Solved MalwareBytes Showing Regular Alerts about Blocking Website

Mr. Chip · 2015/02/14

[Solved] MalwareBytes Showing Regular Alerts about Blocking Website

Hello,

About a week ago Malwarebytes started to show an alert when I was using Mozilla Firefox on my Windows 7 PC. Every now and then I would get a popup message that it blocked firefox from accessing a malicious website with an IP of 208.43.117.244 called data.rtbfy.com. I have Windows Firewall turned on, have Malware Bytes Premium running (and updating) periodically, and use Fprot AV software.

This PC sits behind a Juniper Networks SSG-5 hardware firewall. It probably is not relevant, but I am in the process of moving the PC from an SBS 2003 domain to a Server 2012 domain.

I have many internal HDDs on my PC. I ran a full scan using Fprot (see attached log file). Fprot did not find any infected files. The scan found many damaged files in C:\Program Files\Java\jre1.8.0_20. It also could not open many files (see log).

I also ran a scan using MBAM and it did not find any malicious items.

Finally I ran DDS (see attached two logs).

I have been having an ongoing problem with Firefox. If I have more than one tab open that is playing a video or has video content, I often get a Shockwave error. When this happens, Firefox will lock up for about 60 seconds or so. (Not sure if this is relevant - but would LOVE to have this fixed too).

I would greatly appreciate any help in cleaning up the PC. Thank you!

Chip

*** For future reference, when you ask for me to run scans using AV are antimalware software, do I need to run then on all of my PCs internal drives or just on the boot drive? The scans would run much faster if it was the boot drive only.

PeteC · 2015/02/15

Mr Chip - please copy and paste the contents of the MBAM and the 2 DDS logs into posts in your thread here. You may need to spread individual logs over one or more posts. Logs via attachments are not acceptable.

Mr. Chip · 2015/02/15

MBM Log

Thanks for your help PeteC!

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/14/2015
Scan Time: 10:18:40 AM
Logfile: MBAM log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.14.04
Rootkit Database: v2015.02.03.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: chip

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 466332
Time Elapsed: 9 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Mr. Chip · 2015/02/15

DDS Log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17229
Run by chip at 20:57:27 on 2015-02-14
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16331.12978 [GMT -8:00]
.
AV: F-PROT Antivirus for Windows *Enabled/Updated* {31B7FFC6-2716-5A4E-528D-32786E690ED2}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe
C:\Program Files (x86)\Contour Shuttle\ShuttleEngine.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\StrongVPN\StrongService.exe
C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system\HsMgr64.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\SysWOW64\StrongDial.exe
C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\TechSmith\SnagIt 9\SnagIt32.exe
C:\Users\chip\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Users\chip\AppData\Local\Autobahn\nexdef.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\SysWOW64\OBroker.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files (x86)\TechSmith\SnagIt 9\snagiteditor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uProxyOverride = ;192.168.*.*;<local>
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll
BHO: Virtual Account Numbers Helper: {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Virtual Account Numbers: {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll
uRun: [AdobeBridge] <no file>
mRun: [Virtual Account Numbers] C:\PROGRA~2\VIRTUA~1\CitiVAN.exe /lang=en_RG /dontopenmycards
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe "
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
mRun: [RUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe "
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe "
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [F-PROT Antivirus Tray application] C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
mRun: [Contour Shuttle Device Helper] C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe "
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe "
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe "
StartupFolder: C:\Users\chip\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\chip\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\chip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozenda.lnk.disabled
StartupFolder: C:\Users\chip\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NEXDEF~1.LNK - C:\Users\chip\AppData\Local\Autobahn\nexdef.exe
StartupFolder: C:\Users\chip\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagIt32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoWelcomeScreen = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001051-0002-0051-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: Interfaces\{BBC69382-9665-4723-B32B-C162BF7489FF} : NameServer = 192.168.1.33,209.18.47.61
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe "
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe "
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe "
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\chip\AppData\Roaming\Mozilla\Firefox\Profiles\47ny3ey0.default-1399158311152\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/|http://www.drudgereport.com/|http:/...GN,AMP,AXP,CSCO,HPQ,ORCL,QCOM,SLV,GLD/view/v1
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\chip\AppData\Local\Citrix\Plugins\94\npappdetector.dll
FF - plugin: C:\Users\chip\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: C:\Users\chip\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\chip\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
.
============= SERVICES / DRIVERS ===============
.
R?2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-4-18 1593632]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2014-11-20 132704]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-7-14 16152]
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2012-5-29 25904]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2012-7-18 1263200]
R1 FPAV_RTP;FPAV_RTP;C:\Windows\System32\drivers\FPAV_RTP.sys [2012-7-17 842144]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-7-21 3246040]
R2 FPAVServer;F-PROT Antivirus for Windows system;C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [2011-10-6 84136]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-14 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2014-1-3 14624]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-7-14 161560]
R2 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-5-23 93400]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-23 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-23 969016]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-11-15 137528]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2013-6-27 71280]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-4-18 16941856]
R2 OS Selector;Acronis OS Selector activator;C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2011-11-15 2139400]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-7-27 65657]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2012-7-21 390632]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2014-5-23 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-11-18 409800]
R2 StrongVPN Service;StrongVPN Service;C:\Program Files (x86)\StrongVPN\StrongService.exe [2013-6-17 96240]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-7-14 363800]
R2 UsbClientService;UsbClientService;C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [2011-2-17 245760]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2012-7-21 285280]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 busenum;Synology Virtual USB Hub;C:\Windows\System32\drivers\busenum.sys [2011-2-17 56160]
R3 cmudaxp;ASUS Xonar DG Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2013-3-9 2725376]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-7-14 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-7-14 787736]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-7-18 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-23 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-23 63704]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-9-13 95744]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-9-13 212992]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-4-18 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-14 677480]
R3 tapstrong;StrongVPN Adapter;C:\Windows\System32\drivers\tapstrong.sys [2013-6-17 35520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BioNTDrv;BioNTDrv;C:\Program Files\Paragon Software\Migrate OS to SSD 4.0\program\biontdrv.sys [2013-11-21 19720]
S3 DIRECTIO;DIRECTIO;C:\Program Files\PerformanceTest\DirectIo64.sys [2012-10-17 25704]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-30 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-21 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-10-30 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-15 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\editplus.exe=EDITPLUS.EXE [UserChoice]
ShellExec: editplus.exe: open=EDITPLUS.EXE
ShellExec: editplus.exe: print=EDITPLUS.EXE
.
=============== Created Last 30 ================
.
2015-02-13 08:34:25 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2015-02-13 08:34:25 2864640 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-02-13 08:10:52 -------- d-----w- C:\ProgramData\PokerGenius
2015-02-13 03:06:49 -------- d-sh--w- C:\Users\chip\AppData\Local\ms-drivers
2015-02-13 03:06:46 -------- d-sh--w- C:\Users\chip\AppData\Local\icsxml
2015-02-13 03:06:44 -------- d-----w- C:\Users\chip\AppData\Roaming\PokerGenius
2015-02-13 03:06:36 -------- d-----w- C:\Program Files (x86)\PokerGenius
2015-02-12 22:30:34 79872 ----a-w- C:\Windows\SysWow64\gpapi.dll
2015-02-12 22:30:34 782848 ----a-w- C:\Windows\System32\gpsvc.dll
2015-02-12 22:30:34 310272 ----a-w- C:\Windows\System32\drivers\rdbss.sys
2015-02-12 22:30:34 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-02-12 22:30:34 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-02-12 22:30:34 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-02-12 22:30:34 12800 ----a-w- C:\Windows\System32\drivers\en-US\mup.sys.mui
2015-02-12 22:30:34 105984 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2015-02-12 22:30:34 104896 ----a-w- C:\Windows\System32\drivers\mup.sys
2015-02-12 22:29:25 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2015-02-12 22:29:25 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-02-12 22:26:00 406528 ----a-w- C:\Windows\System32\scesrv.dll
2015-02-12 22:26:00 308224 ----a-w- C:\Windows\SysWow64\scesrv.dll
2015-02-12 22:25:25 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-02-12 22:25:25 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-02-12 22:25:25 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-02-12 22:25:25 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-02-12 22:25:24 5554112 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-02-12 22:25:24 3972544 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-02-12 22:25:24 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-02-12 22:24:31 3201536 ----a-w- C:\Windows\System32\win32k.sys
2015-01-26 18:04:18 94320 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2015-01-23 19:08:34 -------- dc----w- C:\Users\chip\AppData\Local\MigWiz
2015-01-16 07:30:49 -------- d-----w- C:\Users\chip\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2015-01-16 07:30:49 -------- d-----w- C:\Users\chip\AppData\Roaming\Adobe Mini Bridge CS5.1
.
==================== Find3M ====================
.
2015-02-15 01:14:52 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-02-06 04:57:11 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-06 04:57:11 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-01-15 08:14:17 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-01-15 08:14:16 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-01-15 08:09:58 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-01-15 08:09:58 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-01-15 08:09:57 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-01-15 08:09:51 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-01-15 08:09:15 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-01-15 08:08:59 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-01-15 08:06:22 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-01-15 08:06:11 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-01-15 08:04:23 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-01-15 07:42:59 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-01-15 07:42:05 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-01-15 07:41:53 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-01-15 07:39:53 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-01-15 07:39:36 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-01-15 07:37:55 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-01-15 04:22:18 458824 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-01-13 06:59:28 2237952 ----a-w- C:\Windows\System32\wininet.dll
2015-01-13 06:59:17 600576 ----a-w- C:\Windows\System32\vbscript.dll
2015-01-13 06:57:44 67072 ----a-w- C:\Windows\System32\iesetup.dll
2015-01-13 06:57:44 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2015-01-13 06:57:03 1509376 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-01-13 05:01:46 1762816 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-01-13 05:01:39 523264 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-01-13 05:00:32 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-01-13 05:00:32 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2015-01-13 05:00:00 1441280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-01-13 04:42:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2015-01-13 04:17:12 441856 ----a-w- C:\Windows\System32\html.iec
2015-01-13 04:10:25 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-01-13 03:52:08 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2015-01-13 03:43:05 361984 ----a-w- C:\Windows\SysWow64\html.iec
2015-01-13 03:19:43 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-12-19 03:06:55 210432 ----a-w- C:\Windows\System32\profsvc.dll
2014-12-19 01:46:45 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2014-12-11 17:47:17 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2014-12-06 04:17:27 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2014-12-06 03:50:19 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2014-12-06 03:50:18 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2014-11-21 14:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 14:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 14:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-20 17:29:09 310368 ----a-w- C:\Windows\System32\drivers\snapman.sys
2014-11-20 17:29:09 132704 ----a-w- C:\Windows\System32\drivers\fltsrv.sys
2014-11-19 12:31:16 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL
.
============= FINISH: 20:57:48.03 ===============

Mr. Chip · 2015/02/15

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/14/2012 10:45:35 PM
System Uptime: 2/14/2015 8:52:34 AM (12 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | P8Z77-V LK
Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz | LGA1155 | 3501/100mhz
.
==== Disk Partitions =========================
.
B: is CDROM ()
C: is FIXED (NTFS) - 238 GiB total, 66.254 GiB free.
D: is FIXED (NTFS) - 1397 GiB total, 323.004 GiB free.
E: is FIXED (NTFS) - 1397 GiB total, 163.029 GiB free.
F: is FIXED (NTFS) - 233 GiB total, 27.495 GiB free.
G: is NetworkDisk (NTFS) - 35 GiB total, 15.703 GiB free.
I: is FIXED (NTFS) - 932 GiB total, 292.082 GiB free.
K: is Removable
M: is NetworkDisk (NTFS) - 518 GiB total, 16.685 GiB free.
O: is NetworkDisk (NTFS) - 70 GiB total, 17.114 GiB free.
P: is NetworkDisk (NTFS) - 3659 GiB total, 796.348 GiB free.
S: is NetworkDisk (NTFS) - 3659 GiB total, 796.348 GiB free.
T: is Removable
U: is Removable
V: is NetworkDisk (NTFS) - 3659 GiB total, 796.348 GiB free.
W: is Removable
X: is NetworkDisk (NTFS) - 3659 GiB total, 796.348 GiB free.
Y: is Removable
Z: is FIXED (NTFS) - 0 GiB total, 0.07 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP259: 1/14/2015 8:36:30 AM - Windows Update
RP260: 1/21/2015 4:03:47 PM - Scheduled Checkpoint
RP261: 1/28/2015 6:12:12 PM - Scheduled Checkpoint
RP262: 2/5/2015 8:31:42 PM - Scheduled Checkpoint
RP263: 2/10/2015 10:58:36 AM - Windows Update
RP264: 2/12/2015 2:23:22 PM - Windows Update
RP265: 2/13/2015 12:34:13 AM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Acronis*Disk*Director*11*Home
Acronis*True*Image*Home 2011
Adobe Acrobat X Pro - English, FranÃ§ais, Deutsch
Adobe AIR
Adobe Community Help
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Photoshop CS5.1
Adobe Photoshop Lightroom 3.6 64-bit
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
Agent Ransack 2010 (64-bit)
Amazon Kindle
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Art Effects for PDR10
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS Xonar DG Audio Driver
Belarc Advisor 8.4
Blender
Bonjour
CamStudio OSS Desktop Recorder
CanoScan Toolbox Ver4.9
CCleaner
Contour Shuttle
ConvertHelper 2.2
CopyRite XP For Windows
CyberLink PowerDirector 10
CyberLink PowerDirector 10 Content Pack I
CyberLink PowerDirector 10 Content Pack II
CyberLink WaveEditor
D3DX10
Data Lifeguard Diagnostic for Windows 1.27
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
Duplicate Cleaner Pro 3.2.5
DVD Architect Studio 5.0
EditPlus 3
EditPlus 3 (64 bit)
EVGA Precision 2.0.4
F-PROT Antivirus for Windows x64
ffdshow v1.2.4486 [2012-08-25]
File Identifier version 1.0.3
File Viewer version 1.0.1
FileZilla Client 3.7.4.1
Foxtab
GeForce Experience NvStream Client Components
Google Chrome
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
GoToMeeting 5.4.0.1082
HandBrake 0.9.9.1
HP BladeSystem Power Sizing Tool
HP Power Advisor
HP Sizing Tool Update Components
HP Virtual Room Client Launcher Plugin
iCloud
IcyScreen 4.14
ImagesPlus575a x64
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iTunes
iWisoft Free Video Converter 1.2
iZotope Audio Enhancer
Java 7 Update 51
Java 7 Update 67 (64-bit)
Java 8 Update 20 (64-bit)
Java Auto Updater
Java SE Development Kit 7 Update 13 (64-bit)
Java SE Development Kit 7 Update 67 (64-bit)
MakeMKV v1.9.1
Malwarebytes Anti-Malware version 2.0.4.1028
MediaInfo 0.7.69
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Mathematics Add-in (32-bit)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2007
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
MKVToolNix 6.9.1 (64bit)
Motorola Device Manager
Motorola Device Software Update
Motorola Mobile Drivers Installation 6.3.0
Movie Maker
Movie Studio Platinum 12.0 (64-bit)
Mozenda
Mozilla Firefox 35.0.1 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.61a
MSVCRT
MSVCRT Redists
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Network Recording Player
NVIDIA 3D Vision Controller Driver 344.75
NVIDIA 3D Vision Driver 344.75
NVIDIA Control Panel 344.75
NVIDIA GeForce Experience 1.8.2.1
NVIDIA Graphics Driver 344.75
NVIDIA HD Audio Driver 1.3.32.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.14.0702
NVIDIA ShadowPlay 11.10.13
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 11.10.13
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.20
OpenAL
Paragon Migrate OS to SSDâ„¢ 4.0
PDF Settings CS5
Perfect Photo Suite 7.5
PerformanceTest v8.0
Photo Common
Photo Gallery
Photo Mechanic 4.6
Photo Mechanic 4.6.9
Photodex Presenter
Photomatix Pro version 5.0.4
PokerGenius
PowerDirector
ProShow Gold
QuickBooks
QuickBooks Pro 2010
QuickTime 7
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Samsung Data Migration
Samsung Magician
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Excel 2010 (KB2956081) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596927) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2920748) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2956097) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2956098) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2920788) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2956099) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2956066) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SHIELD Streaming
ShredXP
SmartSound Quicktracks 5
SnagIt 9
Sound Forge Audio Studio 10.0
SPSS 14.0 for Windows
Spybot - Search & Destroy
StrongVPN Client version 1.2
Synology Assistant (remove only)
TechSmith Screen Capture Codec
TreeSize Personal V6.1.1
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wmiiper
TurboTax 2012 wrapper
TurboTax 2012 wvaiper
TurboTax 2013
TurboTax 2013 WinPerFedFormset
TurboTax 2013 WinPerReleaseEngine
TurboTax 2013 WinPerTaxSupport
TurboTax 2013 wmiiper
TurboTax 2013 wrapper
TurboTax 2013 wvaiper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft Office 2010 (KB2956054) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2956096) 32-Bit Edition
Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2956128) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2956129) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
Virtual Account Numbers
VLC media player
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 16.5
.
==== Event Viewer Messages From Past Week ========
.
2/14/2015 10:36:47 AM, Error: Microsoft-Windows-GroupPolicy [1054] - The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
2/11/2015 2:59:35 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
2/11/2015 2:58:54 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242007: Update for Microsoft Visual Studio 2010 Tools for Office Runtime (KB3001652).
.
==== End Of File ===========================

broni · 2015/02/15

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs

Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) to your desktop.

Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.

Double click on downloaded file. OK self extracting prompt.

MBAR will start. Click "Next" to continue.

Click in the following screen "Update" to obtain the latest malware definitions.

Once the update is complete select "Next" and click "Scan ".

When the scan is finished and no malware has been found select "Exit ".

If malware was detected, make sure to check all the items and click "Cleanup ". Reboot your computer.

Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:

"mbar-log-{date} (xx-xx-xx).txt "

"system-log.txt "

NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

Mr. Chip · 2015/02/15

RogueKiller

Hi Broni - Thanks for helping with this! Here is the RogueKiller Log:

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : chip [Administrator]
Mode : Delete -- Date : 02/15/2015 11:29:53

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] nexdef.exe(6096) -- C:\Users\chip\AppData\Local\Autobahn\nexdef.exe[-] -> Killed [TermProc]

¤¤¤ Registry : 17 ¤¤¤
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3430250972-207886777-1795493786-1141\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3430250972-207886777-1795493786-1141\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BBC69382-9665-4723-B32B-C162BF7489FF} | NameServer : 192.168.1.33,209.18.47.61 [UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BBC69382-9665-4723-B32B-C162BF7489FF} | NameServer : 192.168.1.33,209.18.47.61 [UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{BBC69382-9665-4723-B32B-C162BF7489FF} | NameServer : 192.168.1.33,209.18.47.61 [UNITED STATES (US)] -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3430250972-207886777-1795493786-1141\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3430250972-207886777-1795493786-1141\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3430250972-207886777-1795493786-1141\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3430250972-207886777-1795493786-1141\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Suspicious.Path][File] NexDef Plug-in.lnk -- C:\Users\chip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk [LNK@] C:\Users\chip\AppData\Local\Autobahn\nexdef.exe -> Deleted

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD1001FALS-00Y6A0 +++++
--- User ---
[MBR] ec375fad8c3035660257deeb00a4d743
[BSP] b84ae03ec1a4a3ae9831e210a6691370 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Crucial_CT256MX100SSD1 +++++
--- User ---
[MBR] dcbefcfe019776e03801555bb7de5165
[BSP] 419e2b69b6330295aec1d4a810828a11 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 244197 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD1502FAEX-007BA0 +++++
--- User ---
[MBR] 67fde7e00c5b72361366d2e55b0eab23
[BSP] bc7b1ceebf1b80c552072c971dcbcdf8 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1430696 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: WDC WD1502FAEX-007BA0 +++++
--- User ---
[MBR] 08c515f800f74d8d0ce76062361474e2
[BSP] bf45850c08f673e459dd74df5f199dbb : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1430797 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive4: Samsung SSD 840 EVO 250G +++++
--- User ---
[MBR] 9056d3b066e8e872be8e8b5793d755f2
[BSP] 60253e5b88bc17543c4d1917025c6c74 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238473 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive5: AFT CF PRO57U SS USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive6: AFT XD PRO57U SS USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive7: AFT SD PRO57U SS USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive8: AFT MS PRO57U SS USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive9: AFT MSD PRO57U SS USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_SCN_02152015_111617.log

Mr. Chip · 2015/02/15

Malwarebytes Anti-Rootkit BETA 1.08.3.1004

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
main: v2015.02.15.05
rootkit: v2015.02.03.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.17229
chip :: CHIPPC3 [administrator]

2/15/2015 11:37:33 AM
mbar-log-2015-02-15 (11-37-33).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 466864
Time elapsed: 7 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Mr. Chip · 2015/02/15

MBAR System-Log

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.17229

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, I:\ DRIVE_FIXED, Z:\ DRIVE_FIXED
CPU speed: 3.510000 GHz
Memory total: 17123954688, free: 12791537664

Downloaded database version: v2015.02.15.05
Downloaded database version: v2015.02.03.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
------------ Kernel report ------------
02/15/2015 11:37:26
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\mv91cons.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tdrpm273.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\FPAV_RTP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\cmudaxp.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\asmtxhci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\tapstrong.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\busenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\asmthub3.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\afcdp.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!

Scan started
Database versions:
main: v2015.02.15.05
rootkit: v2015.02.03.01

<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800f3af060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d06ce30, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa800d06bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d069870, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa800f3af060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800ce1cc40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800ce1f050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800f383790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d064980, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa800d064b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800f383490, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa800f383790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800ce1ce40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800ce1b050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 14FCB05B

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 1953520002

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Drive 1
This is a System drive
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: CE355ED2

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 500115456
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 256060514304 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa800f3b6060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d073980, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa800d073b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800f3b6e30, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa800f3b6060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800ce18480, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800ce23050, DeviceName: \Device\Ide\IAAStorageDevice-3\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1BDF6405

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 2930065408

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1500301910016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xfffffa800f3b7060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d078980, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa800d078b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800f3b7c20, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa800f3b7060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800ce1c7e0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800ce27050, DeviceName: \Device\Ide\IAAStorageDevice-4\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5D0730C9

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 2930272256

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1500301910016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 4, DevicePointer: 0xfffffa800f3b8060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d07fd30, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa800d07eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800f3b8e30, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa800f3b8060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800ce1c5e0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800ce2b050, DeviceName: \Device\Ide\IAAStorageDevice-5\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 4
Scanning MBR on drive 4...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C39C79DD

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 488392704

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa800fc3c790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80122e2620, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa80122e0380, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80117f8900, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa800fc3c790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80122dd350, DeviceName: \Device\0000009a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa80116c5790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80122fb420, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa80122e7380, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80122e4410, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa80116c5790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80122cb350, DeviceName: \Device\0000009b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 7, DevicePointer: 0xfffffa8012226790, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8012303620, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa8012302380, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80122fe620, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa8012226790, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80122df350, DeviceName: \Device\0000009c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 8, DevicePointer: 0xfffffa801165f790, DeviceName: \Device\Harddisk8\DR8\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8012307310, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa8012309380, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa801165f560, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa801165f790, DeviceName: \Device\Harddisk8\DR8\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80122cd350, DeviceName: \Device\0000009d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 9, DevicePointer: 0xfffffa8012b0f060, DeviceName: \Device\Harddisk9\DR9\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011667c70, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa8012320380, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80116cbc10, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa8012b0f060, DeviceName: \Device\Harddisk9\DR9\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80122cc350, DeviceName: \Device\0000009e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-4-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-4-r.mbam...
Removal finished

broni · 2015/02/15

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.

If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Mr. Chip · 2015/02/15

ComboFix.txt

ComboFix 15-02-16.01 - chip 02/15/2015 18:20:45.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16331.13191 [GMT -8:00]
Running from: c:\users\chip\Desktop\ComboFix.exe
AV: F-PROT Antivirus for Windows *Disabled/Updated* {31B7FFC6-2716-5A4E-528D-32786E690ED2}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((( Files Created from 2015-01-16 to 2015-02-16 )))))))))))))))))))))))))))))))
.
.
2015-02-15 19:08 . 2015-02-15 19:08 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-02-15 19:08 . 2015-02-15 19:08 -------- d-----w- c:\programdata\RogueKiller
2015-02-13 08:34 . 2015-01-23 05:50 3959296 ----a-w- c:\windows\system32\jscript9.dll
2015-02-13 08:34 . 2015-01-23 04:27 2864640 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-13 08:10 . 2015-02-13 08:10 -------- d-----w- c:\programdata\PokerGenius
2015-02-13 03:06 . 2015-02-13 03:06 -------- d-sh--w- c:\users\chip\AppData\Local\ms-drivers
2015-02-13 03:06 . 2015-02-13 03:06 -------- d-sh--w- c:\users\chip\AppData\Local\icsxml
2015-02-13 03:06 . 2015-02-13 03:06 -------- d-----w- c:\users\chip\AppData\Roaming\PokerGenius
2015-02-13 03:06 . 2015-02-13 03:06 -------- d-----w- c:\program files (x86)\PokerGenius
2015-02-12 22:30 . 2015-01-07 03:15 104896 ----a-w- c:\windows\system32\drivers\mup.sys
2015-02-12 22:30 . 2015-01-07 03:10 782848 ----a-w- c:\windows\system32\gpsvc.dll
2015-02-12 22:30 . 2015-01-07 03:04 12800 ----a-w- c:\windows\system32\drivers\en-US\mup.sys.mui
2015-02-12 22:30 . 2015-01-07 02:44 79872 ----a-w- c:\windows\SysWow64\gpapi.dll
2015-02-12 22:30 . 2015-01-07 01:49 310272 ----a-w- c:\windows\system32\drivers\rdbss.sys
2015-02-12 22:30 . 2015-01-07 01:49 159232 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2015-02-12 22:30 . 2015-01-07 01:48 290816 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-02-12 22:30 . 2015-01-07 01:48 129024 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-02-12 22:30 . 2015-01-07 01:48 105984 ----a-w- c:\windows\system32\drivers\dfsc.sys
2015-02-12 22:29 . 2015-01-13 03:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-12 22:29 . 2015-01-13 02:49 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-02-12 22:26 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-02-12 22:26 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-12 22:25 . 2015-01-14 06:05 503808 ----a-w- c:\windows\system32\srcore.dll
2015-02-12 22:25 . 2015-01-14 06:05 50176 ----a-w- c:\windows\system32\srclient.dll
2015-02-12 22:25 . 2015-01-14 06:04 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-02-12 22:25 . 2015-01-14 05:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-02-12 22:25 . 2015-01-14 06:09 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-12 22:25 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-02-12 22:25 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-02-12 22:24 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-01-23 19:08 . 2015-01-23 19:46 -------- dc----w- c:\users\chip\AppData\Local\MigWiz
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-16 02:24 . 2014-11-19 08:06 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E935DE76-E8EB-473F-B69F-17219FEEB33B}\offreg.dll
2015-02-16 02:15 . 2014-06-23 17:54 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-06 04:57 . 2012-07-21 18:41 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-06 04:57 . 2012-07-21 18:41 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-19 03:06 . 2015-01-14 16:37 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 16:37 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-14 16:37 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-06 04:17 . 2015-01-14 16:37 303616 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-14 16:37 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-14 16:37 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2014-11-21 14:14 . 2014-06-23 17:54 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 14:14 . 2014-05-24 04:58 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 14:14 . 2012-07-18 08:38 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-20 17:29 . 2014-11-20 17:29 132704 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2014-11-20 17:29 . 2012-07-18 16:43 310368 ----a-w- c:\windows\system32\drivers\snapman.sys
2014-11-19 12:31 . 2014-11-19 12:31 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\chip\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\chip\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\chip\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StrongVPN Client "= "c:\windows\SysWOW64\StrongDial.exe" [2013-12-26 1581552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Virtual Account Numbers "= "c:\progra~2\VIRTUA~1\CitiVAN.exe" [2013-10-09 435712]
"USB3MON "= "c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
"SwitchBoard "= "c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SAOB Monitor "= "c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-09-22 2536760]
"RUSB3MON "= "c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 115048]
"QuickTime Task "= "c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"NUSB3MON "= "c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"iTunesHelper "= "c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"IAStorIcon "= "c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"F-PROT Antivirus Tray application "= "c:\program files (x86)\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe" [2010-11-03 1674016]
"Contour Shuttle Device Helper "= "c:\program files (x86)\Contour Shuttle\ShuttleHelper.exe" [2011-02-14 118784]
"APSDaemon "= "c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"Adobe Acrobat Speed Launcher "= "c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2014-12-03 41360]
"Acrobat Assistant 8.0 "= "c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2014-12-03 840592]
.
c:\users\Chip2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\users\chip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\chip\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-2-10 42555824]
Mozenda.lnk.disabled [2014-5-9 2124]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2013-2-1 1155912]
SnagIt 9.lnk - c:\program files (x86)\TechSmith\SnagIt 9\SnagIt32.exe [2008-9-16 6825288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
"EnableLinkedConnections "= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen "= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs "=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=" "
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Intuit SyncManager "=c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
"iTunesHelper "= "c:\program files (x86)\iTunes\iTunesHelper.exe "
"QuickTime Task "= "c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"TrueImageMonitor.exe "= "c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe "
.
2;2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R3 BioNTDrv;BioNTDrv;c:\program files\Paragon Software\Migrate OS to SSD 4.0\program\BioNTDrv.SYS;c:\program files\Paragon Software\Migrate OS to SSD 4.0\program\BioNTDrv.SYS [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FPAVServer;F-PROT Antivirus for Windows system;c:\program files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe;c:\program files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys;c:\windows\SYSNATIVE\Drivers\motoandroid.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys;c:\windows\SYSNATIVE\DRIVERS\tdrpm273.sys [x]
S1 FPAV_RTP;FPAV_RTP;c:\windows\system32\DRIVERS\FPAV_RTP.sys;c:\windows\SYSNATIVE\DRIVERS\FPAV_RTP.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 OS Selector;Acronis OS Selector activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 StrongVPN Service;StrongVPN Service;c:\program files (x86)\StrongVPN\StrongService.exe;c:\program files (x86)\StrongVPN\StrongService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys;c:\windows\SYSNATIVE\DRIVERS\busenum.sys [x]
S3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tapstrong;StrongVPN Adapter;c:\windows\system32\DRIVERS\tapstrong.sys;c:\windows\SYSNATIVE\DRIVERS\tapstrong.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-07 00:04 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-21 04:57]
.
2015-02-15 c:\windows\Tasks\F-PROT Antivirus - Chips Desktop.job
- c:\program files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPWin.exe [2010-11-03 23:40]
.
2015-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16 07:54]
.
2015-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16 07:54]
.
2015-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3430250972-207886777-1795493786-1141Core.job
- c:\users\chip\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-09 00:47]
.
2015-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3430250972-207886777-1795493786-1141UA.job
- c:\users\chip\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-09 00:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\chip\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\chip\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\chip\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@= "{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\chip\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay "= "c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576]
"RTHDVCPL "= "c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-12 7560296]
"NvBackend "= "c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
"Logitech Download Assistant "= "c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"Cmaudio8788GX64 "= "c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"Cmaudio8788GX "= "c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788 "= "c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"AdobeAAMUpdater-1.0 "= "c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"Acronis Scheduler2 Service "= "c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-02 390720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = ;192.168.*.*;<local>
TCP: Interfaces\{BBC69382-9665-4723-B32B-C162BF7489FF}: NameServer = 192.168.1.33,209.18.47.61
FF - ProfilePath - c:\users\chip\AppData\Roaming\Mozilla\Firefox\Profiles\47ny3ey0.default-1399158311152\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/|http://www.drudgereport.com/|http:/...GN,AMP,AXP,CSCO,HPQ,ORCL,QCOM,SLV,GLD/view/v1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\chip\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-foxtab - c:\program files (x86)\Foxtab\1.8.12.0\uninstall.exe
AddRemove-MKVToolNix - c:\users\chip\Desktop\MKVExtractGUI-1.6.4.1\MKVToolNix\uninst.exe
.
.
"ImagePath "= "\ "c:\program files\CyberLink\Shared files\RichVideo64.exe\ "\00Z
[\]^_â€˜\00\00â€˜\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~â€˜\00\00â€˜\00\00\00\00â€˜\00\00\00\00\00\00\00\00â€˜â€™â€œ "
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker6 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Shockwave Flash Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= "0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= "ShockwaveFlash.ShockwaveFlash.16 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "ShockwaveFlash.ShockwaveFlash "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Macromedia Flash Factory Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= "FlashFactory.FlashFactory.1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "FlashFactory.FlashFactory "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker6 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution "= "{15727DE6-F92D-4E46-ACB4-0E2C58B31A18} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key "= "ActionsPane3 "
"Location "= "c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue "=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-02-15 18:28:38
ComboFix-quarantined-files.txt 2015-02-16 02:28
.
Pre-Run: 72,590,749,696 bytes free
Post-Run: 71,995,072,512 bytes free
.
- - End Of File - - 2F9EAC4AE8DF43BF62BACFC2FFFF8C8A

broni · 2015/02/15

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Scan button.

When the scan has finished click on Clean button.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

Mr. Chip · 2015/02/15

Update

Hi Broni
Thanks again for your help. I need to run out for 2 hours but will run the next steps as soon as I return. Not sure if you will be online later tonight. If not, I will check in tomorrow.
Chip

Mr. Chip · 2015/02/16

AdwCleaner v4.110 - Logfile

# AdwCleaner v4.110 - Logfile created 15/02/2015 at 21:56:30
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : chip - CHIPPC3
# Running from : C:\Users\chip\Desktop\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - ;192.168.*.*;<local>

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.17229

-\\ Mozilla Firefox v35.0.1 (x86 en-US)

-\\ Google Chrome v40.0.2214.111

[C:\Users\chip\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\chip\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1200 bytes] - [15/02/2015 21:53:33]
AdwCleaner[S0].txt - [1133 bytes] - [15/02/2015 21:56:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1192 bytes] ##########

Mr. Chip · 2015/02/16

Junkware Removal Tool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x64
Ran by chip on Sun 02/15/2015 at 22:03:04.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\chip\AppData\Roaming\mozilla\firefox\profiles\47ny3ey0.default-1399158311152\minidumps [151 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/15/2015 at 22:06:00.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mr. Chip · 2015/02/16

FRST.txt part 1

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by chip (administrator) on CHIPPC3 on 15-02-2015 22:08:45
Running from C:\Users\chip\Desktop
Loaded Profiles: chip (Available profiles: Chip2012 & chip)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(FRISK Software International) C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe
(Contour Design, Inc.) C:\Program Files (x86)\Contour Shuttle\ShuttleEngine.exe
(Black Oak Computers, Inc.) C:\Program Files (x86)\StrongVPN\StrongService.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Windows\system\HsMgr64.exe
() C:\Windows\SysWOW64\HsMgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Black Oak Computers, Inc.) C:\Windows\SysWOW64\StrongDial.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\SnagIt 9\SnagIt32.exe
(CMedia) C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe
(Dropbox, Inc.) C:\Users\chip\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Orbiscom Ltd. All rights reserved.) C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Orbiscom Ltd.) C:\Windows\SysWOW64\OBroker.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Contour Design, Inc.) C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\SnagIt 9\TscHelp.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\SnagIt 9\SnagPriv.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItEditor.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-10] ()
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-10] ()
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [390720 2011-02-01] (Acronis)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Virtual Account Numbers] => C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe [435712 2013-10-09] (Orbiscom Ltd. All rights reserved.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SAOB Monitor] => C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2536760 2011-09-22] (Acronis)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [F-PROT Antivirus Tray application] => C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe [1674016 2010-11-03] (FRISK Software International)
HKLM-x32\...\Run: [Contour Shuttle Device Helper] => C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe [118784 2011-02-14] (Contour Design, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-3430250972-207886777-1795493786-1141\...\Run: [StrongVPN Client] => C:\Windows\SysWOW64\StrongDial.exe [1581552 2013-12-26] (Black Oak Computers, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SnagIt 9.lnk
ShortcutTarget: SnagIt 9.lnk -> C:\Program Files (x86)\TechSmith\SnagIt 9\SnagIt32.exe (TechSmith Corporation)
Startup: C:\Users\chip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\chip\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\chip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozenda.lnk.disabled
ShortcutTarget: Mozenda.lnk.disabled -> C:\Users\chip\AppData\Roaming\Mozenda\Programs\Mozenda.ClientConnector.exe (Mozenda, Inc.)
Startup: C:\Users\chip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Chip2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chip\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chip\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chip\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chip\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chip\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chip\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chip\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3430250972-207886777-1795493786-1141\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3430250972-207886777-1795493786-1141\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
BHO-x32: Virtual Account Numbers Helper -> {17424104-1444-4810-85D7-B4DA413C5A9A} -> C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll (Orbiscom Ltd. All rights reserved.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Virtual Account Numbers - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll (Orbiscom Ltd. All rights reserved.)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{BBC69382-9665-4723-B32B-C162BF7489FF}: [NameServer] 192.168.1.33,209.18.47.61

FireFox:
========
FF ProfilePath: C:\Users\chip\AppData\Roaming\Mozilla\Firefox\Profiles\47ny3ey0.default-1399158311152
FF DefaultSearchEngine.US: Google
FF SearchEngineOrder.2: Google
FF SearchEngineOrder.US.1: Google
FF Homepage: https://www.google.com/|hxxp://www....GN,AMP,AXP,CSCO,HPQ,ORCL,QCOM,SLV,GLD/view/v1
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll No File
FF Plugin-x32: @rooms.hp.com -> C:\Program Files (x86)\Hewlett-Packard\HP Virtual Room Client Launcher Plugin\nphpvrl.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3430250972-207886777-1795493786-1141: @citrixonline.com/appdetectorplugin -> C:\Users\chip\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-3430250972-207886777-1795493786-1141: @talk.google.com/GoogleTalkPlugin -> C:\Users\chip\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3430250972-207886777-1795493786-1141: @talk.google.com/O1DPlugin -> C:\Users\chip\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3430250972-207886777-1795493786-1141: @tools.google.com/Google Update;version=3 -> C:\Users\chip\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3430250972-207886777-1795493786-1141: @tools.google.com/Google Update;version=9 -> C:\Users\chip\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\chip\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\chip\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: DownloadHelper - C:\Users\chip\AppData\Roaming\Mozilla\Firefox\Profiles\47ny3ey0.default-1399158311152\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: Domain Hammer SEO Analysis - C:\Users\chip\AppData\Roaming\Mozilla\Firefox\Profiles\47ny3ey0.default-1399158311152\Extensions\contact@domainhammer.com.xpi [2014-06-17]
FF Extension: Exif Viewer - C:\Users\chip\AppData\Roaming\Mozilla\Firefox\Profiles\47ny3ey0.default-1399158311152\Extensions\exif_viewer@mozilla.doslash.org.xpi [2014-06-23]
FF Extension: ImageBlock - C:\Users\chip\AppData\Roaming\Mozilla\Firefox\Profiles\47ny3ey0.default-1399158311152\Extensions\imageblock@hemantvats.com.xpi [2014-08-15]
FF Extension: Youtube Downloader - Media Downloader - C:\Users\chip\AppData\Roaming\Mozilla\Firefox\Profiles\47ny3ey0.default-1399158311152\Extensions\paulsaintuzb@gmail.com.xpi [2014-05-08]
FF Extension: Search Site - C:\Users\chip\AppData\Roaming\Mozilla\Firefox\Profiles\47ny3ey0.default-1399158311152\Extensions\searchsite@DW-dev.xpi [2014-05-07]
FF Extension: SEOProfesional - C:\Users\chip\AppData\Roaming\Mozilla\Firefox\Profiles\47ny3ey0.default-1399158311152\Extensions\seo@profesional.xpi [2014-09-21]
FF Extension: StopTube - C:\Users\chip\AppData\Roaming\Mozilla\Firefox\Profiles\47ny3ey0.default-1399158311152\Extensions\stoptube@kashiif.com.xpi [2014-10-10]
FF Extension: The Addon Bar (restored) - C:\Users\chip\AppData\Roaming\Mozilla\Firefox\Profiles\47ny3ey0.default-1399158311152\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2014-06-17]
FF Extension: TinEye Reverse Image Search - C:\Users\chip\AppData\Roaming\Mozilla\Firefox\Profiles\47ny3ey0.default-1399158311152\Extensions\tineye@ideeinc.com.xpi [2014-05-07]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\chip\AppData\Roaming\Mozilla\Firefox\Profiles\47ny3ey0.default-1399158311152\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-06-27]
FF Extension: Googlebar Lite - C:\Users\chip\AppData\Roaming\Mozilla\Firefox\Profiles\47ny3ey0.default-1399158311152\Extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}.xpi [2014-06-17]
FF Extension: Search by Image for Google - C:\Users\chip\AppData\Roaming\Mozilla\Firefox\Profiles\47ny3ey0.default-1399158311152\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2014-05-07]
FF Extension: Theme Font & Size Changer - C:\Users\chip\AppData\Roaming\Mozilla\Firefox\Profiles\47ny3ey0.default-1399158311152\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi [2014-08-13]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-07-21]
FF HKLM-x32\...\Firefox\Extensions: [citius@orbiscom] - C:\Program Files (x86)\Virtual Account Numbers
FF Extension: Virtual Account Numbers for Firefox - C:\Program Files (x86)\Virtual Account Numbers [2013-04-26]

Mr. Chip · 2015/02/16

FRST.txt Part 2

Chrome:
=======
CHR HomePage: Default ->
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (HP Virtual Room Client Launcher Plugin) - C:\Program Files (x86)\Hewlett-Packard\HP Virtual Room Client Launcher Plugin\nphpvrl.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Photodex Presenter Plugin) - C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.94) - C:\Users\chip\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Profile: C:\Users\chip\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\chip\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-08]
CHR Extension: (Google Drive) - C:\Users\chip\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\chip\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-08]
CHR Extension: (YouTube) - C:\Users\chip\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-08]
CHR Extension: (Google Search) - C:\Users\chip\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-08]
CHR Extension: (Google Wallet) - C:\Users\chip\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-18]
CHR Extension: (Gmail) - C:\Users\chip\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 FPAVServer; C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [84136 2011-10-06] (FRISK Software International)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139400 2011-11-15] ()
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-01] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe [186760 2012-10-12] ()
R2 ShuttleEngine; C:\Program Files (x86)\Contour Shuttle\ShuttleEngine.exe [86016 2011-02-14] (Contour Design, Inc.) [File not signed]
R2 StrongVPN Service; C:\Program Files (x86)\StrongVPN\StrongService.exe [96240 2014-04-29] (Black Oak Computers, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [245760 2011-02-17] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
S3 BioNTDrv; C:\Program Files\Paragon Software\Migrate OS to SSD 4.0\program\BioNTDrv.SYS [19720 2013-11-21] (Paragon Software Group)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-09] (C-Media Inc)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
R1 FPAV_RTP; C:\Windows\System32\DRIVERS\FPAV_RTP.sys [842144 2011-11-11] (FRISK Software International)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 tapstrong; C:\Windows\System32\DRIVERS\tapstrong.sys [35520 2013-10-07] (The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-15] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 22:08 - 2015-02-15 22:09 - 00035250 _____ () C:\Users\chip\Desktop\FRST.txt
2015-02-15 22:08 - 2015-02-15 22:08 - 02085888 _____ (Farbar) C:\Users\chip\Desktop\FRST64.exe
2015-02-15 22:08 - 2015-02-15 22:08 - 00000000 ____D () C:\FRST
2015-02-15 22:06 - 2015-02-15 22:06 - 00000778 _____ () C:\Users\chip\Desktop\JRT.txt
2015-02-15 22:02 - 2015-02-15 22:02 - 01388274 _____ (Thisisu) C:\Users\chip\Desktop\JRT.exe
2015-02-15 21:53 - 2015-02-15 21:56 - 00000000 ____D () C:\AdwCleaner
2015-02-15 21:52 - 2015-02-15 21:52 - 02112512 _____ () C:\Users\chip\Desktop\adwcleaner_4.110.exe
2015-02-15 18:28 - 2015-02-15 18:28 - 00028639 _____ () C:\ComboFix.txt
2015-02-15 18:19 - 2015-02-15 18:28 - 00000000 ____D () C:\Qoobox
2015-02-15 18:19 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-15 18:19 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-15 18:19 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-15 18:19 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-15 18:19 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-15 18:19 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-15 18:19 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-15 18:19 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-15 12:48 - 2015-02-15 18:18 - 05611903 ____R (Swearware) C:\Users\chip\Desktop\ComboFix.exe
2015-02-15 11:36 - 2015-02-15 11:47 - 00000000 ____D () C:\Users\chip\Desktop\mbar
2015-02-15 11:35 - 2015-02-15 11:35 - 16466552 _____ (Malwarebytes Corp.) C:\Users\chip\Desktop\mbar-1.08.3.1004.exe
2015-02-15 11:08 - 2015-02-15 11:08 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-15 11:08 - 2015-02-15 11:08 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-15 11:06 - 2015-02-15 11:07 - 15431256 _____ () C:\Users\chip\Desktop\RogueKiller.exe
2015-02-14 20:59 - 2015-02-14 20:59 - 00016432 _____ () C:\Users\chip\Desktop\Attach (2).txt
2015-02-14 20:58 - 2015-02-14 20:58 - 00029445 _____ () C:\Users\chip\Desktop\DDS (2).txt
2015-02-14 20:57 - 2015-02-14 20:57 - 00029445 _____ () C:\Users\chip\Desktop\dds.txt
2015-02-14 20:57 - 2015-02-14 20:57 - 00016432 _____ () C:\Users\chip\Desktop\attach.txt
2015-02-14 20:52 - 2015-02-14 21:37 - 00105935 _____ () C:\Users\chip\Desktop\Fprot 2015-02-14.txt
2015-02-14 10:34 - 2015-02-14 10:34 - 00688992 ____R (Swearware) C:\Users\chip\Desktop\dds.com
2015-02-14 10:34 - 2015-02-14 10:34 - 00000228 _____ () C:\Users\chip\Desktop\MBAM protection message.txt
2015-02-14 10:33 - 2015-02-14 10:33 - 00004315 _____ () C:\Users\chip\Desktop\MBAM history.txt
2015-02-14 10:23 - 2015-02-15 11:50 - 00000000 ____D () C:\Users\chip\Desktop\rtbfy clean thread
2015-02-13 00:34 - 2015-01-22 21:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 00:34 - 2015-01-22 20:27 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-13 00:10 - 2015-02-13 00:10 - 00000000 ____D () C:\ProgramData\PokerGenius
2015-02-12 22:55 - 2015-02-12 22:55 - 00451373 _____ () C:\Users\chip\Documents\histories.txt
2015-02-12 19:06 - 2015-02-12 19:06 - 00001049 _____ () C:\Users\Chip2012\Desktop\PokerGenius.lnk
2015-02-12 19:06 - 2015-02-12 19:06 - 00001049 _____ () C:\Users\chip\Desktop\PokerGenius.lnk
2015-02-12 19:06 - 2015-02-12 19:06 - 00000038 ___SH () C:\Users\chip\AppData\Local\32cd2b0451e261ee292289.21073168
2015-02-12 19:06 - 2015-02-12 19:06 - 00000000 __SHD () C:\Users\chip\AppData\Local\icsxml
2015-02-12 19:06 - 2015-02-12 19:06 - 00000000 ____D () C:\Users\chip\AppData\Roaming\PokerGenius
2015-02-12 19:06 - 2015-02-12 19:06 - 00000000 ____D () C:\Users\chip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerGenius
2015-02-12 19:06 - 2015-02-12 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerGenius
2015-02-12 19:06 - 2015-02-12 19:06 - 00000000 ____D () C:\Program Files (x86)\PokerGenius
2015-02-12 17:45 - 2015-02-12 17:46 - 91494791 _____ (Virtual Promotions LLC) C:\Users\chip\Desktop\PokerGenius.exe
2015-02-12 14:30 - 2015-01-06 19:15 - 00104896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys
2015-02-12 14:30 - 2015-01-06 19:10 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2015-02-12 14:30 - 2015-01-06 18:44 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2015-02-12 14:30 - 2015-01-06 17:49 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2015-02-12 14:30 - 2015-01-06 17:49 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-02-12 14:30 - 2015-01-06 17:48 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-02-12 14:30 - 2015-01-06 17:48 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-02-12 14:30 - 2015-01-06 17:48 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2015-02-12 14:29 - 2015-01-12 19:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 14:29 - 2015-01-12 18:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-12 14:28 - 2015-01-15 00:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-12 14:28 - 2015-01-15 00:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 14:28 - 2015-01-15 00:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-12 14:28 - 2015-01-15 00:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-12 14:28 - 2015-01-15 00:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-12 14:28 - 2015-01-15 00:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-12 14:28 - 2015-01-15 00:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-12 14:28 - 2015-01-15 00:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-12 14:28 - 2015-01-15 00:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-12 14:28 - 2015-01-15 00:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-12 14:28 - 2015-01-15 00:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-12 14:28 - 2015-01-14 23:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-12 14:28 - 2015-01-14 23:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-12 14:28 - 2015-01-14 23:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-12 14:28 - 2015-01-14 23:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-12 14:28 - 2015-01-14 23:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-12 14:28 - 2015-01-14 23:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-12 14:28 - 2015-01-14 20:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-12 14:26 - 2014-12-07 19:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-12 14:26 - 2014-12-07 18:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-12 14:25 - 2015-01-13 22:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-12 14:25 - 2015-01-13 22:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-12 14:25 - 2015-01-13 22:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-12 14:25 - 2015-01-13 22:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-12 14:25 - 2015-01-13 21:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-12 14:25 - 2015-01-13 21:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-12 14:25 - 2015-01-13 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-12 14:24 - 2015-01-08 18:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 14:23 - 2015-01-12 22:59 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 14:23 - 2015-01-12 22:59 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 14:23 - 2015-01-12 22:59 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 14:23 - 2015-01-12 22:59 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-12 14:23 - 2015-01-12 22:58 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 14:23 - 2015-01-12 22:58 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 14:23 - 2015-01-12 22:58 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-12 14:23 - 2015-01-12 22:58 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 14:23 - 2015-01-12 22:57 - 15403008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 14:23 - 2015-01-12 22:57 - 02655744 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 14:23 - 2015-01-12 22:57 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 14:23 - 2015-01-12 22:57 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-12 14:23 - 2015-01-12 22:57 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 14:23 - 2015-01-12 22:57 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 14:23 - 2015-01-12 22:57 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 14:23 - 2015-01-12 22:57 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-12 14:23 - 2015-01-12 22:57 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-02-12 14:23 - 2015-01-12 22:57 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-12 14:23 - 2015-01-12 22:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 14:23 - 2015-01-12 22:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-12 14:23 - 2015-01-12 21:01 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 14:23 - 2015-01-12 21:01 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 14:23 - 2015-01-12 21:01 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 14:23 - 2015-01-12 21:00 - 14373376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 14:23 - 2015-01-12 21:00 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 14:23 - 2015-01-12 21:00 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 14:23 - 2015-01-12 21:00 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 14:23 - 2015-01-12 21:00 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-12 14:23 - 2015-01-12 21:00 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 14:23 - 2015-01-12 21:00 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 14:23 - 2015-01-12 21:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 14:23 - 2015-01-12 21:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-12 14:23 - 2015-01-12 21:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 14:23 - 2015-01-12 21:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-12 14:23 - 2015-01-12 21:00 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-02-12 14:23 - 2015-01-12 21:00 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 14:23 - 2015-01-12 21:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-12 14:23 - 2015-01-12 21:00 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 14:23 - 2015-01-12 21:00 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-12 14:23 - 2015-01-12 20:42 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 14:23 - 2015-01-12 20:17 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-12 14:23 - 2015-01-12 20:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 14:23 - 2015-01-12 19:52 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-02-12 14:23 - 2015-01-12 19:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-12 14:23 - 2015-01-12 19:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-02-04 17:53 - 2015-02-04 17:53 - 1375731712 _____ () C:\Users\chip\Desktop\Spider-Man_(2002)_t00.mkv
2015-02-04 14:30 - 2015-02-04 14:31 - 00000000 ____D () C:\Users\chip\Desktop\Master Poker Demo
2015-02-04 14:26 - 2015-02-04 14:26 - 00000000 ____D () C:\Users\chip\Desktop\Support
2015-02-04 09:28 - 2015-02-04 09:28 - 00000068 _____ () C:\Users\chip\Desktop\MakeMKV key.txt
2015-02-02 11:47 - 2015-02-02 11:47 - 00378553 _____ () C:\Users\chip\Desktop\WD_SES_Driver_Setup_x64.zip
2015-02-01 19:21 - 2015-02-01 19:21 - 00000997 _____ () C:\Users\chip\Desktop\MakeMKV.lnk
2015-02-01 19:21 - 2015-02-01 19:21 - 00000000 ____D () C:\Users\chip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
2015-02-01 19:18 - 2015-02-01 19:19 - 06449418 _____ (GuinpinSoft inc) C:\Users\chip\Desktop\Setup_MakeMKV_v1.9.1.exe
2015-02-01 12:18 - 2015-02-01 12:18 - 00960632 _____ () C:\Users\chip\Downloads\Utility v2.24 DLL 2.39 for Stand Alone RDX.zip
2015-02-01 12:12 - 2015-02-01 12:12 - 00042002 _____ () C:\Users\chip\Downloads\RDX2E__STD__F-0227.zip
2015-02-01 09:59 - 2015-02-01 10:01 - 00000000 ____D () C:\Users\chip\Desktop\Inateck USB 3 Card
2015-02-01 07:59 - 2015-02-01 07:59 - 00001072 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-30 22:56 - 2015-01-30 22:56 - 00000025 _____ () C:\Users\chip\Desktop\expertlaw.txt
2015-01-30 08:53 - 2015-01-30 08:53 - 00000502 _____ () C:\Users\chip\Desktop\Shopping List.txt
2015-01-28 09:34 - 2015-01-28 08:19 - 00000986 _____ () C:\Users\chip\Desktop\LANspeed Test Results.txt.bak
2015-01-28 08:19 - 2015-01-28 09:34 - 00001683 _____ () C:\Users\chip\Desktop\LANspeed Test Results.txt
2015-01-28 00:26 - 2015-01-28 00:26 - 00089373 _____ () C:\Users\chip\Downloads\c01736670
2015-01-27 23:53 - 2015-01-27 23:53 - 04286444 _____ () C:\Users\chip\Downloads\RDX_Utility_Rev1_55.zip
2015-01-27 23:47 - 2015-01-27 23:51 - 207617784 _____ () C:\Users\chip\Downloads\PowerChute Business 911 Setup.exe
2015-01-27 20:41 - 2015-01-27 20:46 - 00002356 _____ () C:\Users\chip\Desktop\Inateck card I ordered for T110.txt
2015-01-27 20:41 - 2015-01-27 20:41 - 00001118 _____ () C:\Users\chip\Desktop\Inateck card I ordered for T110.txt.bak
2015-01-27 20:27 - 2015-01-27 20:28 - 06649096 _____ (Fresco Logic) C:\Users\chip\Downloads\FLUSB3.0-3.6.4.0.exe
2015-01-26 10:04 - 2015-01-26 10:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 11:32 - 2015-01-25 11:33 - 36979200 _____ () C:\Users\chip\Downloads\fpav-windows-x64-hc-en.msi
2015-01-25 11:03 - 2015-01-25 11:03 - 00001101 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EditPlus 3.lnk
2015-01-25 11:03 - 2015-01-25 11:03 - 00001089 _____ () C:\Users\chip\Desktop\EditPlus 3.lnk
2015-01-25 11:02 - 2015-01-25 11:02 - 02284728 _____ () C:\Users\chip\Downloads\epp370_64bit.exe
2015-01-25 11:02 - 2015-01-25 11:02 - 02284728 _____ () C:\Users\chip\Desktop\epp370_64bit.exe
2015-01-23 11:09 - 2015-01-23 11:09 - 00000753 _____ () C:\Windows\comsetup.log
2015-01-23 11:08 - 2015-01-23 11:46 - 00000000 ___DC () C:\Users\chip\AppData\Local\MigWiz
2015-01-23 11:06 - 2015-01-23 11:06 - 00008187 _____ () C:\Users\chip\Downloads\_cfg.txt
2015-01-22 20:11 - 2015-01-22 20:11 - 00126024 _____ (Totusoft) C:\Users\chip\Desktop\LAN_SpeedTest.exe
2015-01-19 18:50 - 2015-01-19 18:50 - 22130810 _____ () C:\Users\chip\Downloads\Krists_Fire_Set_4.zip
2015-01-17 18:15 - 2015-01-30 08:38 - 00400708 _____ () C:\Users\chip\Documents\Stan and Tamar Floor Plan.pptx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 22:09 - 2012-10-15 23:54 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-15 22:09 - 2012-07-18 00:11 - 00000000 ____D () C:\Users\chip\AppData\Roaming\EditPlus 3
2015-02-15 22:06 - 2009-07-13 20:45 - 00032096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-15 22:06 - 2009-07-13 20:45 - 00032096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-15 22:05 - 2014-10-08 19:32 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3430250972-207886777-1795493786-1141UA.job
2015-02-15 22:02 - 2009-07-13 21:13 - 00786474 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-15 22:00 - 2014-06-23 09:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-15 22:00 - 2013-12-19 20:07 - 00000000 ___RD () C:\Users\chip\Dropbox
2015-02-15 22:00 - 2013-12-19 20:04 - 00000000 ____D () C:\Users\chip\AppData\Roaming\Dropbox
2015-02-15 22:00 - 2013-06-17 19:42 - 00000000 ____D () C:\Users\chip\AppData\Roaming\.strongvpn
2015-02-15 22:00 - 2012-10-15 23:54 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 22:00 - 2012-09-20 10:03 - 00000000 ____D () C:\temp
2015-02-15 21:57 - 2014-11-13 15:03 - 00035366 _____ () C:\Windows\setupact.log
2015-02-15 21:57 - 2012-07-17 23:11 - 00000144 _____ () C:\Windows\system32\config\netlogon.ftl
2015-02-15 21:57 - 2012-07-14 23:55 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-15 21:57 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 21:56 - 2012-07-15 12:43 - 01907680 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 20:57 - 2012-07-21 10:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-15 18:34 - 2014-12-09 11:07 - 00017958 _____ () C:\Windows\PFRO.log
2015-02-15 18:26 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-15 18:23 - 2012-07-21 09:59 - 00000000 ____D () C:\ProgramData\Temp
2015-02-15 12:05 - 2014-05-20 10:55 - 00000346 _____ () C:\Windows\Tasks\F-PROT Antivirus - Chips Desktop.job
2015-02-15 11:47 - 2014-05-23 21:01 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-15 10:01 - 2014-08-25 09:59 - 00000000 ____D () C:\Users\chip\AppData\Local\Adobe
2015-02-14 18:05 - 2014-10-08 19:32 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3430250972-207886777-1795493786-1141Core.job
2015-02-13 13:10 - 2013-12-19 20:04 - 00000000 ____D () C:\Users\chip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 15:02 - 2014-07-16 22:46 - 00000000 ____D () C:\Windows\rescache
2015-02-12 14:37 - 2009-07-13 20:45 - 05129000 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 14:36 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-12 14:30 - 2012-07-17 22:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 14:30 - 2009-07-13 18:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-12 09:47 - 2013-08-16 16:16 - 00000000 ____D () C:\Users\chip\Desktop\Application Short Cuts
2015-02-12 09:46 - 2014-06-03 19:21 - 00000000 ____D () C:\Users\chip\AppData\Local\CrashDumps
2015-02-06 21:04 - 2012-10-15 23:54 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 21:04 - 2012-10-15 23:54 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 18:00 - 2014-10-08 19:32 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3430250972-207886777-1795493786-1141UA
2015-02-06 18:00 - 2014-10-08 19:32 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3430250972-207886777-1795493786-1141Core
2015-02-05 20:57 - 2012-07-21 10:41 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 20:57 - 2012-07-21 10:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 20:57 - 2012-07-21 10:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 19:14 - 2012-09-27 01:45 - 00000000 ____D () C:\Users\chip\AppData\Roaming\vlc
2015-02-04 13:03 - 2014-04-09 00:33 - 00000000 ____D () C:\Users\chip\AppData\Roaming\HandBrake
2015-02-04 12:37 - 2014-12-09 18:11 - 00000000 ____D () C:\rippeddvd
2015-02-02 12:49 - 2012-07-18 00:13 - 00000000 ____D () C:\Users\chip\AppData\Roaming\Mozilla
2015-02-01 19:21 - 2014-04-06 16:40 - 00000000 ____D () C:\Program Files (x86)\MakeMKV
2015-01-28 00:06 - 2012-11-10 09:15 - 00002292 ____H () C:\Users\chip\Documents\Default.rdp
2015-01-27 23:01 - 2013-11-29 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Personal
2015-01-26 20:25 - 2012-07-15 20:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-25 11:03 - 2012-07-18 00:11 - 00000000 ____D () C:\Program Files (x86)\EditPlus 3
2015-01-23 11:09 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Registration
2015-01-23 09:57 - 2014-04-19 13:38 - 00000000 ____D () C:\Users\chip\Desktop\uncropMKV
2015-01-23 09:57 - 2013-01-17 09:20 - 00000000 ____D () C:\Users\chip\Desktop\To Clean Up
2015-01-16 03:01 - 2013-04-05 21:54 - 00000132 _____ () C:\Users\chip\AppData\Roaming\Adobe GIF Format CS5 Prefs

==================== Files in the root of some directories =======

2015-01-15 20:45 - 2015-01-15 20:45 - 0000132 _____ () C:\Users\chip\AppData\Roaming\Adobe BMP Format CS5 Prefs
2013-04-05 21:54 - 2015-01-16 03:01 - 0000132 _____ () C:\Users\chip\AppData\Roaming\Adobe GIF Format CS5 Prefs
2014-08-29 11:10 - 2014-09-24 21:35 - 0000132 _____ () C:\Users\chip\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-08-03 13:48 - 2013-08-03 13:48 - 0038474 _____ () C:\Users\chip\AppData\Roaming\Comma Separated Values (DOS).ADR
2014-08-02 23:08 - 2014-08-02 23:08 - 0038477 _____ () C:\Users\chip\AppData\Roaming\Comma Separated Values (Windows).ADR
2014-03-06 11:41 - 2014-03-30 23:41 - 0000081 _____ () C:\Users\chip\AppData\Roaming\WB.CFG
2015-02-12 19:06 - 2015-02-12 19:06 - 0000038 ___SH () C:\Users\chip\AppData\Local\32cd2b0451e261ee292289.21073168
2013-10-21 13:04 - 2013-10-21 13:04 - 0001456 _____ () C:\Users\chip\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-12-25 22:49 - 2013-12-25 22:49 - 0003584 _____ () C:\Users\chip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-27 23:27 - 2014-11-03 18:48 - 0007602 _____ () C:\Users\chip\AppData\Local\Resmon.ResmonCfg
2013-04-15 22:51 - 2014-09-23 08:28 - 0000935 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some content of TEMP:
====================
C:\Users\chip\AppData\Local\Temp\ApplnchConfig.exe
C:\Users\chip\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp45ixgw.dll
C:\Users\chip\AppData\Local\Temp\Quarantine.exe
C:\Users\chip\AppData\Local\Temp\sqlite3.dll

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\nsprs.dll
C:\Windows\SysWOW64\serauth1.dll
C:\Windows\SysWOW64\serauth2.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-13 15:27

==================== End Of Log ============================

Mr. Chip · 2015/02/16

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by chip at 2015-02-15 22:09:31
Running from C:\Users\chip\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: F-PROT Antivirus for Windows (Enabled - Up to date) {31B7FFC6-2716-5A4E-528D-32786E690ED2}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis*Disk*Director*11*Home (HKLM-x32\...\{8EFB7927-48AD-4E6D-91B7-6B2BD6C3F380}) (Version: 11.0.2343 - Acronis)
Acronis*True*Image*Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6942 - Acronis)
Adobe Acrobat X Pro - English, FranÃ§ais, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.13 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 3.6 64-bit (HKLM\...\{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}) (Version: 3.6.1 - Adobe)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agent Ransack 2010 (64-bit) (HKLM\...\Agent Ransack (64-bit)_is1) (Version: - )
Amazon Kindle (HKU\S-1-5-21-3430250972-207886777-1795493786-1141\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Art Effects for PDR10 (HKLM\...\NewBlue Art Effects for PDR10) (Version: 2.0 - NewBlue)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
ASUS Xonar DG Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version: - )
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Blender (HKLM\...\Blender) (Version: 2.63-release - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Contour Shuttle (HKLM-x32\...\{51ADFD15-6B63-4F8E-8076-F4E31FFEE32A}) (Version: 2.81 - Contour Design, Inc.)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
CopyRite XP For Windows (HKLM-x32\...\ST6UNST #1) (Version: - )
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2231 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2231 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 Content Pack I (HKLM-x32\...\InstallShield_{9AA216FE-501D-4169-A239-709F67B5B060}) (Version: 10.0 - CyberLink Corp.)
CyberLink PowerDirector 10 Content Pack II (HKLM-x32\...\InstallShield_{AABB78C0-A435-486A-84E3-17E6684828C2}) (Version: 10.0 - CyberLink Corp.)
CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.3320 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Lifeguard Diagnostic for Windows 1.27 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
Dropbox (HKU\S-1-5-21-3430250972-207886777-1795493786-1141\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Duplicate Cleaner Pro 3.2.5 (HKLM-x32\...\Duplicate Cleaner Pro) (Version: 3.2.5 - DigitalVolcano Software Ltd)
DVD Architect Studio 5.0 (HKLM-x32\...\{E3D1078F-9660-11E2-9E28-F04DA23A5C58}) (Version: 5.0.178 - Sony)
EditPlus 3 (64 bit) (HKLM\...\EditPlus 3) (Version: - ES-Computing)
EditPlus 3 (HKLM-x32\...\EditPlus 3) (Version: - )
EVGA Precision 2.0.4 (HKLM-x32\...\Precision) (Version: 2.0.4 - EVGA Corporation)
ffdshow v1.2.4486 [2012-08-25] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4486.0 - )
File Identifier version 1.0.3 (HKLM-x32\...\File Identifier_is1) (Version: 1.0.3 - )
File Viewer version 1.0.1 (HKLM-x32\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 1.0.1 - Sharpened Productions)
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Foxtab (HKLM-x32\...\foxtab) (Version: - FoxTab) <==== ATTENTION
F-PROT Antivirus for Windows x64 (HKLM-x32\...\{D0C17D81-D40D-4C23-B8FA-95E817D0B7BE}) (Version: 6.0.9.6 - FRISK Software)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 5.4.0.1082 (HKU\S-1-5-21-3430250972-207886777-1795493786-1141\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
HP BladeSystem Power Sizing Tool (HKLM-x32\...\{89A3838F-A164-462F-85F2-043983F7EEB6}) (Version: 5.6.1 - Hewlett-Packard Company)
HP Power Advisor (HKLM-x32\...\{8A388F26-D2F6-4551-A73F-22D874567C48}) (Version: 3.3.0 - Hewlett-Packard Company)
HP Sizing Tool Update Components (HKLM-x32\...\{57C583C9-4173-4FC9-A764-BDCB62B4DFB0}) (Version: 9.6.0.0 - Hewlett-Packard Company)
HP Virtual Room Client Launcher Plugin (HKLM-x32\...\{E9C450A0-4606-11E0-9207-0800200C9A66}) (Version: 2.0.0.1 - Hewlett-Packard)
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
IcyScreen 4.14 (HKLM-x32\...\IcyScreen) (Version: 4.14 - 16 Software)
ImagesPlus575a x64 (HKLM\...\{4E032E77-E4FC-4A51-A7A8-78DBA77BA1FD}) (Version: 5.7.6 - MLUnsold Digital Imaging)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
iWisoft Free Video Converter 1.2 (HKLM-x32\...\iWisoft Free Video Converter_is1) (Version: 1.2 - www.easy-video-converter.com)
iZotope Audio Enhancer (HKLM-x32\...\iZotope Audio Enhancer_is1) (Version: 1.00 - iZotope, Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java SE Development Kit 7 Update 13 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170130}) (Version: 1.7.0.130 - Oracle)
Java SE Development Kit 7 Update 67 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170670}) (Version: 1.7.0.670 - Oracle)
MakeMKV v1.9.1 (HKLM-x32\...\MakeMKV) (Version: v1.9.1 - GuinpinSoft inc)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaInfo 0.7.69 (HKLM\...\MediaInfo) (Version: 0.7.69 - MediaArea.net)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mathematics Add-in (32-bit) (HKLM-x32\...\{E2C98732-F973-4985-A9C5-DC06178E16EE}) (Version: 2.0.040811.01 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MKVToolNix 6.9.1 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 6.9.1 - Moritz Bunkus)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Studio Platinum 12.0 (64-bit) (HKLM\...\{6BE763B0-958D-11E2-A440-F04DA23A5C58}) (Version: 12.0.896 - Sony)
Mozenda (HKLM-x32\...\{27541645-BAD7-4319-AF9F-785545116E18}) (Version: 2.8.135 - Mozenda, Inc.)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mp3tag v2.61a (HKLM-x32\...\Mp3tag) (Version: v2.61a - Florian Heidenreich)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Network Recording Player (HKLM-x32\...\{1E8D5C8F-7DA3-4B08-9C06-03A0B7FE1FB5}) (Version: 2.29.3220 - Cisco WebEx LLC)
NVIDIA 3D Vision Controller Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Paragon Migrate OS to SSDâ„¢ 4.0 (HKLM\...\{D4378A80-C713-11DF-9399-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Perfect Photo Suite 7.5 (HKLM-x32\...\{6727F16E-6BF0-4E73-AC73-958A382AA09E}) (Version: 7.5 - onOne Software)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1002.0 - Passmark Software)
Photo Mechanic 4.6 (HKLM-x32\...\Photo Mechanic 4.6) (Version: - )
Photo Mechanic 4.6.9 (HKLM-x32\...\Photo Mechanic 4.6.9) (Version: - )
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version: - Photodex Corporation)
Photomatix Pro version 5.0.4 (HKLM\...\PhotomatixPro5x64_is1) (Version: 5.0.4 - HDRsoft Ltd)
PokerGenius (HKU\S-1-5-21-3430250972-207886777-1795493786-1141\...\PokerGenius) (Version: 01.00.05.00 - Virtual Promotions LLC)
PowerDirector (Version: 10.00.0000 - CyberLink Corp.) Hidden
ProShow Gold (HKLM-x32\...\ProShow Gold) (Version: - Photodex Corporation)
QuickBooks (x32 Version: 20.0.4017.807 - Intuit Inc.) Hidden
QuickBooks Pro 2010 (HKLM-x32\...\{0700E22B-A422-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4017.807 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.12.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.12.0 - Renesas Electronics Corporation) Hidden
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.0 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
ShredXP (HKLM-x32\...\{3436BCF8-D043-4101-8669-53C7F8402C16}) (Version: 2.1.1.150 - Gale-Force)
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
SnagIt 9 (HKLM-x32\...\{2FADA80A-5D89-4CC8-9ED7-445527754A83}) (Version: 9.0.1 - TechSmith Corporation)
Sound Forge Audio Studio 10.0 (HKLM-x32\...\{75648F62-925B-11E2-B9EF-F04DA23A5C58}) (Version: 10.0.245 - Sony)
SPSS 14.0 for Windows (HKLM-x32\...\{0AE19D89-17A9-404D-932A-FAAF43F3C77E}) (Version: 14.0.0 - SPSS Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
StrongVPN Client version 1.2 (HKLM-x32\...\{6EB6293C-9286-4981-8672-956E1A92F33B}_is1) (Version: 1.2 - Black Oak Computers)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
TechSmith Screen Capture Codec (x32 Version: 3.0.0 - TechSmith Corporation) Hidden
TreeSize Personal V6.1.1 (HKLM-x32\...\TreeSize Personal_is1) (Version: 6.1.1 - JAM Software)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Account Numbers (HKLM-x32\...\{DE700910-58F7-4D2E-B7E6-3BA2DA1B6806}) (Version: 4.0.0.2248 - Citi)
Virtual Account Numbers (x32 Version: 1.0.1.0 - Citi) Hidden
Virtual Account Numbers (x32 Version: 1.0.6.0 - Citi) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}) (Version: 16.5.10095 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3430250972-207886777-1795493786-1141_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\chip\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3430250972-207886777-1795493786-1141_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\chip\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3430250972-207886777-1795493786-1141_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1082\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3430250972-207886777-1795493786-1141_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\chip\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3430250972-207886777-1795493786-1141_Classes\CLSID\{AB246BE9-1623-4A84-ABDA-CFF4D4A273CB}\InprocServer32 -> C:\Windows\system32\kernel32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3430250972-207886777-1795493786-1141_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\chip\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3430250972-207886777-1795493786-1141_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\chip\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3430250972-207886777-1795493786-1141_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-3430250972-207886777-1795493786-1141_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\chip\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3430250972-207886777-1795493786-1141_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\chip\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3430250972-207886777-1795493786-1141_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\chip\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3430250972-207886777-1795493786-1141_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\chip\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3430250972-207886777-1795493786-1141_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\chip\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3430250972-207886777-1795493786-1141_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\chip\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3430250972-207886777-1795493786-1141_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\chip\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3430250972-207886777-1795493786-1141_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\chip\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3430250972-207886777-1795493786-1141_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\chip\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3430250972-207886777-1795493786-1141_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\chip\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

21-01-2015 16:03:47 Scheduled Checkpoint
28-01-2015 18:12:12 Scheduled Checkpoint
05-02-2015 20:31:42 Scheduled Checkpoint
10-02-2015 10:58:36 Windows Update
12-02-2015 14:23:22 Windows Update
13-02-2015 00:34:13 Windows Update
15-02-2015 11:34:45 WindowsBBS Cleaning
15-02-2015 11:35:34 Windows BBS Broni

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2014-10-14 07:12 - 00449919 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0AB9482E-0AEC-460A-99DF-74413F315E7D} - System32\Tasks\{54F8EA76-E9EA-486A-8E4C-A696DCF702DF} => C:\Program Files (x86)\Gale-Force\ShredXP\ShredXP.exe [2003-05-15] (Gale-Force Software)
Task: {0F0D32DF-277D-4F82-AD53-554823CB8660} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15] (Google Inc.)
Task: {1BA08CD6-6834-4E32-AD70-45508672E818} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15] (Google Inc.)
Task: {3BADA7FD-8FF5-473C-A8CE-D01906D23EA5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {3BBDE1C5-6A1B-4121-B879-5A5101BC0B5B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3430250972-207886777-1795493786-1141Core => C:\Users\chip\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-19] (Google Inc.)
Task: {545C83AF-9EEA-460E-A356-40CE3935559C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3430250972-207886777-1795493786-1141UA => C:\Users\chip\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-19] (Google Inc.)
Task: {6324BBA7-E79E-46C8-8120-92A8DFB02476} - System32\Tasks\{5D748DA3-818E-46F8-A3D6-3F0E70983EE7} => pcalua.exe -a "C:\Program Files (x86)\Contour Shuttle\ContourShuttle.cpl "
Task: {6AADC3FC-3349-4565-8E18-E667D6A21A17} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6E720E31-21F4-4E01-AC6F-8E94624AFD1B} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {710A7019-6D11-4E92-9E5F-14F5945CB4D1} - System32\Tasks\{CAAC87AF-3CE1-407A-9894-E60F49E4E507} => C:\Program Files (x86)\Gale-Force\ShredXP\ShredXP.exe [2003-05-15] (Gale-Force Software)
Task: {7776E38F-9674-4360-B289-89762E566902} - System32\Tasks\{E8050A6C-3711-462B-93A4-3A08254D820F} => C:\Program Files (x86)\Gale-Force\ShredXP\ShredXP.exe [2003-05-15] (Gale-Force Software)
Task: {871564C7-7C58-465E-BC43-3444BB872361} - System32\Tasks\{D147F381-5594-4705-8A7F-91EFEA30D257} => pcalua.exe -a "C:\Users\chip\Downloads\setup (1).exe" -d C:\Users\chip\Desktop
Task: {93EA05BD-CB47-44C2-93C5-FE76BC154551} - System32\Tasks\{71DCCCFB-5A70-418A-8329-02CC8C9310E4} => pcalua.exe -a "C:\Users\chip\Desktop\WP Pro v2.0 Installer.exe" -d C:\Users\chip\Desktop
Task: {9E7D56D7-0E99-4BE7-AC64-ACD52813EC01} - System32\Tasks\{C6777C07-2B59-4810-A78D-92907D25C945} => pcalua.exe -a C:\Users\chip\Downloads\Paragon-283-PEE_WinInstallSN_10.1.21.178_000.exe -d C:\Users\chip\Downloads
Task: {A4125E60-E508-492E-9E2C-B9E4ED9E64C0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {AE979CF8-6E78-44E9-A047-9C7C79D783B4} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {AEE52D78-5C1F-4747-808D-9A48312A2B3A} - System32\Tasks\AdobeAAMUpdater-1.0-TECHWISELAN-chip => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {B3162D54-747F-4081-8ECC-71CE23154B15} - System32\Tasks\F-PROT Antivirus - Chips Desktop => C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPWin.exe [2010-11-03] (FRISK Software International)
Task: {C47E5DA2-C729-49B7-8755-866E4158A802} - System32\Tasks\{34AB1BBD-E646-4A42-9581-F3B8F5B68B4E} => pcalua.exe -a C:\Users\chip\Desktop\471203_intl_x64_zip.exe -d C:\Users\chip\Desktop
Task: {CB52D7EE-17AA-48C6-915F-38739344DAEF} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {DD26F4A7-5538-4A86-B25D-41A6A3877B06} - System32\Tasks\{4ED82D73-E9E2-4337-86AC-51166C0558B4} => C:\Program Files (x86)\Gale-Force\ShredXP\ShredXP.exe [2003-05-15] (Gale-Force Software)
Task: {E0716BEC-FCE5-4FB5-A3E0-440325BEC933} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {E9989C66-D04C-4D41-87EF-07CE26A28627} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {EBF0225A-5E98-44F3-8F26-3D37FAF6AEF6} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {F028BDCF-CDB2-42B4-893F-1DEED5C16B3F} - System32\Tasks\{D4E56B49-7BC4-49A8-A7B4-6DFAEA6A24AB} => pcalua.exe -a C:\Users\chip\Desktop\8400fvst6410231a_64en\SetupSG.exe -d C:\Users\chip\Desktop\8400fvst6410231a_64en
Task: {F1BF9F0D-999E-4F5B-B405-07FEA97059EC} - System32\Tasks\{3E62D2A3-1353-4D4A-87D1-1445D09262F7} => C:\Program Files (x86)\Gale-Force\ShredXP\ShredXP.exe [2003-05-15] (Gale-Force Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\F-PROT Antivirus - Chips Desktop.job => C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPWin.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3430250972-207886777-1795493786-1141Core.job => C:\Users\chip\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3430250972-207886777-1795493786-1141UA.job => C:\Users\chip\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-07-21 10:02 - 2012-04-24 17:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2012-10-12 13:02 - 2012-10-12 13:02 - 00186760 _____ () C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe
2011-02-17 22:18 - 2011-02-17 22:18 - 00245760 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2011-11-15 18:30 - 2011-11-15 18:30 - 02139400 _____ () C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
2012-07-14 23:55 - 2014-11-12 13:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-03-09 18:12 - 2008-07-10 23:03 - 00282112 ____N () C:\Windows\system\HsMgr64.exe
2013-03-09 18:12 - 2008-07-10 23:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2010-01-02 06:42 - 2010-01-02 06:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-31 07:05 - 2013-10-31 07:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2013-03-09 18:11 - 2011-04-18 22:56 - 00143360 ____N () C:\Program Files\ASUS Xonar DG Audio\Customapp\VmixP8.dll
2015-02-10 13:00 - 2015-02-10 13:00 - 00750080 _____ () C:\Users\chip\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-15 22:00 - 2015-02-15 22:00 - 00043008 _____ () c:\users\chip\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp45ixgw.dll
2015-02-10 13:00 - 2015-02-10 13:00 - 00047616 _____ () C:\Users\chip\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 13:00 - 2015-02-10 13:00 - 00865280 _____ () C:\Users\chip\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 13:00 - 2015-02-10 13:00 - 00200704 _____ () C:\Users\chip\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-04-26 13:37 - 2013-10-07 12:31 - 00039424 _____ () C:\Program Files (x86)\Virtual Account Numbers\VANRes.dll
2014-07-24 15:24 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
2014-10-15 14:52 - 2014-10-15 14:52 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll
2012-07-14 23:16 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-07-14 23:18 - 2012-02-07 16:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-01-26 10:04 - 2015-01-26 10:04 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns1
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns2
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns3
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns4
AlternateDataStreams: C:\ProgramData\Temp:6DAA43DB

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer => " "= "Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FPAVServer => " "= "Service "

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3430250972-207886777-1795493786-1141\Control Panel\Desktop\\Wallpaper -> C:\Users\chip\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.33 - 209.18.47.61

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-2421689477-406892551-40040158-500 - Administrator - Disabled)
Chip2012 (S-1-5-21-2421689477-406892551-40040158-1000 - Administrator - Enabled) => C:\Users\Chip2012
Guest (S-1-5-21-2421689477-406892551-40040158-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-05-24 13:15:38.576
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-05-24 13:15:38.528
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 17%
Total physical RAM: 16330.68 MB
Available physical RAM: 13525.51 MB
Total Pagefile: 32659.54 MB
Available Pagefile: 29721.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (C-Boot) (Fixed) (Total:238.47 GB) (Free:67.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (D-Photos (PC)) (Fixed) (Total:1397.26 GB) (Free:321.57 GB) NTFS
Drive e: (E-Videos (PC)) (Fixed) (Total:1397.16 GB) (Free:162.82 GB) NTFS
Drive f: (F-SSD (PC)) (Fixed) (Total:232.88 GB) (Free:27.36 GB) NTFS
Drive g: () (Network) (Total:35.16 GB) (Free:15.7 GB)
Drive i: (I-Backup (PC)) (Fixed) (Total:931.51 GB) (Free:291.91 GB) NTFS
Drive m: () (Network) (Total:517.81 GB) (Free:16.68 GB)
Drive o: () (Network) (Total:70.31 GB) (Free:17.11 GB)
Drive p: () (Network) (Total:3658.68 GB) (Free:762.35 GB)
Drive s: () (Network) (Total:3658.68 GB) (Free:762.35 GB)
Drive v: () (Network) (Total:3658.68 GB) (Free:762.35 GB)
Drive x: () (Network) (Total:3658.68 GB) (Free:762.35 GB)
Drive z: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 14FCB05B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: CE355ED2)
Partition 1: (Active) - (Size=238.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 1BDF6405)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1397.2 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 5D0730C9)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C39C79DD)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Mr. Chip · 2015/02/16

Question About Hosts File

Hi Broni,

While posting the results of the Addition.txt file, I saw the portion of the entries under host content:

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2014-10-14 07:12 - 00449919 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com

Out of curiosity I made a copy of the hosts file and opened it in notepad. I was shocked to find over 13,000 entries! I quickly scanned the entries and none of the URLs look familiar. They all look like SPAM sites - some are from other countries like .it and others are adult oriented.

All of the entries show the IP address of 127.0.0.1.

What is the hosts file exactly? Is this huge file blocking access to all of these strange sites? Or are these entries in the host file something we want to clean up? I will not do anything unless instructed by you to do so.

broni · 2015/02/16

Your "hosts" file is fine.
It's created by Spybot.
Any site following 127.0.0.1 is actually BLOCKED.

==============================

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Log in or Sign up

Solved MalwareBytes Showing Regular Alerts about Blocking Website

Mr. Chip Well-Known Member Thread Starter

Attached Files:

Fprot 2015-02-14.txt

MBAM log.txt

DDS.txt

Attach.txt

PeteC SuperGeek Staff

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

broni Moderator Malware Analyst

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

broni Moderator Malware Analyst

Mr. Chip Well-Known Member Thread Starter

broni Moderator Malware Analyst

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

Share This Page

Log in or Sign up

Solved MalwareBytes Showing Regular Alerts about Blocking Website

Mr. Chip Well-Known Member Thread Starter

Attached Files:

Fprot 2015-02-14.txt

MBAM log.txt

DDS.txt

Attach.txt

PeteC SuperGeek Staff

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

broni Moderator Malware Analyst

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

broni Moderator Malware Analyst

Mr. Chip Well-Known Member Thread Starter

broni Moderator Malware Analyst

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

Share This Page

Useful Searches