers\mrxdav.sys
2015-02-05 23:41:25 87040 ----a-w- C:\windows\System32\TSWbPrxy.exe
2015-02-05 18:19:10 -------- d-----w- C:\Users\frayedknots\AppData\Local\Noteworthy Software
2015-02-05 18:19:08 -------- d-----w- C:\Program Files (x86)\Noteworthy Software
2015-02-05 00:04:22 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-02-04 21:50:17 5070512 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2015-02-03 15:02:27 -------- d-----w- C:\Program Files\Free Editor
2015-02-03 15:00:13 -------- d-----w- C:\Users\frayedknots\AppData\Roaming\Blue Labs, LLC
2015-02-03 14:46:59 -------- d-----w- C:\Program Files (x86)\NCH Software
2015-01-25 15:08:22 98816 ----a-w- C:\windows\sed.exe
2015-01-25 15:08:22 256000 ----a-w- C:\windows\PEV.exe
2015-01-25 15:08:22 208896 ----a-w- C:\windows\MBR.exe
2015-01-22 19:20:31 -------- d-----w- C:\Users\frayedknots\AppData\Local\Help
2015-01-22 19:19:10 9216 ----a-w- C:\windows\SysWow64\ftlx0411.dll
2015-01-22 19:19:10 9216 ----a-w- C:\windows\System32\ftlx0411.dll
2015-01-22 19:19:10 296960 ----a-w- C:\windows\winhlp32.exe
2015-01-22 19:19:10 195072 ----a-w- C:\windows\SysWow64\ftsrch.dll
2015-01-22 19:19:10 195072 ----a-w- C:\windows\System32\ftsrch.dll
2015-01-22 19:19:10 10240 ----a-w- C:\windows\SysWow64\ftlx041e.dll
2015-01-22 19:19:10 10240 ----a-w- C:\windows\System32\ftlx041e.dll
2015-01-22 17:08:24 -------- d-----w- C:\Program Files (x86)\abc2nwc
2015-01-22 17:08:05 286720 ------w- C:\windows\Setup1.exe
2015-01-22 17:08:04 73216 ----a-w- C:\windows\ST6UNST.EXE
2015-01-22 07:30:14 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{12BC9B43-A6B9-40AF-9A7E-F2C4E14FAED3}\gapaengine.dll
2015-01-21 20:36:03 -------- d-----w- C:\Users\frayedknots\AppData\Local\EasyABC
2015-01-21 20:35:54 -------- d-----w- C:\Program Files (x86)\EasyABC
2015-01-17 17:10:23 -------- d-----w- C:\Program Files\VuePrint
2015-01-10 21:21:20 -------- d-----r- C:\Users\frayedknots\Dropbox
2015-01-10 21:17:18 -------- d-----w- C:\Users\frayedknots\AppData\Roaming\Dropbox
2015-01-08 20:29:41 -------- d-----w- C:\Program Files\Western Digital
.
==================== Find3M ====================
.
2015-02-07 14:25:22 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2015-02-04 22:50:26 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-04 22:50:26 701616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2015-01-04 21:38:10 18960 ----a-w- C:\windows\System32\drivers\LNonPnP.sys
2014-12-31 11:14:31 298120 ------w- C:\windows\System32\MpSigStub.exe
2014-12-13 05:09:01 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2014-12-13 03:33:44 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\windows\SysWow64\wininet.dll
2014-11-21 11:14:22 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-11-21 11:14:12 93400 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-11-21 11:14:08 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-11-11 03:09:06 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\windows\System32\drivers\tdx.sys
.
============= FINISH: 10:35:24.52 ===============

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 10.51.2
Run by frayedknots at 10:34:36 on 2015-02-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8140.5933 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\CISVC.EXE
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\Program Files (x86)\PDF Architect\HelperService.exe
C:\Program Files (x86)\PDF Architect\ConversionService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\igfxext.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\PrintKey2000\Printkey2000.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe
C:\Program Files (x86)\Autorun Eater\billy.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Microsoft Security Client\msseces.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\Explorer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyOverride = <local>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: PDF Architect Toolbar: {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [WinPatrol] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe "
mRun: [Autorun Eater] C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe
mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
StartupFolder: C:\Users\FRAYED~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PRINTK~1.LNK - C:\Program Files (x86)\PrintKey2000\Printkey2000.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{06FD2D28-E00E-4631-A4D8-67498282C9EE} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{389DBE9A-DB59-42CF-BF3C-67CAD0A15F46} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{389DBE9A-DB59-42CF-BF3C-67CAD0A15F46}\25F6375605564716C637 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{389DBE9A-DB59-42CF-BF3C-67CAD0A15F46}\3507563602F40737 : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\frayedknots\AppData\Roaming\Mozilla\Firefox\Profiles\935x86vm.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=219247&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\frayedknots\AppData\Roaming\Mozilla\Firefox\Profiles\935x86vm.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Users\frayedknots\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2013-6-22 56336]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R1 DVDHelp;DVD Video Region CSS free Filter Driver;C:\windows\System32\drivers\DVDHelp.sys [2012-10-13 28696]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 172344]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2011-4-27 125584]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-8-3 126392]
R2 PDF Architect Helper Service;PDF Architect Helper Service;C:\Program Files (x86)\PDF Architect\HelperService.exe [2013-4-8 1320496]
R2 PDF Architect Service;PDF Architect Service;C:\Program Files (x86)\PDF Architect\ConversionService.exe [2013-4-8 799280]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-3 2656280]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2014-12-2 1042808]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2014-12-2 296312]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2011-8-3 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-2-9 77424]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-8-3 38096]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\drivers\rtwlane.sys [2013-5-2 1514568]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-8-3 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe --> C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 GSVDRIVE;GSVDRIVE Driver;C:\windows\System32\drivers\GSVDRIVE.sys [2012-10-13 28568]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-12-24 114688]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-12-28 19456]
S3 RoxMediaDB13;RoxMediaDB13;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2012-6-2 1095824]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-8-3 243712]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-8-3 1109096]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-3-31 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-12-28 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-10-5 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-02-07 13:15:16 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6ABD56D-D5D1-44F8-8551-F9396E8E7B86}\mpengine.dll
2015-02-07 13:14:36 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{925C6EA4-7579-5366-4594-A1ED2CE30414}\GapaEngine.dll
2015-02-07 13:12:01 -------- dcsh--w- C:\$RECYCLE.BIN
2015-02-07 13:08:06 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B6224E59-5ED3-DC64-ED95-85881867794D}\GapaEngine.dll
2015-02-07 13:07:36 -------- dcs---w- C:\ComboFix
2015-02-05 23:42:04 210432 ----a-w- C:\windows\System32\profsvc.dll
2015-02-05 23:42:03 303616 ----a-w- C:\windows\System32\nlasvc.dll
2015-02-05 23:42:03 156672 ----a-w- C:\windows\SysWow64\ncsi.dll
2015-02-05 23:42:02 52224 ----a-w- C:\windows\SysWow64\nlaapi.dll
2015-02-05 23:41:57 5553592 ----a-w- C:\windows\System32\ntoskrnl.exe
2015-02-05 23:41:57 3971512 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2015-02-05 23:41:56 3916728 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2015-02-05 23:41:54 503808 ----a-w- C:\windows\System32\srcore.dll
2015-02-05 23:41:54 296960 ----a-w- C:\windows\System32\rstrui.exe
2015-02-05 23:41:43 50176 ----a-w- C:\windows\System32\srclient.dll
2015-02-05 23:41:43 43008 ----a-w- C:\windows\SysWow64\srclient.dll
2015-02-05 23:41:35 141312 ----a-w- C:\windows\System32\drivers\mrxdav.sys
2015-02-05 23:41:25 87040 ----a-w- C:\windows\System32\TSWbPrxy.exe
2015-02-05 18:19:10 -------- d-----w- C:\Users\frayedknots\AppData\Local\Noteworthy Software
2015-02-05 18:19:08 -------- d-----w- C:\Program Files (x86)\Noteworthy Software
2015-02-05 00:04:22 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-02-04 21:50:17 5070512 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2015-02-03 15:02:27 -------- d-----w- C:\Program Files\Free Editor
2015-02-03 15:00:13 -------- d-----w- C:\Users\frayedknots\AppData\Roaming\Blue Labs, LLC
2015-02-03 14:46:59 -------- d-----w- C:\Program Files (x86)\NCH Software
2015-01-25 15:08:22 98816 ----a-w- C:\windows\sed.exe
2015-01-25 15:08:22 256000 ----a-w- C:\windows\PEV.exe
2015-01-25 15:08:22 208896 ----a-w- C:\windows\MBR.exe
2015-01-22 19:20:31 -------- d-----w- C:\Users\frayedknots\AppData\Local\Help
2015-01-22 19:19:10 9216 ----a-w- C:\windows\SysWow64\ftlx0411.dll
2015-01-22 19:19:10 9216 ----a-w- C:\windows\System32\ftlx0411.dll
2015-01-22 19:19:10 296960 ----a-w- C:\windows\winhlp32.exe
2015-01-22 19:19:10 195072 ----a-w- C:\windows\SysWow64\ftsrch.dll
2015-01-22 19:19:10 195072 ----a-w- C:\windows\System32\ftsrch.dll
2015-01-22 19:19:10 10240 ----a-w- C:\windows\SysWow64\ftlx041e.dll
2015-01-22 19:19:10 10240 ----a-w- C:\windows\System32\ftlx041e.dll
2015-01-22 17:08:24 -------- d-----w- C:\Program Files (x86)\abc2nwc
2015-01-22 17:08:05 286720 ------w- C:\windows\Setup1.exe
2015-01-22 17:08:04 73216 ----a-w- C:\windows\ST6UNST.EXE
2015-01-22 07:30:14 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{12BC9B43-A6B9-40AF-9A7E-F2C4E14FAED3}\gapaengine.dll
2015-01-21 20:36:03 -------- d-----w- C:\Users\frayedknots\AppData\Local\EasyABC
2015-01-21 20:35:54 -------- d-----w- C:\Program Files (x86)\EasyABC
2015-01-17 17:10:23 -------- d-----w- C:\Program Files\VuePrint
2015-01-10 21:21:20 -------- d-----r- C:\Users\frayedknots\Dropbox
2015-01-10 21:17:18 -------- d-----w- C:\Users\frayedknots\AppData\Roaming\Dropbox
2015-01-08 20:29:41 -------- d-----w- C:\Program Files\Western Digital
.
==================== Find3M ====================
.
2015-02-07 14:25:22 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2015-02-04 22:50:26 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-04 22:50:26 701616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2015-01-04 21:38:10 18960 ----a-w- C:\windows\System32\drivers\LNonPnP.sys
2014-12-31 11:14:31 298120 ------w- C:\windows\System32\MpSigStub.exe
2014-12-13 05:09:01 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2014-12-13 03:33:44 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\windows\SysWow64\wininet.dll
2014-11-21 11:14:22 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-11-21 11:14:12 93400 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-11-21 11:14:08 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-11-11 03:09:06 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\windows\System32\drivers\tdx.sys
.
============= FINISH: 10:35:24.52 ===============

PeteC · 2015/02/07

WinPatrol came up suddenly with an unknown startup addition showing no company or program name: 1423336500
Click to expand...

That is almost certainly Adobe Reader - see WinPatrol's explanation here.

frayedknotarts · 2015/02/07

Thank you, Pete. I found Bill's information sufficiently persuasive to go ahead and "allow the change" with the result of... no change. One program previously working well untill yesterday suddenly has developed a "hitch" between steps, and is now (as of an hour ago) essentially unusable with a 14 second delay each time you try to go to the "next step ".

Something is rotten in the State of Dinsdale!

broni · 2015/02/07

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================

You posted DDS.txt log twice.
I still need Attach.txt log from DDS.

frayedknotarts · 2015/02/07

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/4/2011 4:45:19 PM
System Uptime: 2/7/2015 7:43:44 AM (3 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | CPU | 2100/1333mhz
.
==== Disk Partitions =========================
.
.
==== Installed Programs ======================
.
7-Zip 9.38 (x64 edition)
abc2nwc
abc2score
Adobe AIR
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Photoshop 7.0
Adobe Reader XI (11.0.10)
Adobe SVG Viewer 3.0
Angry Birds
Angry Birds Rio
Angry Birds Seasons
Angry Birds Space
Angry Birds Star Wars
Angry Birds Star Wars II
AnyMP4 DVD Toolkit 6.0.38
Arclab Dir2HTML 1.0 Freeware
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Autorun Eater v2.6
Bad Piggies
CCleaner
Cisco WebEx Meetings
Conexant HD Audio
D3DX10
DirectX 9 Runtime
Dropbox
DVD-Cloner V12.00 Build 1400
DVD Shrink 3.2
eReg
File Type Assistant
FileLocator Lite 2010 (64-bit)
Free Editor
GIMPshop .1 beta
ImgBurn
InfraRecorder 0.53 (x64 edition)
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
IrfanView (remove only)
Java 7 Update 51
Java 7 Update 51 (64-bit)
Java Auto Updater
Junk Mail filter update
K-Lite Codec Pack 9.4.0 (Basic)
Leawo DVD Creator version 5.3.0.0
Logitech SetPoint 6.32
Malwarebytes Anti-Malware version 2.0.4.1028
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Press Interactive Training
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Mozilla Firefox 35.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MyTomTom 3.2.0.700
Nils Liberg's EasyABC 1.3.5
NoteWorthy Composer 2
NoteWorthy Player
Panda USB Vaccine 1.0.1.4
PDF Architect
PDFCreator
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
PrintKey2000
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Recuva
Roxio CinePlayer Decoder Pack
Roxio Easy Video Copy and Convert 5
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
SpywareBlaster 5.0
SUPERAntiSpyware
Synaptics Pointing Device Driver
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
ToshibaRegistration
Ultra Defragmenter
Unlocker 1.9.1-x64
VD64Inst
Visual Studio C++ 10.0 Runtime
VSO ConvertXToDVD
VuePrint
WD Drive Utilities
WD Quick View
WD SmartWare
WD SmartWare Installer
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPatrol
WinX DVD Ripper Platinum 7.5.7
Yahoo SiteBuilder
YTD Video Downloader 4.8.9
.
==== End Of File ===========================

broni · 2015/02/07

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs

Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) to your desktop.

Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.

Double click on downloaded file. OK self extracting prompt.

MBAR will start. Click "Next" to continue.

Click in the following screen "Update" to obtain the latest malware definitions.

Once the update is complete select "Next" and click "Scan ".

When the scan is finished and no malware has been found select "Exit ".

If malware was detected, make sure to check all the items and click "Cleanup ". Reboot your computer.

Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:

"mbar-log-{date} (xx-xx-xx).txt "

"system-log.txt "

NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

frayedknotarts · 2015/02/07

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : frayedknots [Administrator]
Mode : Delete -- Date : 02/07/2015 20:23:02

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 22 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\RK_Default User_ON_I_07F3\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.hp.com -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\RK_Default User_ON_I_07F3\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.hp.com -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\RK_test_ON_I_E677\Software\Microsoft\Internet Explorer\Main | Start Page : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\RK_test_ON_I_E677\Software\Microsoft\Internet Explorer\Main | Start Page : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\RK_Default User_ON_I_07F3\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\RK_Default User_ON_I_07F3\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\RK_test_ON_I_E677\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\RK_test_ON_I_E677\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-198641074-826246188-2505207374-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-198641074-826246188-2505207374-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-198641074-826246188-2505207374-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-198641074-826246188-2505207374-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Not selected

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \\{8146C891-D79E-4FF3-B6B9-A66DE850CA68} -- C:\TEMP\ysitebuilder.exe -> Deleted

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 935x86vm.default : user_pref( "browser.startup.homepage ", "www.google.com "); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK5075GSX +++++
--- User ---
[MBR] 8d9aa49934b7c92367c7e8518838c033
[BSP] 9d15107b979a363fdd542e2160feb533 : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 463688 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 952707072 | Size: 11751 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WD My Book 1230 USB Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Seagate Backup+ Desk USB Device +++++
--- User ---
[MBR] 1c9e8017fa160f7d64b56324f52939f0
[BSP] a0af7f8c1489d09c424011f1352d308f : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907726 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Hitachi HTS545050B9A300 USB Device +++++
--- User ---
[MBR] bf112d3baa94af12d3ad6397d13f5b37
[BSP] e85755093bcb9a15218164b445b14d07 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 105677 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 216427680 | Size: 371259 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Kingston DataTraveler G3 USB Device +++++
--- User ---
[MBR] 50bca20378bf1c1d57a2d24a3cffb770
[BSP] e6e6feb173d3b10e273f29e201cf16db : Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 63 | Size: 7396 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Kingston DT Mini Fun G2 USB Device +++++
--- User ---
[MBR] 7e22c056bbc4de216fb362475faa863d
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0xb) [VISIBLE] Offset (sectors): 8064 | Size: 7631 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_SCN_02072015_201959.log

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Restore point created

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

No Malware found in MBMR: No report generated

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

frayedknotarts · 2015/02/07

RE: Problem with programme (Yahoo Sitebuilder) taking longer and longer between operations:

My Son in Law (an ITVP for a large and well-known company) looked at the problem quickly between replies to you, uninstalled the offending proggie, uninstalled and re-installed JAVA in a newer form, re-installed the proggie: "et viola" (so to speak), the problems went away. It was Java being archaically uncooperative and he solved it in ten minutes.

TEN MINUTES!

I "Effin'" HATE the young.

broni · 2015/02/07

Do you want to continue or you think your computer is fine?

frayedknotarts · 2015/02/07

I've been told one should always continue the course of medication until the DOCTOR says you're cured. That's why you went to him (or her) in the first place, Innit? I am at your disposal.

broni · 2015/02/07

No problem

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.

If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

frayedknotarts · 2015/02/08

ComboFix 15-02-08.01 - frayedknots 02/08/2015 8:19.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8140.5245 [GMT -5:00]
Running from: c:\users\frayedknots\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-01-08 to 2015-02-08 )))))))))))))))))))))))))))))))
.
.
2015-02-08 13:25 . 2015-02-08 13:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-08 02:02 . 2015-02-08 02:29 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-02-08 01:15 . 2015-02-08 01:15 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-02-08 01:15 . 2015-02-08 01:15 -------- d-----w- c:\programdata\RogueKiller
2015-02-08 00:27 . 2015-02-08 00:27 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-08 00:26 . 2015-02-08 00:26 -------- d-----w- c:\program files (x86)\Java
2015-02-08 00:16 . 2014-09-17 03:20 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D657A43-83D5-4CA9-8A52-F47EE57852EC}\gapaengine.dll
2015-02-08 00:15 . 2015-02-08 00:15 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-02-08 00:15 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{218E5C40-E06B-45E7-82D7-1069D3EF853B}\mpengine.dll
2015-02-07 13:15 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-02-05 23:42 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-02-05 23:42 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
2015-02-05 23:42 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-02-05 23:42 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-02-05 23:41 . 2014-12-12 05:35 5553592 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-05 23:41 . 2014-12-12 05:11 3971512 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-02-05 23:41 . 2014-12-12 05:11 3916728 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-02-05 23:41 . 2014-12-12 05:31 503808 ----a-w- c:\windows\system32\srcore.dll
2015-02-05 23:41 . 2014-12-12 05:31 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-02-05 23:41 . 2014-12-12 05:31 50176 ----a-w- c:\windows\system32\srclient.dll
2015-02-05 23:41 . 2014-12-12 05:07 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-02-05 23:41 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-02-05 23:41 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-02-05 18:19 . 2015-02-05 18:19 -------- d-----w- c:\users\frayedknots\AppData\Local\Noteworthy Software
2015-02-05 18:19 . 2015-02-05 18:19 -------- d-----w- c:\program files (x86)\Noteworthy Software
2015-02-04 21:50 . 2015-02-04 22:50 5070512 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-02-03 15:02 . 2015-02-03 15:02 -------- d-----w- c:\program files\Free Editor
2015-02-03 15:00 . 2015-02-03 15:04 -------- d-----w- c:\users\frayedknots\AppData\Roaming\Blue Labs, LLC
2015-02-03 14:46 . 2015-02-07 02:14 -------- d-----w- c:\program files (x86)\NCH Software
2015-02-03 14:46 . 2015-02-03 14:46 -------- d-----w- c:\programdata\NCH Software
2015-01-22 19:20 . 2015-01-22 19:22 -------- d-----w- c:\users\frayedknots\AppData\Local\Help
2015-01-22 19:19 . 2009-08-04 17:56 296960 ----a-w- c:\windows\winhlp32.exe
2015-01-22 19:19 . 2009-08-04 17:55 195072 ----a-w- c:\windows\SysWow64\ftsrch.dll
2015-01-22 19:19 . 2009-08-04 17:55 195072 ----a-w- c:\windows\system32\ftsrch.dll
2015-01-22 19:19 . 2009-08-04 17:55 9216 ----a-w- c:\windows\SysWow64\ftlx0411.dll
2015-01-22 19:19 . 2009-08-04 17:55 9216 ----a-w- c:\windows\system32\ftlx0411.dll
2015-01-22 19:19 . 2009-08-04 17:55 10240 ----a-w- c:\windows\SysWow64\ftlx041e.dll
2015-01-22 19:19 . 2009-08-04 17:55 10240 ----a-w- c:\windows\system32\ftlx041e.dll
2015-01-22 17:08 . 2015-01-22 17:08 -------- d-----w- c:\program files (x86)\abc2nwc
2015-01-22 17:08 . 2015-01-22 17:08 286720 ------w- c:\windows\Setup1.exe
2015-01-22 17:08 . 2015-01-22 17:08 73216 ----a-w- c:\windows\ST6UNST.EXE
2015-01-22 07:30 . 2014-09-17 03:20 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12BC9B43-A6B9-40AF-9A7E-F2C4E14FAED3}\gapaengine.dll
2015-01-21 20:36 . 2015-01-21 20:36 -------- d-----w- c:\users\frayedknots\AppData\Local\EasyABC
2015-01-21 20:35 . 2015-01-21 20:35 -------- d-----w- c:\program files (x86)\EasyABC
2015-01-17 17:10 . 2015-01-17 17:10 -------- d-----w- c:\program files\VuePrint
2015-01-17 01:45 . 2015-01-17 01:45 -------- d-----w- c:\program files\7-Zip
2015-01-10 21:21 . 2015-02-08 00:04 -------- d-----r- c:\users\frayedknots\Dropbox
2015-01-10 21:17 . 2015-02-08 00:04 -------- d-----w- c:\users\frayedknots\AppData\Roaming\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-08 02:02 . 2014-08-12 20:55 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-08 02:01 . 2014-08-12 20:55 97496 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-08 00:14 . 2014-01-31 11:14 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-02-08 00:14 . 2014-01-31 11:14 319912 ----a-w- c:\windows\system32\javaws.exe
2015-02-08 00:14 . 2014-01-31 11:14 191400 ----a-w- c:\windows\system32\javaw.exe
2015-02-08 00:14 . 2014-01-31 11:14 190888 ----a-w- c:\windows\system32\java.exe
2015-02-05 23:42 . 2011-10-26 12:49 113365784 ----a-w- c:\windows\system32\MRT.exe
2015-02-04 22:50 . 2012-05-12 13:04 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-04 22:50 . 2011-10-20 14:20 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-30 14:03 . 2012-05-17 17:22 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2015-01-26 12:08 . 2012-06-15 22:34 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2015-01-25 23:00 . 2012-05-17 17:22 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-01-25 23:00 . 2012-05-17 17:22 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-01-24 13:01 . 2012-05-17 17:23 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2015-01-24 13:01 . 2012-06-15 22:32 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-01-24 13:00 . 2012-06-15 22:32 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-01-24 13:00 . 2012-06-15 22:32 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2015-01-04 21:38 . 2015-01-04 13:55 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-12-31 11:14 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-13 05:09 . 2014-12-25 00:28 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-25 00:28 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-11-27 01:43 . 2014-12-24 22:45 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-24 22:45 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-24 22:45 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-24 22:45 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-24 22:45 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-24 22:45 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-24 22:45 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-24 22:45 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-24 22:45 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-24 22:45 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-24 22:45 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-24 22:45 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-24 22:45 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-24 22:45 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-24 22:45 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-24 22:45 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-24 22:45 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-24 22:45 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-24 22:45 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-24 22:45 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-24 22:45 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-24 22:45 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-24 22:45 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-24 22:45 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-24 22:45 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-24 22:45 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-24 22:45 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-24 22:45 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-24 22:45 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-24 22:45 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-24 22:45 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-24 22:45 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-24 22:45 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-24 22:45 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-24 22:45 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-24 22:45 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-24 22:45 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-24 22:45 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-24 22:45 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-24 22:45 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-21 11:14 . 2014-08-12 20:55 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 11:14 . 2011-12-17 15:07 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-11 03:09 . 2014-12-24 22:44 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-29 18:00 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-29 18:00 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-24 22:44 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-29 18:00 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-29 18:00 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2015-01-01 15:43 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-01-28 7780120]
"WinPatrol "= "c:\program files (x86)\Ruiware\WinPatrol\winpatrol.exe" [2014-07-21 1154112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation "= "c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"ToshibaAppPlace "= "c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"Autorun Eater "= "c:\program files (x86)\Autorun Eater\oldmcdonald.exe" [2012-02-17 522720]
"ISUSPM "= "c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976]
"Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"WD Quick View "= "c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2014-12-02 5562736]
"SunJavaUpdateSched "= "c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-12-18 508800]
.
c:\users\frayedknots\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\frayedknots\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-1-10 39206888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Printkey2000.lnk - c:\program files (x86)\PrintKey2000\Printkey2000.exe [2012-10-6 869376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 GSVDRIVE;GSVDRIVE Driver;c:\windows\system32\DRIVERS\GSVDRIVE.sys;c:\windows\SYSNATIVE\DRIVERS\GSVDRIVE.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 DVDHelp;DVD Video Region CSS free Filter Driver;c:\windows\system32\drivers\DVDHelp.sys;c:\windows\SYSNATIVE\drivers\DVDHelp.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 22:50]
.
2015-02-08 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 752c946f-2f55-4c03-8915-e16477c549c4.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2015-02-08 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 81c50e6f-1708-4d56-af15-1ca1ad9d1122.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt1"]
@= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 164760 ----a-w- c:\users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt2"]
@= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 164760 ----a-w- c:\users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt3"]
@= "{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 164760 ----a-w- c:\users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt4"]
@= "{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 164760 ----a-w- c:\users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt5"]
@= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 164760 ----a-w- c:\users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt6"]
@= "{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 164760 ----a-w- c:\users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt7"]
@= "{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 164760 ----a-w- c:\users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt8"]
@= "{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 164760 ----a-w- c:\users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"SmartAudio "= "c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"SynTPEnh "= "c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain "= "c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"TCrdMain "= "c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"TosVolRegulator "= "c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify "= "c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosNC "= "c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor "= "c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"EvtMgr6 "= "c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: yahoo.com\us.1.p11.webhosting
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\frayedknots\AppData\Roaming\Mozilla\Firefox\Profiles\935x86vm.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=219247&p=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Trusted Software Assistant_is1 - c:\program files (x86)\File Type Assistant\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath "= "\ "c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe\" /s \ "PCCUJobMgr\" /m \ "c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll\" /prefetch:1 "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@= "c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker6 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@= "c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Shockwave Flash Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= "0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= "ShockwaveFlash.ShockwaveFlash.16 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "ShockwaveFlash.ShockwaveFlash "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Macromedia Flash Factory Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= "FlashFactory.FlashFactory.1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "FlashFactory.FlashFactory "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker6 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-02-08 08:29:35
ComboFix-quarantined-files.txt 2015-02-08 13:29
ComboFix2.txt 2015-01-25 19:21
.
Pre-Run: 145,667,973,120 bytes free
Post-Run: 145,646,825,472 bytes free
.
- - End Of File - - 2AACA3F2AFCE558DA816573CE6EEEBAA

broni · 2015/02/08

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Scan button.

When the scan has finished click on Clean button.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

frayedknotarts · 2015/02/08

Something else interesting: Microsoft Essentials was unable to perform an update, so I unloaded it abd then re-installed from a new download. Working a treat now.

Reports:

# AdwCleaner v4.110 - Logfile created 08/02/2015 at 15:54:02
# Updated 05/02/2015 by Xplode
# Database : 2015-02-08.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : frayedknots - FRAYEDKNOTS-PC
# Running from : C:\Users\frayedknots\Downloads\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : PanService

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\frayedknots\Favorites\Search
Folder Deleted : C:\ProgramData\ytd video downloader
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Users\frayedknots\AppData\Local\DefineExt
Folder Deleted : C:\Users\frayedknots\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\frayedknots\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\frayedknots\AppData\Roaming\pccustubinstaller
Folder Deleted : C:\Users\frayedknots\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\frayedknots\AppData\Roaming\Search Protection
File Deleted : C:\Users\frayedknots\daemonprocess.txt
File Deleted : C:\Users\frayedknots\AppData\Roaming\Mozilla\Firefox\Profiles\935x86vm.default\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\frayedknots\AppData\Roaming\Mozilla\Firefox\Profiles\935x86vm.default\user.js

***** [ Scheduled tasks ] *****

Task Deleted : ProgramRefresh-ATFST
Task Deleted : ProgramUpdateCheck

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6765055A-6FA2-4A59-9BC1-E80167E690FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7471FDF2-F581-4FA6-9C73-F29EA897F4FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{77D804E7-4020-4D30-A0D1-029EF10E6AF8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85A57945-962A-43D6-82CF-E8018BAC91C2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8620341E-9F11-4EE4-AB73-C285D869A942}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{891B33F0-EB99-4AAF-9D69-4F9CC83FAEC9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BCD2900F-FAAD-459A-820E-6C7E34B62D31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1667F75-620F-4E30-B62C-8082372A0E5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C82BFE3F-4D68-4FD2-A524-4637AB22FC99}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7AB9FEB-10A3-4488-B455-DC9A70E22BC0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\FileTypeAssistant
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\Define Ext
Key Deleted : HKLM\SOFTWARE\Define Ext
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trusted Software Assistant_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v35.0.1 (x86 en-US)

[935x86vm.default\prefs.js] - Line Deleted : user_pref( "browser.search.hiddenOneOffs ", "Yahoo,Bing,Amazon.com,AVG Secure Search,DuckDuckGo,eBay,Twitter ");
[935x86vm.default\prefs.js] - Line Deleted : user_pref( "startpage.ntsearch_url ", "hxxps://search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=937811&p={searchTerms} ");

-\\ Google Chrome v

-\\ Chromium v

*************************

AdwCleaner[R0].txt - [5612 bytes] - [08/02/2015 15:52:12]
AdwCleaner[S0].txt - [5464 bytes] - [08/02/2015 15:54:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5523 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x64
Ran by frayedknots on Sun 02/08/2015 at 15:58:06.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\frayedknots\appdata\local\{98A6DC97-196B-4230-BC12-B86BF9E9A060}

~~~ FireFox

Emptied folder: C:\Users\frayedknots\AppData\Roaming\mozilla\firefox\profiles\935x86vm.default\minidumps [437 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/08/2015 at 16:01:36.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by frayedknots (administrator) on FRAYEDKNOTS-PC on 08-02-2015 16:03:06
Running from C:\Users\frayedknots\Downloads
Loaded Profiles: frayedknots (Available profiles: frayedknots)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Fred's Software) C:\Program Files (x86)\PrintKey2000\Printkey2000.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Dropbox, Inc.) C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Old McDonald's Farm) C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe
(Old McDonald's Farm) C:\Program Files (x86)\Autorun Eater\billy.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [Autorun Eater] => C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe [522720 2012-02-17] (Old McDonald's Farm)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-12-02] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-198641074-826246188-2505207374-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-28] (SUPERAntiSpyware)
HKU\S-1-5-21-198641074-826246188-2505207374-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Printkey2000.lnk
ShortcutTarget: Printkey2000.lnk -> C:\Program Files (x86)\PrintKey2000\Printkey2000.exe (Fred's Software)
Startup: C:\Users\frayedknots\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-198641074-826246188-2505207374-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-198641074-826246188-2505207374-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {FC80DA59-D005-4A01-944A-7B88E56E5095} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {219A19BE-74D5-4180-AB84-8DB4E5087DC3} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-198641074-826246188-2505207374-1000 -> {219A19BE-74D5-4180-AB84-8DB4E5087DC3} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-198641074-826246188-2505207374-1000 -> {25D9A7D1-8490-452C-9123-6C404539C623} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-198641074-826246188-2505207374-1000 -> {8DE5AB95-D8CA-4320-AEFD-3B0D31E8DB4E} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-198641074-826246188-2505207374-1000 -> {A3E0A49F-C1EC-4BAB-B08B-309ADBADD1AB} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS452
SearchScopes: HKU\S-1-5-21-198641074-826246188-2505207374-1000 -> {F99D3F43-D6BF-E64F-D25A-DF3E0DB5D180} URL = http://www.bing.com/search?q={searchTerms}&pc=Z196&form=ZGAIDF&install_date=20111125&iesrc={referrer:source}
SearchScopes: HKU\S-1-5-21-198641074-826246188-2505207374-1000 -> {FC80DA59-D005-4A01-944A-7B88E56E5095} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKU\S-1-5-21-198641074-826246188-2505207374-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-198641074-826246188-2505207374-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\frayedknots\AppData\Roaming\Mozilla\Firefox\Profiles\935x86vm.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.2:
FF Homepage: www.google.com
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=219247&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\frayedknots\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: Разпознаване на устройство Logitech - C:\Users\frayedknots\AppData\Roaming\Mozilla\Firefox\Profiles\935x86vm.default\Extensions\DeviceDetection@logitech.com [2011-10-22]
FF Extension: DownloadHelper - C:\Users\frayedknots\AppData\Roaming\Mozilla\Firefox\Profiles\935x86vm.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: SSL Version Control - C:\Users\frayedknots\AppData\Roaming\Mozilla\Firefox\Profiles\935x86vm.default\Extensions\jid1-ZM3BerwS6FsQAg@jetpack.xpi [2014-10-23]
FF Extension: Photobucket Uploader - C:\Users\frayedknots\AppData\Roaming\Mozilla\Firefox\Profiles\935x86vm.default\Extensions\pbupload@photobucket.com.xpi [2012-11-13]
FF Extension: Adblock Plus - C:\Users\frayedknots\AppData\Roaming\Mozilla\Firefox\Profiles\935x86vm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-04]
FF Extension: Define Ext - C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org [2015-01-30]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-01-05]

Chrome:
=======
CHR Profile: C:\Users\frayedknots\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [126392 2011-02-03] (Symantec Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1095824 2012-06-02] (Corel Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-12-02] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 DVDHelp; C:\Windows\System32\drivers\DVDHelp.sys [28696 2013-07-04] ()
S3 GSVDRIVE; C:\Windows\System32\DRIVERS\GSVDRIVE.sys [28568 2012-10-13] (GiliSoft International LLC.) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-05-02] (Corel Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-07] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

(continued)

frayedknotarts · 2015/02/08

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 16:03 - 2015-02-08 16:03 - 00019506 _____ () C:\Users\frayedknots\Downloads\FRST.txt
2015-02-08 16:03 - 2015-02-08 16:03 - 00000000 ___DC () C:\FRST
2015-02-08 16:01 - 2015-02-08 16:01 - 00000892 _____ () C:\Users\frayedknots\Desktop\JRT.txt
2015-02-08 15:52 - 2015-02-08 15:54 - 00000000 ___DC () C:\AdwCleaner
2015-02-08 15:50 - 2015-02-08 15:50 - 02132992 _____ (Farbar) C:\Users\frayedknots\Downloads\FRST64.exe
2015-02-08 15:50 - 2015-02-08 15:50 - 02112512 _____ () C:\Users\frayedknots\Downloads\adwcleaner_4.110.exe
2015-02-08 15:50 - 2015-02-08 15:50 - 01388274 _____ (Thisisu) C:\Users\frayedknots\Downloads\JRT.exe
2015-02-08 14:38 - 2015-02-08 14:38 - 00002128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-08 14:37 - 2015-02-08 14:38 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-08 14:37 - 2015-02-08 14:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-08 14:34 - 2015-02-08 14:34 - 14087848 _____ (Microsoft Corporation) C:\Users\frayedknots\Downloads\mseinstall.exe
2015-02-08 08:29 - 2015-02-08 08:29 - 00030164 ____C () C:\ComboFix.txt
2015-02-07 22:52 - 2015-02-08 08:17 - 05609947 ____R (Swearware) C:\Users\frayedknots\Downloads\ComboFix.exe
2015-02-07 21:02 - 2015-02-07 21:29 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-07 21:01 - 2015-02-07 21:29 - 00000000 ____D () C:\Users\frayedknots\Desktop\mbar
2015-02-07 21:01 - 2015-02-07 21:01 - 16466552 _____ (Malwarebytes Corp.) C:\Users\frayedknots\Downloads\mbar-1.08.3.1004.exe
2015-02-07 20:15 - 2015-02-07 20:15 - 00035064 _____ () C:\windows\system32\Drivers\TrueSight.sys
2015-02-07 20:15 - 2015-02-07 20:15 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-07 20:13 - 2015-02-07 20:14 - 15431256 _____ () C:\Users\frayedknots\Downloads\RogueKiller(1).exe
2015-02-07 19:27 - 2015-02-07 19:27 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-07 19:26 - 2015-02-07 19:26 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-07 18:51 - 2015-02-07 19:29 - 00001545 _____ () C:\Users\frayedknots\Desktop\Yahoo SiteBuilder.lnk
2015-02-07 10:26 - 2015-02-08 16:02 - 00000000 ____D () C:\Users\frayedknots\Desktop\reports
2015-02-07 09:02 - 2015-02-07 09:02 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-05 18:42 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-02-05 18:42 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-02-05 18:42 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-02-05 18:42 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-02-05 18:41 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-02-05 18:41 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-05 18:41 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-02-05 18:41 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-02-05 18:41 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-02-05 18:41 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-02-05 18:41 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-02-05 18:41 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-02-05 18:41 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-02-05 13:19 - 2015-02-05 13:30 - 00000000 ____D () C:\Users\frayedknots\Documents\NoteWorthy Composer
2015-02-05 13:19 - 2015-02-05 13:19 - 00001265 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoteWorthy Composer 2.lnk
2015-02-05 13:19 - 2015-02-05 13:19 - 00001253 _____ () C:\Users\Public\Desktop\NoteWorthy Composer 2.lnk
2015-02-05 13:19 - 2015-02-05 13:19 - 00000000 ____D () C:\Users\frayedknots\AppData\Local\Noteworthy Software
2015-02-05 13:19 - 2015-02-05 13:19 - 00000000 ____D () C:\Program Files (x86)\Noteworthy Software
2015-02-04 16:50 - 2015-02-04 17:50 - 05070512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-02-03 10:02 - 2015-02-03 10:02 - 00000854 _____ () C:\Users\Public\Desktop\Free Editor.lnk
2015-02-03 10:02 - 2015-02-03 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Editor
2015-02-03 10:02 - 2015-02-03 10:02 - 00000000 ____D () C:\Program Files\Free Editor
2015-02-03 10:00 - 2015-02-03 10:04 - 00000000 ____D () C:\Users\frayedknots\AppData\Roaming\Blue Labs, LLC
2015-02-03 09:47 - 2015-02-03 09:49 - 00000000 ____D () C:\windows\System32\Tasks\NCH Software
2015-02-03 09:46 - 2015-02-06 21:14 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2015-02-03 09:46 - 2015-02-03 09:46 - 00000000 ____D () C:\ProgramData\NCH Software
2015-01-30 22:43 - 2015-01-30 22:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 10:08 - 2011-06-26 01:45 - 00256000 _____ () C:\windows\PEV.exe
2015-01-25 10:08 - 2010-11-07 12:20 - 00208896 _____ () C:\windows\MBR.exe
2015-01-25 10:08 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-01-25 10:08 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-01-25 10:08 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-01-25 10:08 - 2000-08-30 19:00 - 00098816 _____ () C:\windows\sed.exe
2015-01-25 10:08 - 2000-08-30 19:00 - 00080412 _____ () C:\windows\grep.exe
2015-01-25 10:08 - 2000-08-30 19:00 - 00068096 _____ () C:\windows\zip.exe
2015-01-22 14:20 - 2015-01-22 14:22 - 00000000 ____D () C:\Users\frayedknots\AppData\Local\Help
2015-01-22 14:20 - 2015-01-22 14:20 - 00000000 ____D () C:\Users\frayedknots\AppData\Roaming\Help
2015-01-22 14:19 - 2009-08-04 12:56 - 00296960 _____ (Microsoft Corporation) C:\windows\winhlp32.exe
2015-01-22 14:19 - 2009-08-04 12:55 - 00195072 _____ (Microsoft Corporation) C:\windows\SysWOW64\ftsrch.dll
2015-01-22 14:19 - 2009-08-04 12:55 - 00195072 _____ (Microsoft Corporation) C:\windows\system32\ftsrch.dll
2015-01-22 14:19 - 2009-08-04 12:55 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\ftlx041e.dll
2015-01-22 14:19 - 2009-08-04 12:55 - 00010240 _____ (Microsoft Corporation) C:\windows\system32\ftlx041e.dll
2015-01-22 14:19 - 2009-08-04 12:55 - 00009216 _____ (Microsoft Corporation) C:\windows\SysWOW64\ftlx0411.dll
2015-01-22 14:19 - 2009-08-04 12:55 - 00009216 _____ (Microsoft Corporation) C:\windows\system32\ftlx0411.dll
2015-01-22 12:12 - 2015-01-22 12:12 - 00001014 _____ () C:\Users\frayedknots\Desktop\abc2nwc.LNK
2015-01-22 12:08 - 2015-01-22 12:08 - 00286720 ____N (Microsoft Corporation) C:\windows\Setup1.exe
2015-01-22 12:08 - 2015-01-22 12:08 - 00073216 _____ (Microsoft Corporation) C:\windows\ST6UNST.EXE
2015-01-22 12:08 - 2015-01-22 12:08 - 00000000 ____D () C:\Users\frayedknots\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\abc2nwc
2015-01-22 12:08 - 2015-01-22 12:08 - 00000000 ____D () C:\Program Files (x86)\abc2nwc
2015-01-21 15:36 - 2015-01-21 15:36 - 00000000 ____D () C:\Users\frayedknots\AppData\Local\EasyABC
2015-01-21 15:35 - 2015-01-21 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyABC
2015-01-21 15:35 - 2015-01-21 15:35 - 00000000 ____D () C:\Program Files (x86)\EasyABC
2015-01-17 12:10 - 2015-01-17 12:10 - 00000000 ____D () C:\Program Files\VuePrint
2015-01-16 20:45 - 2015-01-16 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-16 20:45 - 2015-01-16 20:45 - 00000000 ____D () C:\Program Files\7-Zip
2015-01-10 16:21 - 2015-02-08 15:56 - 00000000 ___RD () C:\Users\frayedknots\Dropbox
2015-01-10 16:21 - 2015-01-10 16:28 - 00001053 _____ () C:\Users\frayedknots\Desktop\Dropbox.lnk
2015-01-10 16:18 - 2015-01-10 16:28 - 00000000 ____D () C:\Users\frayedknots\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-10 16:17 - 2015-02-08 15:56 - 00000000 ____D () C:\Users\frayedknots\AppData\Roaming\Dropbox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 16:03 - 2009-07-13 23:45 - 00028592 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 16:03 - 2009-07-13 23:45 - 00028592 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 16:02 - 2009-07-14 00:13 - 00787100 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-08 15:59 - 2011-08-03 13:55 - 01322831 _____ () C:\windows\WindowsUpdate.log
2015-02-08 15:56 - 2015-01-04 11:06 - 00008192 _____ () C:\windows\SysWOW64\WDPABKP.dat
2015-02-08 15:55 - 2013-10-22 07:51 - 00189876 _____ () C:\windows\PFRO.log
2015-02-08 15:55 - 2013-10-18 11:47 - 00019216 _____ () C:\windows\setupact.log
2015-02-08 15:55 - 2011-10-17 13:49 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-08 15:55 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-08 15:54 - 2011-10-04 15:45 - 00000000 ____D () C:\Users\frayedknots
2015-02-08 15:50 - 2012-05-12 08:04 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-08 14:53 - 2012-10-06 09:52 - 00000000 ____D () C:\Program Files (x86)\PrintKey2000
2015-02-08 14:38 - 2011-10-04 19:47 - 00001945 _____ () C:\windows\epplauncher.mif
2015-02-08 08:29 - 2013-03-07 09:24 - 00000000 ____D () C:\Qoobox
2015-02-08 08:26 - 2009-07-13 21:34 - 00000215 ____C () C:\windows\system.ini
2015-02-08 01:14 - 2011-10-17 13:49 - 00000522 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 81c50e6f-1708-4d56-af15-1ca1ad9d1122.job
2015-02-08 00:53 - 2011-10-17 13:49 - 00000522 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 752c946f-2f55-4c03-8915-e16477c549c4.job
2015-02-07 22:09 - 2014-12-01 13:28 - 00326656 _____ () C:\Users\frayedknots\Desktop\DVD-INVENTORY.xls
2015-02-07 21:02 - 2014-08-12 15:55 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-07 21:01 - 2014-08-12 15:55 - 00097496 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-07 19:29 - 2014-08-19 13:08 - 00000000 ___DC () C:\NewSitebuilder
2015-02-07 19:15 - 2014-01-31 06:13 - 00000000 ____D () C:\Program Files\Java
2015-02-07 19:14 - 2014-01-31 06:14 - 00319912 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2015-02-07 19:14 - 2014-01-31 06:14 - 00191400 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2015-02-07 19:14 - 2014-01-31 06:14 - 00190888 _____ (Oracle Corporation) C:\windows\system32\java.exe
2015-02-07 19:14 - 2014-01-31 06:14 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2015-02-07 19:13 - 2014-01-25 09:05 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-07 18:51 - 2014-03-09 07:54 - 00000000 ____D () C:\Users\frayedknots\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yahoo
2015-02-07 09:02 - 2014-08-12 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-07 09:02 - 2014-08-12 15:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-05 18:47 - 2013-07-18 08:13 - 00000000 ____D () C:\windows\system32\MRT
2015-02-05 18:42 - 2011-10-26 07:49 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-05 14:35 - 2009-07-13 23:45 - 00442736 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-05 14:20 - 2013-06-22 12:32 - 00000000 ____D () C:\ProgramData\DVD Shrink
2015-02-05 14:11 - 2013-06-22 12:49 - 00000000 ____D () C:\ProgramData\Roxio
2015-02-05 13:34 - 2011-10-04 15:48 - 00124344 _____ () C:\Users\frayedknots\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-05 09:17 - 2013-11-29 07:51 - 00000000 ____D () C:\temp_dvd
2015-02-04 20:00 - 2012-11-21 21:54 - 00000000 ____D () C:\Users\frayedknots\AppData\Local\CrashDumps
2015-02-04 17:50 - 2012-05-12 08:04 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 17:50 - 2012-05-12 08:04 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 17:50 - 2011-10-20 09:20 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 10:03 - 2014-01-16 23:22 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-31 18:51 - 2012-06-28 06:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-31 18:46 - 2013-10-29 10:20 - 00000000 _____ () C:\windows\SysWOW64\dvdtest10024.dat
2015-01-25 18:19 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2015-01-25 14:21 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2015-01-25 14:19 - 2013-03-07 09:23 - 00000000 ____D () C:\windows\erdnt
2015-01-25 10:20 - 2009-07-14 00:08 - 00032600 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-01-25 10:19 - 2009-07-13 21:34 - 78118912 _____ () C:\windows\system32\config\SOFTWARE.bak
2015-01-25 10:19 - 2009-07-13 21:34 - 17039360 _____ () C:\windows\system32\config\SYSTEM.bak
2015-01-25 10:19 - 2009-07-13 21:34 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak
2015-01-25 10:19 - 2009-07-13 21:34 - 00262144 _____ () C:\windows\system32\config\SAM.bak
2015-01-25 10:19 - 2009-07-13 21:34 - 00262144 _____ () C:\windows\system32\config\DEFAULT.bak
2015-01-24 12:56 - 2014-12-04 06:13 - 00001260 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2015-01-23 22:43 - 2013-01-12 14:54 - 00000000 ____D () C:\Users\frayedknots\Desktop\junk
2015-01-17 12:10 - 2011-10-04 15:45 - 00000000 ___RD () C:\Users\frayedknots\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-16 14:24 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF

==================== Files in the root of some directories =======

2013-12-03 08:58 - 2012-11-25 06:09 - 6492492 _____ () C:\Program Files (x86)\ClarisWorksv40.zip
2013-10-29 09:09 - 2014-05-31 13:06 - 0007859 _____ () C:\Users\frayedknots\AppData\Roaming\pcouffin.cat
2013-10-29 09:09 - 2014-05-31 13:06 - 0001167 _____ () C:\Users\frayedknots\AppData\Roaming\pcouffin.inf
2013-10-29 09:09 - 2014-05-31 13:06 - 0000055 _____ () C:\Users\frayedknots\AppData\Roaming\pcouffin.log
2013-10-29 09:09 - 2014-05-31 13:06 - 0082816 _____ (VSO Software) C:\Users\frayedknots\AppData\Roaming\pcouffin.sys
2011-10-17 15:02 - 2011-10-17 15:02 - 0000058 _____ () C:\Users\frayedknots\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2013-07-06 16:11 - 2013-07-07 12:53 - 0504108 _____ () C:\Users\frayedknots\AppData\Local\rx_image32.Cache
2013-11-23 08:54 - 2013-11-23 09:48 - 0000040 ___SH () C:\ProgramData\.zreglib

Some content of TEMP:
====================
C:\Users\frayedknots\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkhkm8d.dll
C:\Users\frayedknots\AppData\Local\Temp\Quarantine.exe
C:\Users\frayedknots\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-03 00:12

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by frayedknots at 2015-02-08 16:04:11
Running from C:\Users\frayedknots\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
abc2nwc (HKLM-x32\...\ST6UNST #1) (Version: - )
abc2score (HKLM-x32\...\abc2score) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - )
Angry Birds (HKLM-x32\...\{01509AB1-84BB-4AB9-A142-38AFA0BBDA25}) (Version: 4.0.0 - Rovio Entertainment Ltd.)
Angry Birds (HKLM-x32\...\{DE96EDE7-7D0A-49D7-9C11-121BA91F84E0}) (Version: 3.3.0 - Rovio Entertainment Ltd.)
Angry Birds Rio (HKLM-x32\...\{B4C29016-8195-4D07-80F1-6DFB5437C0B6}) (Version: 2.2.0 - Rovio Entertainment Ltd.)
Angry Birds Seasons (HKLM-x32\...\{E52AA845-C780-4CE4-A040-840073FFA12D}) (Version: 4.1.0 - Rovio Entertainment Ltd.)
Angry Birds Space (HKLM-x32\...\{FA4E4BC2-335B-4453-A381-0D111937E748}) (Version: 2.0.0 - Rovio Entertainment Ltd.)
Angry Birds Star Wars (HKLM-x32\...\{84389C53-9D0B-4417-AA5A-211BEE64BEC7}) (Version: 1.5.0 - Rovio Entertainment Ltd.)
Angry Birds Star Wars II (HKLM-x32\...\{F2901A5D-DB84-4E40-AD63-F8DFB239DD86}) (Version: 1.5.1 - Rovio Entertainment Ltd.)
AnyMP4 DVD Toolkit 6.0.38 (HKLM-x32\...\{0B656B87-BF80-4239-85B5-C6E673158C9E}_is1) (Version: - )
Arclab Dir2HTML 1.0 Freeware (HKLM-x32\...\Arclab Dir2HTML_is1) (Version: - Arclab Software Technologies)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.)
Autorun Eater v2.6 (HKLM-x32\...\Autorun Eater_is1) (Version: 2.6 - Old McDonald's Farm)
Bad Piggies (HKLM-x32\...\{9524C306-CC16-44A0-82AA-996409D1A059}) (Version: 1.3.0.0 - Rovio Entertainment Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
Cisco WebEx Meetings (HKU\S-1-5-21-198641074-826246188-2505207374-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKU\S-1-5-21-198641074-826246188-2505207374-1000\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
DVD-Cloner V12.00 Build 1400 (HKLM-x32\...\DVD-Cloner 2015_is1) (Version: 12.00.0.1400 - OpenCloner Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileLocator Lite 2010 (64-bit) (HKLM\...\FileLocator Lite (64-bit)_is1) (Version: - )
Free Editor (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66B4}_is1) (Version: 2.0.3 - Blue Labs, LLC)
GIMPshop .1 beta (HKLM-x32\...\GIMPshop) (Version: .1 beta - The GIMP team (gimpshop hack by Scott Moschella))
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.4.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.4.0 - )
Leawo DVD Creator version 5.3.0.0 (HKLM-x32\...\{29312768-5795-483C-805A-7D01B8FC7C0E}_is1) (Version: 5.3.0.0 - Leawo Software Co., Ltd.)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Disc 2 (HKLM-x32\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Professional (HKLM-x32\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Press Interactive Training (HKLM-x32\...\Microsoft Press Interactive Training) (Version: - )
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MyTomTom 3.2.0.700 (HKLM-x32\...\MyTomTom) (Version: 3.2.0.700 - TomTom)
Nils Liberg's EasyABC 1.3.5 (HKLM-x32\...\EasyABC_is1) (Version: - )
NoteWorthy Composer 2 (HKLM-x32\...\NoteWorthy Composer 2) (Version: Version 2.51a - Noteworthy Software, Inc.)
NoteWorthy Player (HKLM-x32\...\NoteWorthy Player) (Version: - )
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PrintKey2000 (HKLM-x32\...\PrintKey2000) (Version: - )
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Roxio Easy Video Copy and Convert 5 (HKLM-x32\...\{DC7FB4DA-8260-472E-8A31-88712EE14BBE}) (Version: 5.0 - Roxio)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1134 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.1 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.10.26 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.1 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 6.0.4 - UltraDefrag Development Team)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.1.0.12 - VSO Software)
VuePrint (HKLM-x32\...\VuePrint) (Version: - )
WD Drive Utilities (HKLM-x32\...\{2F540611-6560-470F-924A-5F52EFA9156F}) (Version: 1.0.5.7 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{79966948-BECF-4CB1-A79F-E76C830A17D2}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{7AE43D6C-B3F1-448D-AD84-1CDC7AC6EBC7}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinX DVD Ripper Platinum 7.5.7 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
Yahoo SiteBuilder (HKLM-x32\...\Yahoo SiteBuilder) (Version: 2.8.8 - Yahoo Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-198641074-826246188-2505207374-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198641074-826246188-2505207374-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198641074-826246188-2505207374-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198641074-826246188-2505207374-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198641074-826246188-2505207374-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198641074-826246188-2505207374-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198641074-826246188-2505207374-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198641074-826246188-2505207374-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198641074-826246188-2505207374-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

19-01-2015 02:30:10 Windows Update
22-01-2015 11:08:26 Windows Update
22-01-2015 14:18:42 Windows Update
25-01-2015 10:08:33 ComboFix created restore point
26-01-2015 10:33:10 Windows Update
30-01-2015 03:37:52 Windows Update
02-02-2015 19:04:57 Windows Update
03-02-2015 10:03:08 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
03-02-2015 10:03:52 Installed Free Editor
05-02-2015 18:42:12 Windows Update
07-02-2015 20:29:13 020815

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-01-25 14:17 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {328E80AB-9DAB-43DB-A9E0-5846A75D1306} - System32\Tasks\{1161601D-BF17-4D55-9E32-9E33580390D5} => pcalua.exe -a "E:\ADOBE Illustrator 10 EXTRACTED\Setup.exe" -d "E:\ADOBE Illustrator 10 EXTRACTED "
Task: {47339726-AB04-4071-A665-8BDA3974A371} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: {489E301D-AA95-49C5-B15A-4367A72D6904} - System32\Tasks\{47D031EB-1794-45FF-9F7C-CB382AE39539} => E:\all storage\All Saved Win98\Rest of D\POWERSPEC\POWERSPEC Startups 8-20-04\setup CLARIS4_\DISK1\SETUP.EXE [1995-08-06] (Stirling Technologies, Inc.)
Task: {48ED1AF7-FDBE-4BD9-9FC1-5831E1E7BE04} - System32\Tasks\{DB168B1F-26CB-4489-804C-9A361FB687B1} => C:\Users\frayedknots\claris4install\SETUP.EXE
Task: {51036F67-1BB4-421A-9EB4-0E95188DCA29} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-198641074-826246188-2505207374-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {5BF9F090-FF72-4ADE-8D99-77DD6886C265} - System32\Tasks\SUPERAntiSpyware Scheduled Task 752c946f-2f55-4c03-8915-e16477c549c4 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2011-05-04] (SUPERAdBlocker.com)
Task: {858CA098-56FA-4D80-AF7B-E17D489208A8} - System32\Tasks\{F1EDD8AC-37F0-41CD-926D-C94814F74B48} => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [2012-05-18] (TomTom)
Task: {BF84CCC0-6F19-4AB7-ACC0-0DBED22A86B2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-198641074-826246188-2505207374-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {CEE5C0F2-4116-4243-A78D-FFCD0A0F45AE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {D0331C71-4011-4574-A868-C70F0925D8B9} - System32\Tasks\SUPERAntiSpyware Scheduled Task 81c50e6f-1708-4d56-af15-1ca1ad9d1122 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2011-05-04] (SUPERAdBlocker.com)
Task: {D5413E9C-6E02-4531-A72E-0B2C921F1456} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {EB511165-C0AA-4AFE-A5ED-3573F9DBB3D2} - System32\Tasks\{38D507F2-BDEB-436B-BE5A-4893A0491399} => pcalua.exe -a "G:\sites as of 12012014\oldmusicproject1OLD\nwcplay\nwpsetup.exe" -d "G:\sites as of 12012014\oldmusicproject1OLD\nwcplay "
Task: {EFBD2511-48D7-471E-8589-B20354C4B118} - System32\Tasks\{BEDF782E-85DD-4A5F-94E8-E4A5B8EBB95C} => pcalua.exe -a "C:\Users\frayedknots\Desktop\incoming program installers\Photoshop_7\unzippedAdobe Photoshop 7.0, with serial\Photoshop\Setup.exe" -d "C:\Users\frayedknots\Desktop\incoming program installers\Photoshop_7\unzippedAdobe Photoshop 7.0, with serial\Photoshop "
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 752c946f-2f55-4c03-8915-e16477c549c4.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 81c50e6f-1708-4d56-af15-1ca1ad9d1122.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe

==================== Loaded Modules (whitelisted) ==============

2011-04-04 21:18 - 2011-04-04 21:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 19:18 - 2010-11-18 19:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2011-10-07 04:39 - 2011-10-07 04:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2010-12-08 17:42 - 2010-12-08 17:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-01-10 16:18 - 2015-01-08 15:44 - 00750080 _____ () C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-08 15:56 - 2015-02-08 15:56 - 00043008 _____ () c:\Users\frayedknots\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkhkm8d.dll
2015-01-10 16:18 - 2015-01-08 15:44 - 00047616 _____ () C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-01-10 16:28 - 2015-01-08 15:44 - 00863744 _____ () C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-01-10 16:28 - 2015-01-08 15:44 - 00200704 _____ () C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-198641074-826246188-2505207374-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\frayedknots\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-198641074-826246188-2505207374-500 - Administrator - Disabled)
frayedknots (S-1-5-21-198641074-826246188-2505207374-1000 - Administrator - Enabled) => C:\Users\frayedknots
Guest (S-1-5-21-198641074-826246188-2505207374-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-198641074-826246188-2505207374-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2015-02-08 08:25:36.518
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-08 08:25:36.378
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-08 08:25:36.222
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-08 08:25:36.097
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-25 10:18:38.861
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-25 10:18:38.737
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 27%
Total physical RAM: 8139.86 MB
Available physical RAM: 5931.53 MB
Total Pagefile: 16277.9 MB
Available Pagefile: 14002.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI106136W0E) (Fixed) (Total:452.82 GB) (Free:135.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (<John Wick>) (CDROM) (Total:7.95 GB) (Free:0 GB) UDF
Drive e: (SIMPLETOUGH UP TO 1-04-13) (Fixed) (Total:103.2 GB) (Free:48.91 GB) NTFS
Drive f: (REMOVABLE) (Removable) (Total:7.45 GB) (Free:5.01 GB) FAT32
Drive g: (My Book-4) (Fixed) (Total:3725.99 GB) (Free:2284.92 GB) NTFS
Drive h: (Seagate2TB) (Fixed) (Total:1863.01 GB) (Free:774.5 GB) NTFS
Drive i: (LARGE NTFS Partition) (Fixed) (Total:174.9 GB) (Free:113.28 GB) NTFS
Drive j: (FAT32 STORA) (Fixed) (Total:59.68 GB) (Free:59.67 GB) FAT32
Drive k: (WIN98STUFF) (Fixed) (Total:63.96 GB) (Free:63.96 GB) FAT32
Drive l: (SAVIOUR) (Fixed) (Total:63.99 GB) (Free:63.89 GB) NTFS
Drive m: (WHITE0001) (Removable) (Total:7.21 GB) (Free:6.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 95469684)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=452.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.5 GB) - (Type=17)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.

========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 439728DB)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 39942269)
Partition 1: (Not Active) - (Size=103.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=362.6 GB) - (Type=OF Extended)

========================================================
Disk: 4 (Size: 7.2 GB) (Disk ID: 17F92314)
Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0B)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)

==================== End Of Log ============================

broni · 2015/02/08

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

frayedknotarts · 2015/02/08

I *THINK* I did it rite, but...

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by frayedknots at 2015-02-08 23:08:21
Running from C:\Users\frayedknots\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
abc2nwc (HKLM-x32\...\ST6UNST #1) (Version: - )
abc2score (HKLM-x32\...\abc2score) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - )
Angry Birds (HKLM-x32\...\{01509AB1-84BB-4AB9-A142-38AFA0BBDA25}) (Version: 4.0.0 - Rovio Entertainment Ltd.)
Angry Birds (HKLM-x32\...\{DE96EDE7-7D0A-49D7-9C11-121BA91F84E0}) (Version: 3.3.0 - Rovio Entertainment Ltd.)
Angry Birds Rio (HKLM-x32\...\{B4C29016-8195-4D07-80F1-6DFB5437C0B6}) (Version: 2.2.0 - Rovio Entertainment Ltd.)
Angry Birds Seasons (HKLM-x32\...\{E52AA845-C780-4CE4-A040-840073FFA12D}) (Version: 4.1.0 - Rovio Entertainment Ltd.)
Angry Birds Space (HKLM-x32\...\{FA4E4BC2-335B-4453-A381-0D111937E748}) (Version: 2.0.0 - Rovio Entertainment Ltd.)
Angry Birds Star Wars (HKLM-x32\...\{84389C53-9D0B-4417-AA5A-211BEE64BEC7}) (Version: 1.5.0 - Rovio Entertainment Ltd.)
Angry Birds Star Wars II (HKLM-x32\...\{F2901A5D-DB84-4E40-AD63-F8DFB239DD86}) (Version: 1.5.1 - Rovio Entertainment Ltd.)
AnyMP4 DVD Toolkit 6.0.38 (HKLM-x32\...\{0B656B87-BF80-4239-85B5-C6E673158C9E}_is1) (Version: - )
Arclab Dir2HTML 1.0 Freeware (HKLM-x32\...\Arclab Dir2HTML_is1) (Version: - Arclab Software Technologies)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.)
Autorun Eater v2.6 (HKLM-x32\...\Autorun Eater_is1) (Version: 2.6 - Old McDonald's Farm)
Bad Piggies (HKLM-x32\...\{9524C306-CC16-44A0-82AA-996409D1A059}) (Version: 1.3.0.0 - Rovio Entertainment Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
Cisco WebEx Meetings (HKU\S-1-5-21-198641074-826246188-2505207374-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKU\S-1-5-21-198641074-826246188-2505207374-1000\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
DVD-Cloner V12.00 Build 1400 (HKLM-x32\...\DVD-Cloner 2015_is1) (Version: 12.00.0.1400 - OpenCloner Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileLocator Lite 2010 (64-bit) (HKLM\...\FileLocator Lite (64-bit)_is1) (Version: - )
Free Editor (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66B4}_is1) (Version: 2.0.3 - Blue Labs, LLC)
GIMPshop .1 beta (HKLM-x32\...\GIMPshop) (Version: .1 beta - The GIMP team (gimpshop hack by Scott Moschella))
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.4.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.4.0 - )
Leawo DVD Creator version 5.3.0.0 (HKLM-x32\...\{29312768-5795-483C-805A-7D01B8FC7C0E}_is1) (Version: 5.3.0.0 - Leawo Software Co., Ltd.)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Disc 2 (HKLM-x32\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Professional (HKLM-x32\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Press Interactive Training (HKLM-x32\...\Microsoft Press Interactive Training) (Version: - )
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MyTomTom 3.2.0.700 (HKLM-x32\...\MyTomTom) (Version: 3.2.0.700 - TomTom)
Nils Liberg's EasyABC 1.3.5 (HKLM-x32\...\EasyABC_is1) (Version: - )
NoteWorthy Composer 2 (HKLM-x32\...\NoteWorthy Composer 2) (Version: Version 2.51a - Noteworthy Software, Inc.)
NoteWorthy Player (HKLM-x32\...\NoteWorthy Player) (Version: - )
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PrintKey2000 (HKLM-x32\...\PrintKey2000) (Version: - )
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Roxio Easy Video Copy and Convert 5 (HKLM-x32\...\{DC7FB4DA-8260-472E-8A31-88712EE14BBE}) (Version: 5.0 - Roxio)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1134 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.1 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.10.26 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.1 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 6.0.4 - UltraDefrag Development Team)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.1.0.12 - VSO Software)
VuePrint (HKLM-x32\...\VuePrint) (Version: - )
WD Drive Utilities (HKLM-x32\...\{2F540611-6560-470F-924A-5F52EFA9156F}) (Version: 1.0.5.7 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{79966948-BECF-4CB1-A79F-E76C830A17D2}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{7AE43D6C-B3F1-448D-AD84-1CDC7AC6EBC7}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinX DVD Ripper Platinum 7.5.7 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
Yahoo SiteBuilder (HKLM-x32\...\Yahoo SiteBuilder) (Version: 2.8.8 - Yahoo Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-198641074-826246188-2505207374-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198641074-826246188-2505207374-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198641074-826246188-2505207374-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198641074-826246188-2505207374-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198641074-826246188-2505207374-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198641074-826246188-2505207374-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198641074-826246188-2505207374-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198641074-826246188-2505207374-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198641074-826246188-2505207374-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

19-01-2015 02:30:10 Windows Update
22-01-2015 11:08:26 Windows Update
22-01-2015 14:18:42 Windows Update
25-01-2015 10:08:33 ComboFix created restore point
26-01-2015 10:33:10 Windows Update
30-01-2015 03:37:52 Windows Update
02-02-2015 19:04:57 Windows Update
03-02-2015 10:03:08 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
03-02-2015 10:03:52 Installed Free Editor
05-02-2015 18:42:12 Windows Update
07-02-2015 20:29:13 020815

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-01-25 14:17 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {328E80AB-9DAB-43DB-A9E0-5846A75D1306} - System32\Tasks\{1161601D-BF17-4D55-9E32-9E33580390D5} => pcalua.exe -a "E:\ADOBE Illustrator 10 EXTRACTED\Setup.exe" -d "E:\ADOBE Illustrator 10 EXTRACTED "
Task: {47339726-AB04-4071-A665-8BDA3974A371} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: {489E301D-AA95-49C5-B15A-4367A72D6904} - System32\Tasks\{47D031EB-1794-45FF-9F7C-CB382AE39539} => E:\all storage\All Saved Win98\Rest of D\POWERSPEC\POWERSPEC Startups 8-20-04\setup CLARIS4_\DISK1\SETUP.EXE [1995-08-06] (Stirling Technologies, Inc.)
Task: {48ED1AF7-FDBE-4BD9-9FC1-5831E1E7BE04} - System32\Tasks\{DB168B1F-26CB-4489-804C-9A361FB687B1} => C:\Users\frayedknots\claris4install\SETUP.EXE
Task: {51036F67-1BB4-421A-9EB4-0E95188DCA29} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-198641074-826246188-2505207374-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {5BF9F090-FF72-4ADE-8D99-77DD6886C265} - System32\Tasks\SUPERAntiSpyware Scheduled Task 752c946f-2f55-4c03-8915-e16477c549c4 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2011-05-04] (SUPERAdBlocker.com)
Task: {858CA098-56FA-4D80-AF7B-E17D489208A8} - System32\Tasks\{F1EDD8AC-37F0-41CD-926D-C94814F74B48} => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [2012-05-18] (TomTom)
Task: {BF84CCC0-6F19-4AB7-ACC0-0DBED22A86B2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-198641074-826246188-2505207374-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {CEE5C0F2-4116-4243-A78D-FFCD0A0F45AE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {D0331C71-4011-4574-A868-C70F0925D8B9} - System32\Tasks\SUPERAntiSpyware Scheduled Task 81c50e6f-1708-4d56-af15-1ca1ad9d1122 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2011-05-04] (SUPERAdBlocker.com)
Task: {D5413E9C-6E02-4531-A72E-0B2C921F1456} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {EB511165-C0AA-4AFE-A5ED-3573F9DBB3D2} - System32\Tasks\{38D507F2-BDEB-436B-BE5A-4893A0491399} => pcalua.exe -a "G:\sites as of 12012014\oldmusicproject1OLD\nwcplay\nwpsetup.exe" -d "G:\sites as of 12012014\oldmusicproject1OLD\nwcplay "
Task: {EFBD2511-48D7-471E-8589-B20354C4B118} - System32\Tasks\{BEDF782E-85DD-4A5F-94E8-E4A5B8EBB95C} => pcalua.exe -a "C:\Users\frayedknots\Desktop\incoming program installers\Photoshop_7\unzippedAdobe Photoshop 7.0, with serial\Photoshop\Setup.exe" -d "C:\Users\frayedknots\Desktop\incoming program installers\Photoshop_7\unzippedAdobe Photoshop 7.0, with serial\Photoshop "
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 752c946f-2f55-4c03-8915-e16477c549c4.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 81c50e6f-1708-4d56-af15-1ca1ad9d1122.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe

==================== Loaded Modules (whitelisted) ==============

2011-04-04 21:18 - 2011-04-04 21:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 19:18 - 2010-11-18 19:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2011-10-07 04:39 - 2011-10-07 04:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2010-12-08 17:42 - 2010-12-08 17:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-01-10 16:18 - 2015-01-08 15:44 - 00750080 _____ () C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-08 15:56 - 2015-02-08 15:56 - 00043008 _____ () c:\Users\frayedknots\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkhkm8d.dll
2015-01-10 16:18 - 2015-01-08 15:44 - 00047616 _____ () C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-01-10 16:28 - 2015-01-08 15:44 - 00863744 _____ () C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-01-10 16:28 - 2015-01-08 15:44 - 00200704 _____ () C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-30 22:43 - 2015-01-30 22:43 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-198641074-826246188-2505207374-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\frayedknots\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-198641074-826246188-2505207374-500 - Administrator - Disabled)
frayedknots (S-1-5-21-198641074-826246188-2505207374-1000 - Administrator - Enabled) => C:\Users\frayedknots
Guest (S-1-5-21-198641074-826246188-2505207374-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-198641074-826246188-2505207374-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/08/2015 05:43:47 PM) (Source: TestWorker) (EventID: 1) (User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher

System errors:
=============
Error: (02/08/2015 05:43:35 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Microsoft Office Sessions:
=========================
Error: (02/08/2015 05:43:47 PM) (Source: TestWorker) (EventID: 1) (User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher

CodeIntegrity Errors:
===================================
Date: 2015-02-08 08:25:36.518
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-08 08:25:36.378
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-08 08:25:36.222
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-08 08:25:36.097
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-25 10:18:38.861
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-25 10:18:38.737
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 37%
Total physical RAM: 8139.86 MB
Available physical RAM: 5121.61 MB
Total Pagefile: 16277.9 MB
Available Pagefile: 13083.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (TI106136W0E) (Fixed) (Total:452.82 GB) (Free:132.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (<John Wick>) (CDROM) (Total:7.95 GB) (Free:0 GB) UDF
Drive e: (SIMPLETOUGH UP TO 1-04-13) (Fixed) (Total:103.2 GB) (Free:48.91 GB) NTFS
Drive f: (REMOVABLE) (Removable) (Total:7.45 GB) (Free:5.01 GB) FAT32
Drive g: (My Book-4) (Fixed) (Total:3725.99 GB) (Free:2284.92 GB) NTFS
Drive h: (Seagate2TB) (Fixed) (Total:1863.01 GB) (Free:774.5 GB) NTFS
Drive i: (LARGE NTFS Partition) (Fixed) (Total:174.9 GB) (Free:113.28 GB) NTFS
Drive j: (FAT32 STORA) (Fixed) (Total:59.68 GB) (Free:59.67 GB) FAT32
Drive k: (WIN98STUFF) (Fixed) (Total:63.96 GB) (Free:63.96 GB) FAT32
Drive l: (SAVIOUR) (Fixed) (Total:63.99 GB) (Free:63.89 GB) NTFS
Drive m: (WHITE0001) (Removable) (Total:7.21 GB) (Free:6.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 95469684)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=452.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.5 GB) - (Type=17)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.

========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 439728DB)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 39942269)
Partition 1: (Not Active) - (Size=103.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=362.6 GB) - (Type=OF Extended)

========================================================
Disk: 4 (Size: 7.2 GB) (Disk ID: 17F92314)
Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0B)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)

==================== End Of Log ============================

frayedknotarts · 2015/02/08

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by frayedknots at 2015-02-08 23:08:21
Running from C:\Users\frayedknots\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
abc2nwc (HKLM-x32\...\ST6UNST #1) (Version: - )
abc2score (HKLM-x32\...\abc2score) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - )
Angry Birds (HKLM-x32\...\{01509AB1-84BB-4AB9-A142-38AFA0BBDA25}) (Version: 4.0.0 - Rovio Entertainment Ltd.)
Angry Birds (HKLM-x32\...\{DE96EDE7-7D0A-49D7-9C11-121BA91F84E0}) (Version: 3.3.0 - Rovio Entertainment Ltd.)
Angry Birds Rio (HKLM-x32\...\{B4C29016-8195-4D07-80F1-6DFB5437C0B6}) (Version: 2.2.0 - Rovio Entertainment Ltd.)
Angry Birds Seasons (HKLM-x32\...\{E52AA845-C780-4CE4-A040-840073FFA12D}) (Version: 4.1.0 - Rovio Entertainment Ltd.)
Angry Birds Space (HKLM-x32\...\{FA4E4BC2-335B-4453-A381-0D111937E748}) (Version: 2.0.0 - Rovio Entertainment Ltd.)
Angry Birds Star Wars (HKLM-x32\...\{84389C53-9D0B-4417-AA5A-211BEE64BEC7}) (Version: 1.5.0 - Rovio Entertainment Ltd.)
Angry Birds Star Wars II (HKLM-x32\...\{F2901A5D-DB84-4E40-AD63-F8DFB239DD86}) (Version: 1.5.1 - Rovio Entertainment Ltd.)
AnyMP4 DVD Toolkit 6.0.38 (HKLM-x32\...\{0B656B87-BF80-4239-85B5-C6E673158C9E}_is1) (Version: - )
Arclab Dir2HTML 1.0 Freeware (HKLM-x32\...\Arclab Dir2HTML_is1) (Version: - Arclab Software Technologies)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.)
Autorun Eater v2.6 (HKLM-x32\...\Autorun Eater_is1) (Version: 2.6 - Old McDonald's Farm)
Bad Piggies (HKLM-x32\...\{9524C306-CC16-44A0-82AA-996409D1A059}) (Version: 1.3.0.0 - Rovio Entertainment Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
Cisco WebEx Meetings (HKU\S-1-5-21-198641074-826246188-2505207374-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKU\S-1-5-21-198641074-826246188-2505207374-1000\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
DVD-Cloner V12.00 Build 1400 (HKLM-x32\...\DVD-Cloner 2015_is1) (Version: 12.00.0.1400 - OpenCloner Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileLocator Lite 2010 (64-bit) (HKLM\...\FileLocator Lite (64-bit)_is1) (Version: - )
Free Editor (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66B4}_is1) (Version: 2.0.3 - Blue Labs, LLC)
GIMPshop .1 beta (HKLM-x32\...\GIMPshop) (Version: .1 beta - The GIMP team (gimpshop hack by Scott Moschella))
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.4.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.4.0 - )
Leawo DVD Creator version 5.3.0.0 (HKLM-x32\...\{29312768-5795-483C-805A-7D01B8FC7C0E}_is1) (Version: 5.3.0.0 - Leawo Software Co., Ltd.)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Disc 2 (HKLM-x32\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Professional (HKLM-x32\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Press Interactive Training (HKLM-x32\...\Microsoft Press Interactive Training) (Version: - )
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MyTomTom 3.2.0.700 (HKLM-x32\...\MyTomTom) (Version: 3.2.0.700 - TomTom)
Nils Liberg's EasyABC 1.3.5 (HKLM-x32\...\EasyABC_is1) (Version: - )
NoteWorthy Composer 2 (HKLM-x32\...\NoteWorthy Composer 2) (Version: Version 2.51a - Noteworthy Software, Inc.)
NoteWorthy Player (HKLM-x32\...\NoteWorthy Player) (Version: - )
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PrintKey2000 (HKLM-x32\...\PrintKey2000) (Version: - )
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Roxio Easy Video Copy and Convert 5 (HKLM-x32\...\{DC7FB4DA-8260-472E-8A31-88712EE14BBE}) (Version: 5.0 - Roxio)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1134 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.1 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.10.26 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.1 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 6.0.4 - UltraDefrag Development Team)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.1.0.12 - VSO Software)
VuePrint (HKLM-x32\...\VuePrint) (Version: - )
WD Drive Utilities (HKLM-x32\...\{2F540611-6560-470F-924A-5F52EFA9156F}) (Version: 1.0.5.7 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{79966948-BECF-4CB1-A79F-E76C830A17D2}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{7AE43D6C-B3F1-448D-AD84-1CDC7AC6EBC7}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinX DVD Ripper Platinum 7.5.7 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
Yahoo SiteBuilder (HKLM-x32\...\Yahoo SiteBuilder) (Version: 2.8.8 - Yahoo Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-198641074-826246188-2505207374-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198641074-826246188-2505207374-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198641074-826246188-2505207374-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198641074-826246188-2505207374-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198641074-826246188-2505207374-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198641074-826246188-2505207374-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198641074-826246188-2505207374-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198641074-826246188-2505207374-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198641074-826246188-2505207374-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

19-01-2015 02:30:10 Windows Update
22-01-2015 11:08:26 Windows Update
22-01-2015 14:18:42 Windows Update
25-01-2015 10:08:33 ComboFix created restore point
26-01-2015 10:33:10 Windows Update
30-01-2015 03:37:52 Windows Update
02-02-2015 19:04:57 Windows Update
03-02-2015 10:03:08 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
03-02-2015 10:03:52 Installed Free Editor
05-02-2015 18:42:12 Windows Update
07-02-2015 20:29:13 020815

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-01-25 14:17 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {328E80AB-9DAB-43DB-A9E0-5846A75D1306} - System32\Tasks\{1161601D-BF17-4D55-9E32-9E33580390D5} => pcalua.exe -a "E:\ADOBE Illustrator 10 EXTRACTED\Setup.exe" -d "E:\ADOBE Illustrator 10 EXTRACTED "
Task: {47339726-AB04-4071-A665-8BDA3974A371} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: {489E301D-AA95-49C5-B15A-4367A72D6904} - System32\Tasks\{47D031EB-1794-45FF-9F7C-CB382AE39539} => E:\all storage\All Saved Win98\Rest of D\POWERSPEC\POWERSPEC Startups 8-20-04\setup CLARIS4_\DISK1\SETUP.EXE [1995-08-06] (Stirling Technologies, Inc.)
Task: {48ED1AF7-FDBE-4BD9-9FC1-5831E1E7BE04} - System32\Tasks\{DB168B1F-26CB-4489-804C-9A361FB687B1} => C:\Users\frayedknots\claris4install\SETUP.EXE
Task: {51036F67-1BB4-421A-9EB4-0E95188DCA29} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-198641074-826246188-2505207374-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {5BF9F090-FF72-4ADE-8D99-77DD6886C265} - System32\Tasks\SUPERAntiSpyware Scheduled Task 752c946f-2f55-4c03-8915-e16477c549c4 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2011-05-04] (SUPERAdBlocker.com)
Task: {858CA098-56FA-4D80-AF7B-E17D489208A8} - System32\Tasks\{F1EDD8AC-37F0-41CD-926D-C94814F74B48} => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [2012-05-18] (TomTom)
Task: {BF84CCC0-6F19-4AB7-ACC0-0DBED22A86B2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-198641074-826246188-2505207374-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {CEE5C0F2-4116-4243-A78D-FFCD0A0F45AE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {D0331C71-4011-4574-A868-C70F0925D8B9} - System32\Tasks\SUPERAntiSpyware Scheduled Task 81c50e6f-1708-4d56-af15-1ca1ad9d1122 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2011-05-04] (SUPERAdBlocker.com)
Task: {D5413E9C-6E02-4531-A72E-0B2C921F1456} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {EB511165-C0AA-4AFE-A5ED-3573F9DBB3D2} - System32\Tasks\{38D507F2-BDEB-436B-BE5A-4893A0491399} => pcalua.exe -a "G:\sites as of 12012014\oldmusicproject1OLD\nwcplay\nwpsetup.exe" -d "G:\sites as of 12012014\oldmusicproject1OLD\nwcplay "
Task: {EFBD2511-48D7-471E-8589-B20354C4B118} - System32\Tasks\{BEDF782E-85DD-4A5F-94E8-E4A5B8EBB95C} => pcalua.exe -a "C:\Users\frayedknots\Desktop\incoming program installers\Photoshop_7\unzippedAdobe Photoshop 7.0, with serial\Photoshop\Setup.exe" -d "C:\Users\frayedknots\Desktop\incoming program installers\Photoshop_7\unzippedAdobe Photoshop 7.0, with serial\Photoshop "
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 752c946f-2f55-4c03-8915-e16477c549c4.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 81c50e6f-1708-4d56-af15-1ca1ad9d1122.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe

==================== Loaded Modules (whitelisted) ==============

2011-04-04 21:18 - 2011-04-04 21:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 19:18 - 2010-11-18 19:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2011-10-07 04:39 - 2011-10-07 04:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2010-12-08 17:42 - 2010-12-08 17:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-01-10 16:18 - 2015-01-08 15:44 - 00750080 _____ () C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-08 15:56 - 2015-02-08 15:56 - 00043008 _____ () c:\Users\frayedknots\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkhkm8d.dll
2015-01-10 16:18 - 2015-01-08 15:44 - 00047616 _____ () C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-01-10 16:28 - 2015-01-08 15:44 - 00863744 _____ () C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-01-10 16:28 - 2015-01-08 15:44 - 00200704 _____ () C:\Users\frayedknots\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-30 22:43 - 2015-01-30 22:43 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-198641074-826246188-2505207374-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\frayedknots\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-198641074-826246188-2505207374-500 - Administrator - Disabled)
frayedknots (S-1-5-21-198641074-826246188-2505207374-1000 - Administrator - Enabled) => C:\Users\frayedknots
Guest (S-1-5-21-198641074-826246188-2505207374-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-198641074-826246188-2505207374-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/08/2015 05:43:47 PM) (Source: TestWorker) (EventID: 1) (User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher

System errors:
=============
Error: (02/08/2015 05:43:35 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Microsoft Office Sessions:
=========================
Error: (02/08/2015 05:43:47 PM) (Source: TestWorker) (EventID: 1) (User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher

CodeIntegrity Errors:
===================================
Date: 2015-02-08 08:25:36.518
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-08 08:25:36.378
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-08 08:25:36.222
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-08 08:25:36.097
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-25 10:18:38.861
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-25 10:18:38.737
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 37%
Total physical RAM: 8139.86 MB
Available physical RAM: 5121.61 MB
Total Pagefile: 16277.9 MB
Available Pagefile: 13083.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (TI106136W0E) (Fixed) (Total:452.82 GB) (Free:132.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (<John Wick>) (CDROM) (Total:7.95 GB) (Free:0 GB) UDF
Drive e: (SIMPLETOUGH UP TO 1-04-13) (Fixed) (Total:103.2 GB) (Free:48.91 GB) NTFS
Drive f: (REMOVABLE) (Removable) (Total:7.45 GB) (Free:5.01 GB) FAT32
Drive g: (My Book-4) (Fixed) (Total:3725.99 GB) (Free:2284.92 GB) NTFS
Drive h: (Seagate2TB) (Fixed) (Total:1863.01 GB) (Free:774.5 GB) NTFS
Drive i: (LARGE NTFS Partition) (Fixed) (Total:174.9 GB) (Free:113.28 GB) NTFS
Drive j: (FAT32 STORA) (Fixed) (Total:59.68 GB) (Free:59.67 GB) FAT32
Drive k: (WIN98STUFF) (Fixed) (Total:63.96 GB) (Free:63.96 GB) FAT32
Drive l: (SAVIOUR) (Fixed) (Total:63.99 GB) (Free:63.89 GB) NTFS
Drive m: (WHITE0001) (Removable) (Total:7.21 GB) (Free:6.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 95469684)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=452.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.5 GB) - (Type=17)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.

========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 439728DB)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 39942269)
Partition 1: (Not Active) - (Size=103.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=362.6 GB) - (Type=OF Extended)

========================================================
Disk: 4 (Size: 7.2 GB) (Disk ID: 17F92314)
Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0B)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)

==================== End Of Log ============================

frayedknotarts · 2015/02/08

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by frayedknots at 2015-02-08 23:09:15 Run:1
Running from C:\Users\frayedknots\Desktop
Loaded Profiles: frayedknots (Available profiles: frayedknots)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-198641074-826246188-2505207374-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-198641074-826246188-2505207374-1000 -> {FC80DA59-D005-4A01-944A-7B88E56E5095} URL =
Toolbar: HKU\S-1-5-21-198641074-826246188-2505207374-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-198641074-826246188-2505207374-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2013-12-03 08:58 - 2012-11-25 06:09 - 6492492 _____ () C:\Program Files (x86)\ClarisWorksv40.zip
2013-10-29 09:09 - 2014-05-31 13:06 - 0007859 _____ () C:\Users\frayedknots\AppData\Roaming\pcouffin.cat
2013-10-29 09:09 - 2014-05-31 13:06 - 0001167 _____ () C:\Users\frayedknots\AppData\Roaming\pcouffin.inf
2013-10-29 09:09 - 2014-05-31 13:06 - 0000055 _____ () C:\Users\frayedknots\AppData\Roaming\pcouffin.log
2013-10-29 09:09 - 2014-05-31 13:06 - 0082816 _____ (VSO Software) C:\Users\frayedknots\AppData\Roaming\pcouffin.sys
2011-10-17 15:02 - 2011-10-17 15:02 - 0000058 _____ () C:\Users\frayedknots\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2013-07-06 16:11 - 2013-07-07 12:53 - 0504108 _____ () C:\Users\frayedknots\AppData\Local\rx_image32.Cache
2013-11-23 08:54 - 2013-11-23 09:48 - 0000040 ___SH () C:\ProgramData\.zreglib
C:\Users\frayedknots\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkhkm8d.dll
C:\Users\frayedknots\AppData\Local\Temp\Quarantine.exe
C:\Users\frayedknots\AppData\Local\Temp\sqlite3.dll
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
*****************

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-198641074-826246188-2505207374-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-198641074-826246188-2505207374-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FC80DA59-D005-4A01-944A-7B88E56E5095}" => Key deleted successfully.
HKCR\CLSID\{FC80DA59-D005-4A01-944A-7B88E56E5095} => Key not found.
HKU\S-1-5-21-198641074-826246188-2505207374-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKU\S-1-5-21-198641074-826246188-2505207374-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6" => Key deleted successfully.
catchme => Service deleted successfully.
C:\Program Files (x86)\ClarisWorksv40.zip => Moved successfully.
C:\Users\frayedknots\AppData\Roaming\pcouffin.cat => Moved successfully.
C:\Users\frayedknots\AppData\Roaming\pcouffin.inf => Moved successfully.
C:\Users\frayedknots\AppData\Roaming\pcouffin.log => Moved successfully.
C:\Users\frayedknots\AppData\Roaming\pcouffin.sys => Moved successfully.
C:\Users\frayedknots\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat => Moved successfully.
C:\Users\frayedknots\AppData\Local\rx_image32.Cache => Moved successfully.
C:\ProgramData\.zreglib => Moved successfully.
C:\Users\frayedknots\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkhkm8d.dll => Moved successfully.
C:\Users\frayedknots\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\frayedknots\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.

==== End of Fixlog 23:09:15 ====

frayedknotarts · 2015/02/08

As always, thank you for your help and kind attention!

Log in or Sign up

Solved Computer acting "strangely"

frayedknotarts Well-Known Member Thread Starter

PeteC SuperGeek Staff

frayedknotarts Well-Known Member Thread Starter

broni Moderator Malware Analyst

frayedknotarts Well-Known Member Thread Starter

broni Moderator Malware Analyst

frayedknotarts Well-Known Member Thread Starter

frayedknotarts Well-Known Member Thread Starter

broni Moderator Malware Analyst

frayedknotarts Well-Known Member Thread Starter

broni Moderator Malware Analyst

frayedknotarts Well-Known Member Thread Starter

broni Moderator Malware Analyst

frayedknotarts Well-Known Member Thread Starter

frayedknotarts Well-Known Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

frayedknotarts Well-Known Member Thread Starter

frayedknotarts Well-Known Member Thread Starter

frayedknotarts Well-Known Member Thread Starter

frayedknotarts Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Solved Computer acting "strangely"

frayedknotarts Well-Known Member Thread Starter

PeteC SuperGeek Staff

frayedknotarts Well-Known Member Thread Starter

broni Moderator Malware Analyst

frayedknotarts Well-Known Member Thread Starter

broni Moderator Malware Analyst

frayedknotarts Well-Known Member Thread Starter

frayedknotarts Well-Known Member Thread Starter

broni Moderator Malware Analyst

frayedknotarts Well-Known Member Thread Starter

broni Moderator Malware Analyst

frayedknotarts Well-Known Member Thread Starter

broni Moderator Malware Analyst

frayedknotarts Well-Known Member Thread Starter

frayedknotarts Well-Known Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

frayedknotarts Well-Known Member Thread Starter

frayedknotarts Well-Known Member Thread Starter

frayedknotarts Well-Known Member Thread Starter

frayedknotarts Well-Known Member Thread Starter

Share This Page

Useful Searches